Privacy Policy

Who We Are

The SaaS Ads Studio is a web application designed to guide SaaS businesses through creating and managing Google Ads and Facebook Ads campaigns. Our application URL is: https://app.saasadsstudio.com.

The SaaS Ads Studio Limited (Company No. 16972448) is a private limited company registered in England. We are committed to protecting and respecting your privacy while providing you with a powerful tool to manage your advertising campaigns.

Google User Data Access and Usage

Data We Access from Google

When you sign up or log in using Google OAuth authentication, we request access to the following Google user data:

• Your email address
• Your basic profile information (name and profile picture)

How We Use Google User Data

The Google user data we collect is used strictly for the following purposes:

• Authentication: To create and manage your SaaS Ads Studio account, allowing you to securely log in to our application
• Account Identification: To identify you within our system and associate your campaigns, preferences, and subscription with your account
• Communication: To send you important account-related communications, such as subscription confirmations, payment receipts, and critical service updates

How We Store Google User Data

Your Google user data is stored securely using the following measures:

• Stored in our Supabase database with enterprise-grade security and encryption
• Protected by Row Level Security (RLS) policies ensuring users can only access their own data
• Transmitted over secure HTTPS connections at all times
• Access restricted to authorized personnel only

Sharing of Google User Data

We do not sell, rent, or trade your Google user data to third parties. Your Google user data is shared only in the following limited circumstances:

• Service Providers: With Supabase (authentication and database hosting) and Stripe (payment processing), who are contractually obligated to protect your data and use it only to provide services to us
• Legal Requirements: When required by law or to protect our legal rights

We do not use your Google user data for advertising, marketing to third parties, or any purpose other than those explicitly stated in this privacy policy.

Google Ads API Data Access and Usage

In addition to basic authentication, The SaaS Ads Studio integrates with the Google Ads API to provide campaign management and optimisation features. This section describes what Google Ads data we access, how we use it, and how we protect it.

Data We Access via the Google Ads API

When you connect your Google Ads account through our application, we request access to the following data:

• Search Term Reports: Search queries that triggered your ads, along with associated performance metrics
• Campaign Data: Campaign names, statuses, budgets, and settings
• Ad Group Data: Ad group configurations, keywords, and targeting settings
• Campaign Creation: The ability to create campaigns, ad groups, ads, and keywords within your Google Ads account on your behalf

How We Use Google Ads API Data

Your Google Ads data is used strictly for the following purposes:

• Search Term Analysis: To analyse your search term reports and provide actionable optimisation recommendations
• Campaign Building: To automate the creation of campaigns, ad groups, ads, and keywords based on your inputs and preferences
• Performance Insights: To display campaign performance data within the application so you can make informed decisions

We do not use your Google Ads data for advertising, marketing to third parties, training AI models, or any purpose other than providing and improving the Service as described in this privacy policy.

How We Store Google Ads API Data

Your Google Ads data is stored and protected using the following measures:

• OAuth Tokens: Your Google Ads connection tokens are encrypted at rest using AES-256 encryption in our database
• Search Term Data: Search term reports are cached in our database with a 24-hour time-to-live (TTL) to provide responsive performance while minimising data retention
• Access Controls: All Google Ads data is protected by Row Level Security (RLS) policies, ensuring only you can access your own data
• Secure Transmission: All API communications are conducted over secure HTTPS connections

Disconnecting Your Google Ads Account

You can disconnect your Google Ads account at any time through the application's settings. When you disconnect:

• Your OAuth access tokens are immediately revoked and deleted
• Cached search term data is removed
• We no longer have any access to your Google Ads account

Authentication and Account Data

In addition to Google OAuth, we also support email and password authentication. When you create an account, we collect:

• Full name
• Email address
• Encrypted password (if using email/password authentication)
• Authentication tokens and session data

Your authentication credentials are managed by Supabase, our authentication provider, and are stored with industry-standard encryption and security practices.

User Profile and Company Information

To provide personalized guidance and campaign management features, we collect and store the following information about your company:

• Company name
• Company website URL
• Product or service information
• Sales flow description
• Pricing information
• Customer profile descriptions
• Revenue information

This information is used to provide contextually relevant recommendations, generate campaign content, and personalize your experience within the application. You have full control over this information and can edit or delete it at any time through your profile settings.

Payment Information

The SaaS Ads Studio uses Stripe to process subscription payments. We do not directly store your credit card information or full payment details. When you subscribe to our service:

• Stripe securely processes and stores your payment information
• We store only your Stripe customer ID and subscription ID to manage your subscription status
• We track subscription start dates, status (active, canceled), and plan information
• Payment history and billing details are managed through Stripe's secure billing portal

For more information on how Stripe handles your payment data, please review Stripe's Privacy Policy.

AI-Generated Content and Images

Our application offers AI-powered features to help you create advertising content. We use multiple AI providers depending on the feature:

Profile Autofill

When you use the AI-powered profile autofill feature, we send your company website URL to OpenAI's API to generate suggested profile information. This information is then presented to you for review and editing before being saved.

Image Asset Generation

When you use the Image Asset Generator tool, we:

• Send your company profile information to Google's Gemini API to generate custom advertising images
• Store generated images in our Supabase Storage bucket
• Save image metadata (type, format, generation timestamp) in our database
• Provide you with downloadable images for use in your advertising campaigns

Facebook Ads Creative Tools

When you use the Facebook Ads creative tools (audience suggestions, ad copy generation, and creative recommendations), we send your company profile information to Google's Gemini API to generate tailored content for your Facebook and Instagram campaigns.

