Privacy Policy

The controller of your personal data is:

FUTURA Jonasz Glowienke
ul. Topolowa 32, 31-506 Kraków, Poland
Tax ID (NIP): 6751816550
REGON: 542266592
Contact: hello@adsmeta.pl

AdsMeta is a web application where you create an account and generate Meta Ads campaign plans. As a result we process the following categories of data:

• Account data — your email address and a hashed password, provided at registration. They form your unique identifier in the system.
• Profile and business data — name, business name, industry, website, business contact details. Provided voluntarily during onboarding and in account settings. Used as context for generating campaign plans.
• Product, client and campaign data — the information you enter while using the app: product/service descriptions, product images, client records (on the Agency plan), campaign briefs, AI-generated plans. This is the content of your work in the tool.
• Billing data (paid plans) — email address, Stripe customer ID, subscription status, plan, billing period start/end, last 4 digits of the card, card brand (e.g. Visa). The full card data is handled exclusively by Stripe — we do not store it.
• Usage counters — number of AI plans generated in the current month (to enforce plan limits), number of credits available from one-off credit packs.
• Analytics data (marketing site) — anonymous visit data collected by Google Analytics 4 on adsmeta.pl: browser type, operating system, country/region, traffic source, pages visited, time on site. We do not use GA4 inside the signed-in app.
• Technical data and logs — IP address, device info, server logs, captured automatically by the hosting infrastructure for security and error diagnostics.

What we do not collect: we do not require access to your Meta Ads, Facebook or Instagram account. AdsMeta does not log in to those platforms and does not pull your data from them. You configure Pixel/CAPI/CAPI Gateway yourself — we describe how, but we don't do it for you.

• Account creation and operation, service provision on the Free plan and paid plans (including AI plan generation and storage of products, clients and campaigns). Legal basis: performance of the electronic-services contract (Art. 6(1)(b) GDPR).
• Subscription and credit-pack billing — processing billing data to handle payments, issue invoices and process cancellations. Legal basis: performance of contract (Art. 6(1)(b) GDPR) and the Operator's tax obligations (Art. 6(1)(c) GDPR — to the extent required by Polish VAT and accounting law).
• AI plan generation — we forward your product content and campaign brief answers to a language-model provider (OpenAI) to generate a plan, which we return to you. Legal basis: performance of contract (Art. 6(1)(b) GDPR).
• Transactional communications — emails related to your account and subscription (payment confirmations, invoices, trial-ending notices, password resets). Legal basis: performance of contract (Art. 6(1)(b) GDPR).
• Direct marketing (optional newsletter with product updates, educational content and offers) — only after you grant separate consent. Legal basis: consent (Art. 6(1)(a) GDPR) and the separate consents required under Art. 10(2) of the Polish Act on Providing Services by Electronic Means and Art. 172(1) of the Polish Telecommunications Act. You can withdraw consent at any time using the "unsubscribe" link included in every marketing message.
• Marketing-site analytics and measuring communication effectiveness — only on adsmeta.pl, based on your consent for analytics cookies (Art. 6(1)(a) GDPR and Art. 173(1) of the Polish Telecommunications Act).
• Security and diagnostics — server logs, abuse prevention and incident analysis. Legal basis: our legitimate interest (Art. 6(1)(f) GDPR).

We share your data with the providers whose services we use to deliver AdsMeta. Each one processes data on our behalf under a data processing agreement (Art. 28 GDPR) or in its own narrow controller role.

• Supabase Inc. (USA) — database and file storage (product images). Hosts your account, profile, product, client, campaign and plan data. Transfer to the USA under the European Commission's Standard Contractual Clauses (SCC).
• Vercel Inc. (USA) — application and marketing-site hosting. Processes technical data (logs, IP, session) while serving pages. Transfer to the USA under SCC.
• Stripe Payments Europe, Ltd. (Ireland) and Stripe, Inc. (USA) — payments, subscriptions and credit packs. Stripe processes full card data as a separate controller (per Stripe's privacy policy). We only receive the customer ID and anonymized data (card brand, last 4 digits, subscription status). Transfer to the USA under SCC.
• OpenAI, L.L.C. (USA) — the language model that generates campaign plans. We pass your product content (name, description, optionally text scraped from the product website) and campaign-brief answers. OpenAI does not use data submitted via the API to train its models. Transfer to the USA under SCC.
• Google Ireland Limited (Ireland) — Google Analytics 4 (marketing site only, not the app). Data may be transferred to the USA under SCC.
• Email service provider — a platform for transactional email (confirmations, invoices, password resets) and the optional newsletter. Processes your email and delivery metadata under a data processing agreement.

