Last updated: 2026-04-29 Effective: 2026-04-27 (Section 6 cookie inventory amended 2026-04-29 to disclose advertising-tracker deployment)
This Privacy Policy describes how Ad Collab LLC (“Ad Collab,” “we,” “us,” or “our”) collects, uses, and shares personal information when you visit adcollab.agency, portal.adcollab.agency, intel.adcollab.agency, or any related site we operate (collectively, the “Sites”), or contact us. It also describes your rights regarding your personal information.
This Policy does not govern how Ad Collab processes Client Data on behalf of Ad Collab’s business clients (marketing data, audience lists, ad performance data). That processing is governed by the Master Services Agreement, Terms of Acceptance, and Data Processing Agreement executed with each Client.
1. Who we are
- Legal name: Ad Collab LLC
- State of formation: California, USA
- Contact for privacy inquiries: privacy@adcollab.agency (fallback: marketing@adcollab.agency)
- Mailing address: 2108 N ST STE N, Sacramento, CA 95816, USA
- Phone: 650-606-6510
2. Information we collect
2.1. Information you provide
- Contact information when you request an audit, fill a form, or email us: name, email, phone, business name, business website, vertical, market size, estimated ad budget, timeline.
- Account information when you create a Client Portal login: email address, authentication credentials, session tokens.
- Communications when you message us: the content of your messages and any attachments.
- Payment information (for Clients only): processed by our payment processor (Stripe / QuickBooks); we do not store full payment card numbers on our servers.
2.2. Information collected automatically
- Site usage data: pages visited, time on page, referring URL, clicks, scroll depth.
- Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, language preference.
- Cookies and similar technologies: see Section 6 below for our specific tracking inventory.
2.3. Information from third parties
- Advertising platforms (Google Ads, Meta) may share aggregate audience or performance data tied to campaigns targeting or serving you. We do not currently run paid campaigns that retarget Sites visitors.
- Analytics providers (Google Analytics 4, where deployed) provide us with site usage reports.
- Prospect research tools (Apollo.io and similar B2B data providers) provide publicly available business contact data for outreach to prospective clients.
3. How we use information
We use the personal information we collect for the following purposes:
- Provide and operate the Sites and Portal — authenticate users, render personalized dashboards, deliver reports.
- Respond to inquiries and deliver audits when you request one.
- Communicate with you about our services, your engagement, or updates to our terms.
- Improve our Sites and services — analyze usage patterns, fix bugs, plan features.
- Prospect outreach — contact business owners who match our ideal client profile, via compliant B2B outreach (legitimate-interest basis under GDPR; CAN-SPAM-compliant under U.S. law; with opt-out honored).
- Legal and safety — enforce our terms, respond to legal process, protect rights and safety, prevent fraud.
- Aggregate analytics — de-identified, aggregated insights across our client base to improve services (never identifiable to any individual or business).
We do not sell your personal information. We do not “share” your personal information for cross-context behavioral advertising as defined under CCPA/CPRA. We do not knowingly process Sensitive Personal Information about Sites visitors.
4. How we share information
| Recipient category | Examples | Purpose |
|---|---|---|
| Service providers (sub-processors) | Supabase (hosting/database), Netlify (hosting), Make.com (automation), Google Workspace (email), Stripe / QuickBooks (billing/payments), Apollo.io (B2B outreach data, not Sites visitors) | Operate our Sites, process payments, deliver services |
| Analytics providers | Google Analytics 4 (where deployed) | Measure Site usage |
| Advertising platforms (for Clients’ campaigns only, not your personal info) | Google Ads, Meta, TikTok, LinkedIn | Deliver Client campaigns under each Client’s MSA + DPA |
| Legal recipients | Regulators, law enforcement, courts | Where legally required |
| Business successors | Acquirer or successor in a merger, acquisition, reorganization, or sale of assets | Continuity of service |
All service providers and sub-processors are contractually bound to use your information only to provide services to Ad Collab and to protect your information.
5. Your rights
5.1. All residents
You may:
- Access the personal information we hold about you;
- Correct inaccurate information;
- Delete your personal information, subject to limitations (legal obligations, active contracts, defense against claims);
- Opt out of marketing communications at any time by clicking “unsubscribe” in any marketing email or by contacting us.
