Privacy Policy

Unifyad ("we", "us", "the Platform") is a marketing analytics and optimization platform operating at unifyad.io. This Privacy Policy describes how we collect, use, store, and protect data — including data received from Google APIs — when you use our services.

• Account information: name, email, agency or company name.
• Platform connection data: OAuth access and refresh tokens for Google Ads, Google Analytics 4, Google Search Console, Meta Ads, TikTok Ads, Adjust, Shopify, and other supported platforms that you explicitly connect.
• Advertising performance data: campaign metrics (spend, impressions, clicks, conversions, revenue), ad-group and ad-level performance, creative metadata.
• Web analytics data: GA4 traffic summaries, Search Console top queries and pages.
• Technical data: IP address, browser user-agent, access logs for security and debugging.

• To display your connected advertising, analytics, and search data in the Unifyad dashboards you have subscribed to.
• To generate AI-assisted optimization recommendations that you review and approve before any action is taken.
• To detect anomalies and send you alerts about material changes in your connected accounts.
• To unify data across platforms into cross-channel reports for your own use.
• To improve product reliability and user experience.

We do not use your data to train generalized AI or ML models, to build advertising profiles, to resell to third parties, or for any purpose other than providing the services you have explicitly asked us to provide.

Unifyad's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• We only use Google user data to provide user-facing features of Unifyad that are visible to the user who granted access.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features (e.g. storage in Supabase database infrastructure), for security purposes, or to comply with applicable law.
• We do not use or transfer Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Google user data unless: (a) we have obtained the affected user's explicit consent, (b) it is necessary for security purposes (such as investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized for internal operations.
• We do not use Google user data to train generalized AI or ML models.

Unifyad requests the following Google OAuth scopes only after the user explicitly initiates a connection for the corresponding product. Each scope maps to a specific feature described below.

You can revoke any of these scopes at any time from the Integrations page in the Unifyad dashboard or directly from your Google Account permissions page.

All user data is stored on Supabase-managed PostgreSQL infrastructure located in the EU (Frankfurt) region. Security measures include:

• TLS/SSL encryption for all data in transit.
• OAuth tokens encrypted at rest via Supabase Vault.
• Row-Level Security (RLS) isolating each agency's data.
• JWT-based API authentication for every backend request.
• Daily automated security scanning and dependency monitoring.

Unifyad integrates with the following third-party services strictly to provide the platform functionality you request:

• Google APIs — Google Ads, Google Analytics 4, Google Search Console (read-only).
• Meta (Facebook) APIs — Meta Ads.
• TikTok APIs — TikTok for Business (ads) and TikTok Display API (creator).
• Adjust — mobile attribution.
• Shopify — e-commerce data.
• Anthropic Claude API — AI analysis and recommendations.
• OpenAI API — text embeddings for knowledge search.
• Supabase — database and authentication.
• Vercel — frontend hosting.
• Railway — backend API hosting.

Each third-party service is bound by its own privacy policy. We share only the minimum data required for each integration to function.

Unifyad uses only first-party cookies strictly required for session management and user preferences. We do not use third-party tracking cookies or advertising cookies.

Account data is retained while your account is active. Upon account deletion or disconnection of a specific platform, the associated OAuth tokens are deleted immediately, and any cached data received from that platform is purged within 30 days. Aggregated, anonymized statistics may be retained for operational purposes.

You can request deletion of your personal data at any time by emailing info@unifyad.io. We respond to deletion requests within 30 days.

Under GDPR and comparable regulations, you have the right to:

• Access personal data we hold about you.
• Correct inaccurate data.
• Request deletion ("right to be forgotten").
• Object to or restrict processing.
• Request data portability.
• Revoke any platform connection at any time.

Email info@unifyad.io to exercise any of these rights.

We may update this Privacy Policy from time to time. Material changes will be announced by email to registered users. Continued use of the Platform after such updates constitutes acceptance of the updated policy.

For privacy-related questions:
Email: info@unifyad.io
Web: unifyad.io