Privacy Policy

Introduction

Advisor Media Group LLC and its affiliate Advisor Media Group (Bangladesh) (collectively, "Atmos," "we," "us," or "our") operate the Atmos AI marketing platform available at marketingadvisorai.com. We respect your privacy and are committed to handling your personal data transparently and responsibly.

This Privacy Policy explains what data we collect, why we collect it, who we share it with, and how you can control it. It covers all integrations Atmos supports, including Meta, Google, TikTok, Pinterest, Twitter/X, YouTube, Reddit, LinkedIn, Snapchat, Gmail, Mailchimp, Twilio, WhatsApp Business, Stripe, AWS, and Cloudflare.

This policy is written to comply with the General Data Protection Regulation (GDPR) for EU/EEA residents, the California Consumer Privacy Act (CCPA/CPRA) for California residents, and the data use requirements of all third-party platform APIs we use.

Information We Collect

1. Information You Provide Directly

• Account Information: Name, email address, password (hashed), company name, job title, and billing information when you create an account.
• Profile Information: Profile photo, preferences, team roles, and platform settings you configure.
• Brand Assets: Logos, brand colors, fonts, images, videos, ad copy, and other creative materials you upload to the platform.
• Campaign Data: Ad copy, targeting parameters, budgets, bid strategies, and campaign configurations you create or import.
• Communications: Support requests, feedback, and messages you send to us.

2. Data from Connected Third-Party Platforms

When you connect advertising or social accounts to Atmos, we receive data from those platforms via their official APIs using OAuth 2.0 authorization. We only request the minimum scopes necessary to provide each feature. A full list of platforms, the data we receive, and the scopes we request is in the Third-Party Platform Integrations section below.

3. Automatically Collected Information

• Device & Browser: Device type, operating system, browser type and version, screen resolution, and language settings.
• Usage Data: Pages visited, features used, actions taken, session duration, and in-app interaction patterns.
• Log Data: IP address, access timestamps, referring URLs, HTTP method and status codes, and error logs.
• Cookies & Tracking Technologies: Session cookies, persistent cookies, local storage, and analytics beacons (see the Cookies section below).

4. Advertising & Conversion Data

• Pixel Events: If you install the Meta Pixel, TikTok Pixel, Pinterest Tag, or similar tracking tags on your website via Atmos, those pixels collect standard browser events (page views, purchases, leads) from your website visitors and send them to the respective ad platforms. Atmos itself does not receive raw visitor PII from pixel events.
• Conversions API (CAPI) Events: If you use our Meta Conversions API (CAPI) proxy (capi.marketingadvisorai.com), server-side conversion events (hashed email, hashed phone, purchase value, event type) are routed through our infrastructure to Meta. Hashed data is transmitted but not stored beyond the transmission session.
• Campaign Performance Metrics: Impressions, clicks, spend, conversions, ROAS, and other aggregated performance data synced from connected ad platforms.

Third-Party Platform Integrations

Below is a complete list of every external platform Atmos integrates with, what data is exchanged, the OAuth scopes we request, and links to each platform's own privacy policy. You can disconnect any platform at any time from your Atmos account settings, which revokes our access token.

How We Use Your Information

We process personal data for the following purposes, each with an identified legal basis under GDPR:

Service Delivery (Contract)

• Create and manage your Atmos account and team workspace
• Authenticate your identity and manage OAuth tokens for connected platforms
• Provide AI-powered ad creative generation and campaign optimization
• Sync campaigns, creatives, and performance data with connected advertising platforms
• Generate analytics dashboards, reports, and performance insights
• Process payments and manage subscriptions via Stripe
• Send essential service communications (account events, billing, security alerts)

Platform Improvement (Legitimate Interests)

• Analyze aggregate usage patterns to improve platform features and UX
• Detect and prevent fraud, abuse, and security threats
• Debug errors and diagnose performance issues
• Improve AI model accuracy using aggregated, anonymized campaign performance signals

Marketing Communications (Consent)

• Send newsletters, product updates, and promotional offers — only if you opt in
• You can unsubscribe at any time via the link in any email or from your account settings

Legal Compliance

• Comply with applicable laws, regulations, and court orders
• Maintain financial records as required by tax and accounting laws
• Respond to lawful requests from public authorities

Data Sharing and Disclosure

We share your data only in the circumstances described below. We do not sell your personal information to third parties.

• Sub-processors: We share data with the infrastructure providers listed above (Hetzner, AWS, Cloudflare, Stripe, Twilio) who process data on our behalf under written Data Processing Agreements.
• Connected Advertising Platforms: When you use Atmos to manage campaigns, your campaign data and creative assets are sent to the connected platforms (Meta, Google, TikTok, etc.) as directed by you.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all assets, your data may be transferred. We will notify you via email and/or prominent notice and give you an opportunity to opt out where required by law.
• Legal Requirements: We may disclose data when required by applicable law, court order, or government request, or when necessary to protect the rights and safety of Atmos, its users, or the public.
• With Your Consent: We will share data with other third parties only when you have given us explicit consent to do so.

