AdForge Foundry
Tools Start free

Privacy Policy

AdForge Foundry · Effective 28 June 2026 · Last updated 28 June 2026

This Privacy Policy explains how AdForge Foundry ("AdForge Foundry", "we", "us", "our") collects, uses, discloses, retains and protects information when you use our website, software-as-a-service application and related services (together, the "Service"). It also describes the additional commitments we make when handling data obtained through the Meta Platform, in accordance with the Meta Platform Terms and Meta Developer Policies. We process personal data in line with the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended (CCPA/CPRA) and other applicable laws.

1. Who we are & scope

AdForge Foundry is a business software application that helps marketers create, score and launch advertising creative to advertising platforms such as Meta (Facebook and Instagram) using those platforms' official APIs and the user's own connected advertising accounts. For data you submit to the Service, we generally act as a data processor acting on your instructions; for account, billing and Service-operations data, we act as a data controller. This policy applies to all users and visitors of the Service.

2. Definitions

  • "Meta Platform" — the APIs, SDKs and tools made available by Meta Platforms, Inc.
  • "Platform Data" — any information you, Meta, or Meta users provide to us, or that we obtain, through the Meta Platform (for example, your ad accounts, Pages, business assets, audiences and the campaigns/ad sets/ads we create on your behalf, and any access tokens).
  • "Personal Data" — information relating to an identified or identifiable person.

3. Information we collect

3.1 Information you provide

  • Account data — name, email address and authentication credentials when you register.
  • Billing data — plan, subscription status and payment details, handled by our payment processor; we do not store full card numbers.
  • Content you create — products, images, copy, projects, scores and campaign settings you upload to or generate in the Service.
  • Communications — messages you send us for support or enquiries.

3.2 Platform Data from connected accounts

When you choose to connect a Meta account, you authorise us — via Meta's official OAuth flow — to access only the data needed to provide the Service. Depending on the permissions you grant (which may include ads_management, ads_read, business_management, pages_show_list, pages_read_engagement and pages_manage_ads), this may include your ad accounts, Pages, business assets, and the campaigns, ad sets and ads we create at your direction, together with the access token that authorises those actions. We request the minimum permissions required for the features you use, and you can revoke access at any time.

3.3 Information collected automatically

  • Usage data — features used and actions taken, to operate, secure and improve the Service.
  • Device & log data — IP address, browser type and timestamps, for security and diagnostics.
  • Cookies — strictly-necessary cookies for authentication and session management. We do not use advertising or cross-site tracking cookies, and we do not sell your data.

4. Meta Platform Data — our commitments

We handle Platform Data strictly in accordance with the Meta Platform Terms and Developer Policies. In particular:

  • Purpose limitation — we use Platform Data only to provide and improve the Service for the person or business that authorised the connection. We do not use it for any independent purpose.
  • No selling or sharing — we do not sell, license or purchase Platform Data, and we do not transfer it to, or use it with, any data broker, advertising network, data-enrichment or monetisation service.
  • No surveillance or unlawful profiling — we do not use Platform Data for surveillance, for building or augmenting profiles for unauthorised purposes, or to discriminate against or disadvantage any person, including on the basis of protected characteristics.
  • Minimisation — we request and retain only the Platform Data needed for the features you use.
  • Security & incident handling — we protect Platform Data with the safeguards in Section 8 and will investigate, remediate and report data incidents involving Platform Data to Meta and affected users as required.
  • Deletion — we delete Platform Data when you request it, when you disconnect your account, when it is no longer needed for the Service, or when required by Meta or by law (see Section 6 and our Data Deletion page).
  • Compliance — our processing of Platform Data is subject to, and limited by, the Meta Platform Terms and Developer Policies, which take precedence in the event of any conflict.

5. How we use information & legal bases

We process information to: provide, operate, secure and improve the Service; create and manage advertising assets in your connected accounts at your direction; process subscriptions and prevent fraud; provide support and send service-related messages; and comply with legal and platform obligations. Where the GDPR applies, our legal bases are: performance of a contract (to deliver the Service), legitimate interests (to secure and improve the Service and prevent abuse), consent (where required, e.g. for certain communications, which you may withdraw), and legal obligation.

6. Data retention & deletion

We retain information for as long as your account is active or as needed to provide the Service, then delete or anonymise it within a reasonable period, except where longer retention is required by law (e.g. billing records). Platform Data and access tokens are deleted promptly when you disconnect an account or close your account. You can request deletion at any time as described on our Data Deletion page; we honour verified requests within 30 days.

7. How we share information

We share information only as needed to run the Service, with sub-processors acting under contract on our instructions:

  • Advertising platforms (e.g. Meta) — to create and manage the ads you instruct us to, via their APIs.
  • AI providers — content you submit for generation or scoring is processed by third-party AI services solely to return your result; it is not used to train their models where their terms allow us to opt out.
  • Infrastructure & processors — cloud hosting/storage, authentication and payment providers.
  • Legal & safety — where required by law or to protect rights, safety and security; and, in a merger or acquisition, to a successor under equivalent protections.

We do not sell or rent personal information, and we do not "share" it for cross-context behavioural advertising as defined under the CCPA/CPRA.

8. Security

We use industry-standard measures including encryption in transit, access controls, least-privilege practices and per-customer data isolation. Access tokens are stored securely and used only to perform actions you request. No method of transmission or storage is 100% secure, but we work to protect your data and to notify you and any relevant authority of material breaches as required by law and by the Meta Platform Terms.

9. International transfers

We may process and store data in countries other than your own, including the United States and the United Kingdom/EU. Where data is transferred internationally, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or another lawful transfer mechanism.

10. Your rights & choices

Subject to applicable law, you may: access, correct, export (portability), delete or restrict processing of your personal data; object to processing based on legitimate interests; withdraw consent; and disconnect any linked Meta account at any time (in the Service or in your Meta settings). California residents have the rights to know, delete, correct and opt out, and not to be discriminated against for exercising them. To exercise a right, contact privacy@adforgefoundry.com. You also have the right to lodge a complaint with your local data-protection authority.

11. Cookies

We use only strictly-necessary cookies for authentication and session management. We do not use third-party advertising or analytics cookies that track you across sites.

12. Children

The Service is intended for businesses and is not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version here with a new effective date and, for material changes, provide additional notice where appropriate. Continued use after changes take effect constitutes acceptance.

14. Contact

For privacy questions, data requests or to reach our privacy team: privacy@adforgefoundry.com. For data deletion, see our Data Deletion page.