Exercise any right by emailing privacy@adcollab.agency with a clear description of your request. We will respond within 30 days (or 45 days where Applicable Data Protection Law permits a longer response window).
5.2. California residents (CCPA/CPRA)
In addition to the rights above, California residents may:
- Right to know — request disclosure of what personal information we have collected, used, disclosed, and sold or shared (we do not sell or share for cross-context behavioral advertising) in the past 12 months.
- Right to delete — request deletion of personal information, subject to exceptions provided by law.
- Right to correct — request correction of inaccurate personal information.
- Right to opt out of sale or sharing — we do not sell or share for cross-context behavioral advertising, so there is nothing to opt out of. We honor Global Privacy Control (GPC) browser signals consistent with CPPA regulations where they are sent.
- Right to limit use of Sensitive Personal Information — we do not collect Sensitive Personal Information (as defined at Cal. Civ. Code §1798.140(ae)) about Sites visitors beyond what is strictly necessary; this right is not currently triggered by our practices.
- Right to non-discrimination — we will not discriminate against you for exercising your rights.
You may designate an authorized agent to exercise rights on your behalf. We will verify the agent’s authority per CPPA regulations.
“Shine the Light” disclosure (Cal. Civ. Code §1798.83): California residents who provide personal information for personal, family, or household purposes have a right to request information about disclosures of that information to third parties for the third parties’ direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
5.3. European/UK/Swiss residents (GDPR / UK GDPR / Swiss FADP)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the following additional rights apply:
- Right of access, rectification, and erasure (as above);
- Right to restrict processing in certain circumstances;
- Right to object to processing based on legitimate interests, including direct-marketing processing;
- Right to data portability in machine-readable format;
- Right to withdraw consent where processing is based on consent;
- Right to lodge a complaint with your supervisory authority.
Legal bases for processing:
- Consent — where you have provided it (e.g., marketing emails, certain cookies);
- Contract — to provide services or to take steps prior to entering a contract;
- Legitimate interest — for Site operation, security, fraud prevention, and B2B outreach to business owners (we balance our interest against your rights);
- Legal obligation — where required by applicable law.
International transfers: We are U.S.-based. Transfers from the EEA/UK/Switzerland to the U.S. rely on the Standard Contractual Clauses issued by the European Commission on 4 June 2021 (Module 2 where relevant) and the UK International Data Transfer Addendum, where required.
6. Cookies and tracking technologies
We use the following cookies and similar technologies on the Sites. California Invasion of Privacy Act compliance: we identify each technology by name below. We deploy a consent banner requesting prior, explicit, affirmative consent before any non-essential technology fires. You can revisit your preferences at any time via the “Privacy Choices” link in the footer.
| Category | Technology / Tool | Purpose | Cookies set | Disable? |
|---|---|---|---|---|
| Essential | Session cookies, authentication tokens, CSRF tokens (set by Supabase / Netlify) | Authentication, session management, security | varies by host | No (required for Site operation) |
| Analytics | Google Analytics 4 | Aggregated usage measurement: page views, scroll depth, traffic sources, conversion events | _ga, _ga_* | Yes (via consent banner) |
| Advertising | Meta Pixel | Conversion measurement, ad attribution, and audience building for Meta (Facebook/Instagram) campaigns | _fbp, _fbc | Yes (via consent banner) |
| Advertising | Meta Conversions API (CAPI, server-side) | Server-side mirror of conversion events for browser-blocking robustness; deduplicated against the client-side Meta Pixel via shared event_id; we hash email and phone (SHA-256) before transmission | (no cookies — server-to-server) | Yes (gated on same Advertising opt-in as Meta Pixel) |
| Advertising | Google Ads conversion tag | Conversion attribution and Smart Bidding signal for Google Ads campaigns | _gcl_au, _gcl_aw | Yes (via consent banner) |
| Preferences | Local-storage settings (e.g., consent state, time zone, theme) | Remembering your settings | n/a (localStorage) | Yes (via browser settings) |
We do not deploy TikTok Pixel, LinkedIn Insight Tag, Hotjar, FullStory, Microsoft Clarity, or any session-replay or heatmap technology on the Sites. We do not serve third-party display ads on the Sites.
