Privacy Policy

Suada Labs ("we", "our", "us") provides an AI-powered content and marketing automation platform for agencies and businesses. This Privacy Policy explains how we collect, use, store, and share information when you use our service.

1. Information we collect

Information you provide

• Account details (name, email address, company name)
• Business profile information submitted during onboarding (products, target audience, brand voice, goals, competitors)
• Brand assets you upload (logos, colours)
• API credentials for third-party services you connect (stored encrypted — see Section 4)

Information from connected third-party services

When you connect accounts from services like Google Ads, Meta Business, LinkedIn Ads, TikTok Ads, or Metricool, we access information that service provides. Specifically:

• Google Ads data (via Google Ads API): campaign metadata, ad performance metrics (impressions, clicks, spend, conversions), ad account structure. We request the https://www.googleapis.com/auth/adwords scope to manage advertising campaigns on your behalf. We do not access your Google account email, contacts, calendar, or any data outside of Google Ads.
• Meta Business data: ad account info, Page data, ad performance metrics, Pixel events
• LinkedIn data: ad account info, campaign and ad performance, organisation information
• TikTok Ads data: advertiser account info, campaign and ad performance
• Metricool data: social media post analytics, competitor engagement metrics

Lead information

When someone submits a form on a landing page built with our platform, we collect the data they submit (typically name, email, and optional additional fields). This data belongs to you, our customer, and we process it on your behalf.

2. How we use information

We use the information we collect to:

• Provide and operate the service (generate content, schedule posts, manage ad campaigns, track performance)
• Analyse performance data to improve content recommendations
• Communicate with you about your account, service updates, and support
• Detect, prevent, and address technical issues and fraudulent activity
• Comply with legal obligations

We do not sell your personal information. We do not use your data to train AI models for use by others.

3. Google user data

Our service uses the Google Ads API to manage advertising campaigns on your behalf. When you authorise our service via Google OAuth:

• We request access only to the adwords scope
• We use this access solely to create, manage, pause, and report on advertising campaigns you have asked us to run
• We store the OAuth refresh token in an encrypted vault (see Section 4)
• You can revoke our access at any time via Google Account Permissions
• We do not share Google user data with third parties other than as needed to provide the service (e.g. sending ad campaign data to the Google Ads platform itself)
• We do not use Google user data for serving advertisements, credit determinations, or any purpose unrelated to the service you requested

4. How we store and secure information

• API credentials (access tokens, refresh tokens, API keys) are encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256) in per-tenant encrypted vault files
• Vault files are stored with restrictive file permissions (600) accessible only to the service process
• All API communication uses HTTPS/TLS
• Data is hosted on infrastructure provided by DigitalOcean in the European Union
• Each customer's data is isolated at the application level (multi-tenant architecture with tenant_id scoping on all database tables)

5. Data sharing

We share your data only with:

• Third-party APIs you have authorised (e.g. Google Ads, Meta, LinkedIn, TikTok, Metricool) — only to perform actions on your behalf
• AI model providers — Anthropic (Claude) for content generation. Data sent to Anthropic is not used to train their models
• Infrastructure providers — DigitalOcean (hosting), Cloudflare (landing page deployment), Resend (email sending)

We do not sell data to advertisers, brokers, or any other third party.

6. Your rights

You can at any time:

• Request a copy of the personal data we hold about you
• Request correction or deletion of your data
• Revoke access to any third-party service you previously authorised
• Cancel your account, which triggers deletion of your data within 30 days
• Lodge a complaint with a supervisory authority (e.g. the UK Information Commissioner's Office)

To exercise any of these rights, contact us at info@suadalabs.com.

7. Data retention

We retain your data for as long as your account is active. If you cancel your account, we delete all associated data within 30 days, except where we are legally required to retain certain records (e.g. tax or accounting records).

8. Cookies

Our portal uses only essential cookies necessary to maintain your authenticated session. We do not use tracking cookies or third-party analytics cookies on our portal pages.

Landing pages you generate through our service may include tracking pixels (e.g. Meta Pixel, TikTok Pixel) that you have configured. The privacy policy for those pages is separate.

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via the service. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Questions about this policy? Contact us:

Suada Labs
Email: info@suadalabs.com