Privacy Policy

Last Updated: September 14, 2025

We are committed to protecting your privacy and data

1. Introduction and Commitment to Privacy

Welcome to Zaplane Insights ("Zaplane," "we," "us," or "our"). We are deeply committed to protecting your privacy and maintaining the trust you place in us when you use our marketing intelligence platform and services (the "Services").

This Privacy Policy explains:

  • What information we collect and why
  • How we use, process, and protect your information
  • Your rights and choices regarding your information
  • How we comply with privacy laws (GDPR, CCPA, and US laws)

By using our Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information:

  • Full name and email address
  • Company or business name
  • Job title and role
  • Phone number (optional)
  • Password (encrypted, never stored in plain text)
  • Profile photo (optional)
  • Time zone and language preferences

Billing and Payment Information:

  • Billing name and address
  • Payment method details (processed securely by third-party processors)
  • Tax identification numbers (if required)
  • Purchase and transaction history

Communications and Support:

  • Messages and correspondence with support team
  • Feedback, survey responses, and product reviews
  • Feature requests and bug reports
  • Customer service interactions

2.2 Information from Connected Third-Party Platforms

When you connect your advertising and e-commerce accounts to our Services, we access and collect:

Google Ads Data:

OAuth Scopes and Data Access Disclosure:

  • adwords (read-only): View Google Ads account structure, campaigns, ad groups, keywords, and ads
  • Campaign performance metrics: Impressions, clicks, conversions, spend, CTR, CPC, ROAS
  • Keyword data: Keywords, bids, match types, quality scores
  • Ad creative: Ad copy, headlines, descriptions, images, and videos
  • Audience targeting: Demographics, interests, remarketing lists
  • Conversion tracking: Conversion actions, values, and attribution data

We use Google user data solely to provide our Services. See Section 5 for Google API Services compliance.

Meta Ads (Facebook/Instagram) Data:

  • Campaign, ad set, and ad performance metrics
  • Audience insights and targeting parameters
  • Ad creative assets (images, videos, copy)
  • Pixel data and conversion events
  • Budget and bidding information

E-Commerce Platform Data (Shopify, WooCommerce):

  • Order data (order ID, value, products sold)
  • Customer information (aggregated, anonymized where possible)
  • Revenue and sales metrics
  • Product catalog and inventory data

Other Advertising Platforms:

  • TikTok Ads, Amazon Ads, LinkedIn Ads campaign data
  • Performance metrics similar to above platforms

2.3 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent, navigation patterns
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, error logs, API requests
  • Cookies and Tracking: Session cookies, analytics cookies, preference cookies

3. How We Use Your Information

3.1 To Provide Our Services

  • Analyze and optimize your advertising campaigns
  • Generate AI-powered recommendations and insights
  • Create dashboards, reports, and visualizations
  • Automate campaign management and optimization
  • Sync data from connected platforms

3.2 To Improve Our Services

  • Train and improve our AI models (using aggregated, anonymized data)
  • Develop new features and functionality
  • Conduct research and analytics
  • Test and optimize platform performance

3.3 To Communicate With You

  • Send account notifications and service updates
  • Provide customer support
  • Send marketing communications (with your consent)
  • Request feedback and conduct surveys

3.4 For Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service and policies
  • Comply with legal obligations and law enforcement requests
  • Protect our rights, property, and safety

4. Data Retention

4.1 Active Account Data Retention

While your account is active, we retain your data as necessary to provide our Services:

  • Account information: Retained for duration of your account
  • Campaign performance data: Retained based on your subscription plan:
    • Starter: 90 days of historical data
    • Professional: 12 months of historical data
    • Enterprise: Unlimited historical data
  • AI recommendations and reports: 180 days
  • Support communications: 3 years

4.2 After Account Termination

Data Deletion Schedule:

  • 30-day export period: You can export your data for 30 days after cancellation
  • Active system deletion: Data deleted from active systems within 30 days
  • Backup retention: Data in backups may persist for up to 90 days
  • Aggregated data: Anonymized, aggregated data may be retained indefinitely for analytics
  • Legal retention: Some data retained as required by law or for fraud prevention

5. Third-Party Platform Data Handling and Compliance

Zaplane Insights complies with all third-party platform data policies including Google API Services, Meta Platform Policies, Amazon Advertising API policies, LinkedIn Marketing Developer Platform policies, TikTok for Business API policies, and Shopify API requirements.