Cookies and Tracking Technologies

Atmos uses the following types of cookies and similar technologies:

• Strictly Necessary Cookies: Session management, CSRF tokens, and authentication state. These are required for the platform to function and cannot be disabled.
• Preference Cookies: Storing your UI preferences (theme, language, dashboard layout) to persist between sessions.
• Analytics Cookies: We use internal analytics to understand aggregate usage patterns. We do not use Google Analytics on the Atmos dashboard for logged-in users.
• Security Cookies: Rate limiting, bot detection, and fraud prevention (Cloudflare).

We do not place third-party advertising cookies (e.g., Meta Pixel, Google Ads remarketing tags) on the Atmos platform itself without your knowledge. If we add such tracking in the future, we will update this policy and obtain consent where required.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent the platform from working correctly.

Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and Atmos is encrypted using TLS 1.2 or higher. HTTPS is enforced via Cloudflare with HSTS preloading.
• Encryption at Rest: Database contents and file storage (S3) are encrypted at rest using AES-256.
• OAuth Token Security: Third-party platform tokens are encrypted using AES-256-GCM before storage. Tokens are never exposed in logs or client-side JavaScript.
• Access Controls: Role-based access control limits which team members can view or modify campaigns and connected accounts. Production database access is restricted to application services.
• Payment Security: Card data is handled exclusively by Stripe (PCI-DSS Level 1). Atmos never stores raw card numbers.
• Security Monitoring: Infrastructure-level monitoring for unauthorized access attempts, anomalous API usage, and DDoS attacks via Cloudflare and server-level alerting.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to privacy@marketingadvisorai.com.

Data Retention

We retain personal data for only as long as necessary to provide the Services and fulfill the purposes outlined in this policy:

• Account Data (name, email, settings): Retained while your account is active. After account deletion, retained for 30 days as a grace period for recovery, then permanently deleted.
• Campaign & Creative Data: Retained for 3 years from creation to support historical reporting and analytics. You can request earlier deletion.
• Third-Party Platform Tokens: Deleted immediately when you disconnect a platform integration. Refreshed automatically during active use.
• CAPI Event Data: Hashed conversion event data is transmitted to Meta in real-time and not stored beyond the immediate transmission session.
• Server Log Data: Retained for 90 days for security monitoring and debugging, then automatically purged.
• Billing Records: Retained for 7 years as required by financial regulations.
• Support Communications: Retained for 2 years from the date of last contact.

Your Rights and Choices

Rights for All Users

• Disconnect Platforms: Revoke Atmos's access to any connected advertising platform at any time from your account settings. This immediately deletes our stored access token.
• Update Profile: Edit your name, email, and preferences at any time from your account settings.
• Delete Account: Close your account and request deletion of your data by contacting us.
• Marketing Opt-Out: Unsubscribe from promotional emails at any time using the link in any email.

GDPR Rights (EU / EEA Residents)

If you are located in the European Union or EEA, you have the following additional rights under the GDPR:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data, subject to legal retention requirements.
• Right to Restriction of Processing (Art. 18): Request that we limit how we process your data in certain circumstances.
• Right to Data Portability (Art. 20): Receive a machine-readable copy of the personal data you provided to us.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your local EU data protection authority (supervisory authority).

CCPA / CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, business purposes, and third parties with whom we share it.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a prominent "Do Not Sell or Share My Personal Information" link.
• Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information (e.g., financial data) to purposes necessary to perform the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise any of these rights, please email privacy@marketingadvisorai.com with the subject line "Privacy Rights Request" and a description of your request. We will respond within 30 days (GDPR) or 45 days (CCPA) of verifying your identity.

International Data Transfers

Atmos is operated by Advisor Media Group LLC (US) with servers hosted on Hetzner Cloud in the United States. If you are accessing the Services from the EU, EEA, or other regions with data protection laws, your data will be transferred to and processed in the United States.

We ensure appropriate safeguards for international transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission with all EU-facing sub-processors
• Data Processing Agreements (DPAs) with all major sub-processors (Hetzner, AWS, Stripe, Twilio)
• EU-US Data Privacy Framework compliance where applicable

Children's Privacy

Atmos is a business-to-business platform intended solely for users aged 18 and above. We do not knowingly collect personal data from children under 18. If we learn that we have inadvertently collected data from a child under 18, we will delete it immediately. If you believe we have collected data from a minor, contact us at privacy@marketingadvisorai.com.

Changes to This Policy

We may update this Privacy Policy when we add new platform integrations, change how we process data, or when required by law. For material changes, we will notify you by email at least 7 days before the change takes effect, and we will update the "Last updated" date at the top of this page. Continued use of the Services after the effective date constitutes acceptance of the revised policy.

Contact Us

For privacy questions, data rights requests, or to report a security concern, please contact our privacy team:

For EU residents, you may also lodge a complaint with your local data protection supervisory authority. A list of EU DPAs is available at edpb.europa.eu.