We do not sell your data and we do not share it for third-party marketing. The current full list of providers (subprocessors) is available on request — write to hello@adsmeta.pl.

• Account data and user content (profile, products, clients, campaigns, plans) — for the lifetime of the account. After account deletion we erase the data within 30 days, except for information we are required to retain by law (see below).
• Billing data and invoices — 5 years from the end of the tax year in which the obligation arose (Art. 86 §1 of the Polish Tax Ordinance and Art. 74(2) of the Accounting Act).
• Newsletter email — until you withdraw consent or up to 24 months from the last interaction.
• GA4 analytics — default 14 months, as configured in Google Analytics.
• Server logs — up to 12 months.
• Historical waitlist data (from before 16 May 2026, when AdsMeta was collecting early-access sign-ups) — retained as a historical record of consent for evidentiary purposes, up to 24 months from the last contact.

Under GDPR you have the right to:

• access your data and receive a copy (Art. 15 GDPR),
• rectify inaccurate data (Art. 16 GDPR),
• erase your data — "right to be forgotten" (Art. 17 GDPR),
• restrict processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• object to processing based on legitimate interest (Art. 21(1) GDPR),
• object to direct marketing — at any time, without giving a reason and with immediate effect (Art. 21(2) GDPR),
• withdraw consent at any time (without affecting prior lawful processing),
• lodge a complaint with the Polish Data Protection Authority (uodo.gov.pl) if you believe processing violates GDPR.

Most of these rights you can exercise yourself from the panel — delete your account, export your products/campaigns/plans, cancel your subscription in the Stripe portal. If in doubt, or if you'd rather we handled it manually — email hello@adsmeta.pl. We respond within 30 days.

This site uses cookies for:

• Strictly necessary — login session, language preference, signup state (required for the site to work). Legal basis: necessity for service delivery (Art. 173(3)(2) of the Polish Telecommunications Act).
• Analytics — Google Analytics on the marketing site. Anonymous traffic statistics. Legal basis: your consent given in the cookie bar.
• Stripe — Stripe may use its own cookies for fraud prevention during payment processing. Required for transaction execution.

You can disable cookies in your browser at any time. Disabling analytics cookies does not affect site functionality. Disabling strictly necessary cookies will prevent panel login and payment handling.

We do not subject you to automated decisions producing legal effects, or similarly significantly affecting you (Art. 22 GDPR).

AI plan generation is not an "automated decision" within the meaning of Art. 22 GDPR — it is a recommendation tool that you choose to use or not. AI output is a suggestion and is not a binding decision about you. Google Analytics segments traffic for statistical purposes only.

• User passwords are stored only as hashes using standard cryptographic algorithms — never in plain text.
• All communication with the app is over encrypted connections (HTTPS / TLS).
• Database access is limited to the application systems and authorized personnel within the Operator.
• Full payment card data never reaches our servers — it is handled entirely by Stripe (PCI DSS Level 1 certified).
• Product images are stored in a private bucket with access via time-limited signed URLs.
• In the event of a personal data breach, in line with Arts. 33-34 GDPR, we will report it to the supervisory authority within 72 hours and notify you if the breach is likely to result in a high risk to your rights or freedoms.

We reserve the right to update this policy as the product, the law, or the list of providers change. Any change will be posted on this page with an updated "last updated" date. For material changes (adding a new subprocessor, changing the legal basis, changing processing purposes) we will email you at least 14 days before the change takes effect.

Questions about personal data processing:
hello@adsmeta.pl
FUTURA Jonasz Glowienke
ul. Topolowa 32, 31-506 Kraków, Poland