5.1 Data Use Commitment for All Connected Platforms

We commit to the following regarding data from all connected third-party platforms:

  • Limited Use: We only use platform data for the specific purposes you have authorized and to provide our Services. We do not use your platform data for serving ads, marketing to you, or any unrelated purposes.
  • No Human Review Without Consent: Platform data is processed by automated systems. Human access only occurs when necessary for security purposes, debugging, customer support, or with your explicit consent.
  • No Transfer to Third Parties: We do not sell, rent, or transfer your platform data to third parties, except:
    • To display data to you in our interface
    • As necessary to provide our Services
    • As required by law or platform policies
  • Secure Handling: We implement appropriate security measures to protect your platform data from unauthorized access, use, or disclosure.
  • Platform Policy Compliance: We adhere to each connected platform's terms of service, API usage policies, and data handling requirements.

5.2 Platform-Specific Compliance

Google API Services (Google Ads, Google Analytics)

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

OAuth Scopes: We request only the minimum necessary permissions to provide our Services, such as viewing and managing your Google Ads campaigns.

Meta Platforms (Facebook, Instagram)

We comply with Meta's Platform Policies and Business Tools Terms. Data from Meta Ads is used solely to provide analytics and optimization services to you.

Other Platforms (Amazon Ads, TikTok, LinkedIn, Shopify)

We adhere to the respective API terms and data policies of each connected platform. All platform data is used exclusively to provide our Services to you.

6. How We Share Your Information

6.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist in operating our Services:

  • Cloud Infrastructure: Amazon Web Services (AWS), Vercel for hosting and storage
  • Database Services: Supabase for data storage and management
  • Payment Processing: Stripe for payment and billing
  • AI Services: OpenAI (GPT-4o), Anthropic (Claude) for AI recommendations
  • Analytics: Google Analytics, PostHog for usage analytics
  • Email Services: SendGrid, Resend for transactional emails
  • Customer Support: Intercom, Zendesk for support communications

All service providers are contractually bound to protect your data and use it only for providing their services to us.

6.2 When Required by Law

We may disclose your information if required by law, court order, subpoena, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6.4 What We Don't Do

We DO NOT:

  • Sell your personal information to third parties
  • Rent or lease your data to advertisers or marketers
  • Share your campaign data with competitors
  • Use your data to compete with your business

7. Data Security

7.1 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication
  • Security Monitoring: 24/7 monitoring for security incidents and anomalies
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Secure Development: Security best practices in code development
  • Employee Training: Regular security and privacy training for all staff
  • Incident Response: Documented incident response procedures

7.2 Your Responsibility

While we implement strong security measures, you also play a critical role in protecting your data:

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Keep your credentials confidential
  • Log out when using shared devices
  • Report suspicious activity immediately

Important: No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You provide data at your own risk.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

  • Access your personal information
  • Request a copy of your data in a portable format (CSV, JSON)
  • Export your campaign data and reports

8.2 Correction and Deletion

You can:

  • Update your account information at any time
  • Request deletion of your personal information
  • Delete your account and all associated data

8.3 Communication Preferences

  • Opt out of marketing emails (unsubscribe link in every email)
  • Manage notification preferences in account settings
  • Note: We will still send transactional emails related to your account

8.4 Third-Party Platform Connections

You can:

  • Disconnect connected platforms at any time
  • Revoke API access through platform settings
  • Control what data is shared via platform permissions

9. GDPR Rights (European Union Users)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Obtain confirmation of whether we process your data and access to that data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restriction: Limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@zaplane.io

10. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out of Sale: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Important: We DO NOT sell your personal information to third parties.

To exercise these rights, contact us at privacy@zaplane.io or call 1-555-123-4567

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our servers or service providers are located. These countries may have different data protection laws than your country.

When we transfer data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses approved by the European Commission
  • Data Processing Agreements with service providers
  • Appropriate technical and organizational security measures

13. Cookies and Tracking Technologies

13.1 Types of Cookies We Use

  • Essential Cookies: Required for the Services to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our Services
  • Preference Cookies: Remember your settings and preferences

13.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to your registered email address
  • Prominent notice on our website
  • Updated "Last Updated" date at the top of this policy

Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

Email: privacy@zaplane.io

Data Protection Officer

Email: dpo@zaplane.io

Mailing Address

Zaplane Insights
Attn: Privacy Department
5337 Melbourne Lane
Flowery Branch, Georgia 30542
United States

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

Related Documents

Terms of ServiceContact Us