All AI-generated content is created specifically for your use and is not shared with other users. For information on how our AI providers process data, please review OpenAI's Privacy Policy and Google's Privacy Policy.

Usage Data and Analytics

To improve our service and understand how users interact with our application, we collect:

• Page views and navigation patterns
• Feature usage statistics
• Session duration and activity timestamps
• Browser type and device information

This data is used solely to improve our application, identify popular features, and optimize the user experience. It is aggregated and anonymized where possible and is never sold to third parties.

Campaign and Task Data

As you use The SaaS Ads Studio to manage your Google Ads and Facebook Ads campaigns, we store:

• Checklist progress for each launch step
• Scheduled lever tasks and completion status
• Campaign management preferences
• Notes and custom configurations

This data is stored securely and is accessible only to you through your account. It helps you track your progress and ensures a seamless experience across sessions.

Cookies

We use cookies and similar technologies to manage your session and improve your experience:

Authentication Cookies

When you log in, we set authentication cookies to keep you logged in across sessions. These cookies contain session tokens and are essential for the application to function. Login cookies last for two days, and screen options cookies last for one year. If you select "Remember Me," your login will persist for two weeks.

Session Storage

We use browser localStorage to store your authentication state and preserve your session during payment redirects to Stripe. This ensures you remain logged in after completing a payment.

Embedded Content from Other Websites

Our application includes embedded content such as instructional videos and educational materials. Embedded content from other websites behaves in the exact same way as if you visited that website directly.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who We Share Your Data With

Your data is shared only with the following service providers who help us operate The SaaS Ads Studio:

• Supabase: Database hosting, authentication, and file storage for your profile data, generated images, and campaign information
• Stripe: Payment processing and subscription management
• Google (Gemini API & Ads API): AI-powered image generation, Facebook Ads creative tools, and Google Ads account integration for campaign management and search term analysis
• OpenAI: AI-powered profile autofill feature
• Customer.io: Email marketing and lifecycle communications — we sync your email address, name, and subscription status to send onboarding emails, product updates, and marketing communications
• The SaaS Ads Studio Team: Your contact email address is shared exclusively with authorized members of The SaaS Ads Studio team for customer support and service delivery purposes

All third-party service providers are contractually obligated to protect your data and use it only for the purposes of providing services to us.

How Long We Retain Your Data

We retain your data for as long as your account is active and for a limited period afterward:

• Active Users: All user data, including profile information, campaign data, and generated content, is retained indefinitely while your account is active
• Canceled Subscriptions: If you cancel your subscription, your account data is retained for 3 months to allow you to reactivate your subscription and recover your data
• Deleted Accounts: If you request account deletion, all personal data is permanently deleted within 30 days, except for data we are required to retain for legal, administrative, or security purposes (such as payment records for tax compliance)

What Rights You Have Over Your Data

You have the following rights regarding your personal data:

• Access: You can view all your personal data through your profile settings within the application
• Rectification: You can edit and update your profile information at any time
• Erasure: You can request deletion of your account and all associated data by contacting us at max@saasadsstudio.com
• Data Portability: You can request an exported file of all personal data we hold about you
• Restriction: You can request that we restrict processing of your personal data in certain circumstances
• Objection: You can object to processing of your personal data for specific purposes

To exercise any of these rights, please contact us at max@saasadsstudio.com. We will respond to your request within 30 days.

How We Protect Your Data

We take data security seriously and have implemented multiple layers of protection:

• Encryption: All data is encrypted in transit using HTTPS/TLS and at rest in our database
• Access Controls: Row Level Security policies ensure users can only access their own data
• Authentication: Industry-standard OAuth 2.0 and secure password hashing
• Regular Audits: We regularly review and update our security measures
• Limited Access: Only authorized personnel have access to production systems and data

Statement of GDPR Compliance

The SaaS Ads Studio Limited is committed to protecting and respecting the privacy of our users and ensuring the security of their personal data. We process personal data in accordance with the United Kingdom's Data Protection Act 2018 and the European Union's General Data Protection Regulation (GDPR) (EU) 2016/679.

We have implemented appropriate technical and organizational measures to safeguard personal data, including encryption, access controls, Row Level Security policies, and regular security audits. We collect and process personal data only for specified, explicit, and legitimate purposes, and we do not process data in a manner incompatible with those purposes. We retain personal data for no longer than is necessary for the purposes for which it was collected, and we ensure that personal data is accurate and kept up to date.

We recognize and respect the rights of our users under GDPR, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. We have established procedures for users to exercise their rights and provide a timely response to such requests.

We are transparent about our data processing activities and provide clear information to users about the types of personal data we collect, the purposes for which it is collected, and the circumstances under which it may be shared with third parties. We obtain users' consent for processing their personal data where required and ensure that any third parties with whom we share personal data are GDPR compliant.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this page.

If we make material changes to how we handle your personal data, we will notify you by email or through a prominent notice within the application. We encourage you to review this privacy policy periodically to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns, or requests related to this privacy policy or our data processing activities, please contact us:

Compliance with Google API Services

The SaaS Ads Studio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, regarding Google Ads API data:

• We only request the minimum Google Ads API scopes necessary to provide search term analysis and campaign management features
• We use Google Ads data solely for the purposes explicitly disclosed in this privacy policy — analysing search terms, building campaigns, and displaying performance data to the account owner
• We do not use Google Ads data for advertising, serving ads to users, or marketing to third parties
• We do not sell, rent, or share Google Ads data with third parties except as required to operate the Service (e.g., data stored in Supabase)
• We do not use Google Ads data to train AI or machine learning models
• Users can revoke access to their Google Ads data at any time by disconnecting their account through the application settings