Consent gate (how prior-consent is enforced). All analytics and advertising technologies above are loaded only after you grant consent through our cookie banner. Until consent is granted, we initialize Google Consent Mode v2 in the default-denied state, which means analytics/ads cookies are blocked, the Meta Pixel script is not loaded, the Google Ads conversion tag does not fire, and the Meta CAPI server endpoint returns without dispatching. If you grant consent and later change your mind, you can revisit your choices via the “Privacy Choices” link in the footer; revoking will stop further pixel firing on subsequent page loads.
Opt-out paths beyond our banner:
- Google Ads personalised advertising — manage at adssettings.google.com
- Meta ad preferences — manage at accountscenter.meta.com → Ad preferences
- Browser-level — disable third-party cookies in your browser, or use a tracker-blocking extension
- GPC signal — see Section 11 below; we treat GPC as a request to opt out of analytics and advertising tracking with no banner click required
You can control cookies via your browser settings. Disabling essential cookies may prevent the Portal from functioning.
If we deploy any new tracking technology in the future (e.g., a TikTok Pixel for a new campaign channel), we will update this Section 6, request your consent before firing, and post a prominent notice on the Sites of the change.
7. Data retention
We retain personal information as long as necessary for the purposes described in this Policy, to comply with legal obligations, to resolve disputes, and to enforce agreements.
Typical retention periods:
- Contact form submissions that don’t become Clients: 24 months, then deleted or de-identified.
- Client Portal accounts: active for the duration of the engagement plus 24 months after termination (for dispute defense and historical reporting continuity).
- Billing and payment records: 7 years (tax / accounting retention).
- Marketing email list: until you unsubscribe plus 30 days for suppression-list maintenance.
- Server logs and security telemetry: 90 days, except where retained longer for incident investigation.
8. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit (TLS 1.2+) for all Site and Portal traffic;
- Encryption at rest via Supabase and Netlify infrastructure;
- Access controls — Portal admin access is limited to an allowlist; multi-factor authentication required;
- Least privilege — service providers receive minimum data necessary;
- Backups — automated with restricted access;
- Security monitoring — administrative-access logs reviewed periodically.
No system is perfectly secure. If we experience a breach that legally requires notification, we will notify affected individuals and regulators per applicable law (including the California breach-notification statute at Cal. Civ. Code §1798.82, GDPR Art. 33–34 where applicable, and any other applicable law).
9. Children’s privacy
Our Sites and services are directed to business owners and operators, not children. We do not knowingly collect personal information from children under 13 (under U.S. COPPA) or under 16 (under EEA/UK GDPR). If you believe a child has provided us with personal information, contact privacy@adcollab.agency and we will delete it.
10. Third-party links
Our Sites may link to third-party websites. We are not responsible for their privacy practices. Review the privacy policies of any third party you interact with.
11. Do Not Track / Global Privacy Control
Some browsers send a “Do Not Track” (DNT) signal. There is no industry consensus on how to interpret DNT, and we do not currently respond differently based on DNT.
We do honor Global Privacy Control (GPC) signals as a do-not-sell / do-not-share / opt-out-of-targeted-advertising request consistent with the California Privacy Protection Agency’s regulations.
12. Changes to this Policy
We may update this Policy from time to time. When we do, we will update the “Last updated” date above. Material changes will be communicated by a prominent notice on the Sites or by direct communication to registered users at least 30 days before the change takes effect, except where a shorter notice period is required by law or to address a security or legal issue.
13. How to contact us
For privacy questions, requests, or complaints:
- Email: privacy@adcollab.agency (preferred)
- Fallback email: marketing@adcollab.agency
- Phone: 650-606-6510
- Mail: Ad Collab LLC, 2108 N ST STE N, Sacramento, CA 95816, USA
EU/UK Data Subjects who are unable to resolve a privacy concern through us may lodge a complaint with their local supervisory authority. We do not currently appoint an EU representative under GDPR Art. 27 because we do not target EU/UK residents through the Sites; if your concern arises from an interaction we initiated, please contact us first.
14. Relationship to other agreements
- For Ad Collab Clients: how we process your business data (Client Data) is governed by the Master Services Agreement, Terms of Acceptance, and Data Processing Agreement you executed. This Privacy Policy covers personal information about you as an individual using our Sites, not your business’s ad performance or customer data.
- For prospects we contact: we use legitimate-interest-basis B2B outreach under applicable law. You can opt out at any time by replying “unsubscribe” or emailing privacy@adcollab.agency.
End of Privacy Policy v1.1.