Privacy Policy

AMS Media Inc. (“Campaignly”, “we”, “us”, or “our”) operates the Campaignly marketing automation platform at campaignly.net. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our service. By using Campaignly, you consent to the practices described in this policy.

1. Information We Collect

Account Information

When you register for Campaignly, we collect your name, email address, and a hashed password. Business account users may also provide company name and billing address.

Connected Platform Credentials

When you connect third-party advertising and analytics platforms, we store encrypted OAuth access tokens and refresh tokens on your behalf. These tokens allow Campaignly to retrieve data on your behalf to deliver the features you requested. We never store your passwords for these platforms.

Google APIs. When you connect a Google service, Campaignly requests only the OAuth scopes necessary to deliver the connected feature, listed below. You can revoke access at any time from your Google Account permissions pageor by disconnecting the platform from Campaignly’s Integrations page.

• Google Ads (adwords) — read campaign and ad group configuration, keywords and search terms, advertising performance metrics (impressions, clicks, cost, conversions, CTR, CPC, conversion rate, conversion value), and conversion actions. Campaignly does not access billing information or payment methods.
• Google Analytics (analytics.readonly) — read GA4 property configuration, events, dimensions, metrics, and audiences for audit and insight generation.
• Google Search Console (webmasters.readonly) — read verified site list, search performance data, and indexing status to power SEO audits.
• YouTube (youtube.readonly) — read channel and video metadata and public performance metrics for the channels you authorize.
• Google Calendar (calendar.readonly, calendar.events) — read your calendar events to display them in the Campaignly content calendar, and create or modify events that you explicitly schedule from within Campaignly. We do not modify or delete events that were not created by Campaignly.
• Google Drive (drive.file, drive.metadata.readonly) —drive.file grants Campaignly accessonlyto files you explicitly create or open with Campaignly — we cannot see the rest of your Drive. drive.metadata.readonly is used to read file names and types you select in Campaignly’s Drive picker so you can attach them to campaigns. We do not read file contents outside of files you have explicitly opened with Campaignly.
• Google Docs (documents) — read and write the contents of documents you explicitly open with or create through Campaignly, for example when generating a proposal or marketing brief into Google Docs.
• Google Tag Manager (tagmanager.readonly) — read container and tag configuration to audit tracking setup. Campaignly does not modify your GTM containers.
• Google BigQuery (bigquery.readonly) — read-only query access to BigQuery datasets you select for analytics warehouse audits.

Campaignly does not use any data received from Google APIs to serve, develop, or improve advertising products, and we do not transfer this data to third parties for those purposes. See Google API Services User Data Policy — Limited Use below for the full disclosure.

Other connected platforms.Campaignly also connects to Meta (Facebook and Instagram Ads), LinkedIn Ads, and other advertising and analytics platforms with similar scoped, read-mostly access. Each integration’s scopes are listed on the Integrations page when you connect.

Payment Information

Subscription billing is handled by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. Stripe provides us with a tokenized reference and the last four digits of your card for display purposes. Stripe’s privacy policy governs the handling of your payment data.

Client and Campaign Data

You may upload or enter information about your clients, campaigns, proposals, and marketing plans. This data is stored on your behalf and used solely to deliver the Campaignly service to you — including AI-assisted features (see Section 2 and Section 3). We do not sell, rent, or share your client or campaign data with third parties, and we do not use it for advertising targeting on external platforms or to train third-party AI models.

Usage Data

We collect information about how you interact with the platform: pages visited, features used, actions taken, and timestamps. This data helps us improve the service and diagnose issues.

Cookies and Local Storage

We use session cookies to keep you logged in and browser local storage for UI preferences. We do not use third-party advertising or tracking cookies.

2. How We Use Your Information

• To create and manage your account
• To provide and operate the Campaignly platform
• To connect to and retrieve data from your linked advertising platforms
• To generate AI-assisted audits, insights, recommendations, and proposal content using large-language-model providers (see Section 3)
• To process subscription payments through Stripe
• To send transactional emails (receipts, password resets, invitation notifications)
• To provide customer support via Intercom
• To diagnose bugs and improve the service
• To comply with applicable laws and regulations

We do not sell your personal information to third parties. We do not use your data for advertising targeting on external platforms, and we do not permit our AI providers to use your data to train their models.

3. Third-Party Service Providers

We share data with the following sub-processors to operate the service:

• Vercel — cloud hosting and edge delivery (United States)
• Supabase — database and authentication infrastructure (United States)
• Stripe — payment processing (United States)
• Intercom — customer support and in-app messaging (United States)
• Anthropic— AI analysis of campaign and platform data for audit generation, insights, recommendations, and in-product AI features (United States). Per Anthropic’s enterprise data-use policy, data sent via the API is not used to train Anthropic’s models and is not retained beyond what is operationally necessary to deliver the response.

Each of these providers has contractual obligations to protect your data in accordance with applicable privacy laws. Links to their privacy policies are available on their respective websites.

4. Google API Services User Data Policy

Campaignly’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide or improve user-facing features that are prominent in Campaignly (such as connecting an advertising or analytics account, generating audits and insights, scheduling content, and producing proposals).
• We only transfer Google user data to others if it is necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets in which the receiving entity will be bound by these same restrictions.
• We do not use Google user data to serve advertisements, including retargeted, personalized, or interest-based advertising, and we do not transfer it to data brokers, information resellers, or any party that does so.
• We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for Campaignly’s internal operations — and even then only when the data has been aggregated and anonymized.
• We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models. AI features inside Campaignly process this data only at request time to deliver the response you asked for.

5. Data Storage and Security

Your data is stored in Supabase-managed PostgreSQL databases hosted on infrastructure in the United States. We use row-level security policies to ensure that your data is logically isolated from other users’ data. All data is encrypted in transit using TLS 1.2 or higher. Access to production systems is restricted to authorized personnel only.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data. You are responsible for keeping your login credentials confidential.

6. Data Retention and Deletion

We retain your personal data for as long as your account is active. If you cancel your subscription or request account deletion, we will delete your personal information within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes, which are retained for 7 years).

Connected platform OAuth tokens (including Google API tokens) are deleted immediately upon disconnecting the platform from the Integrations page or deleting your Campaignly account. Cached data retrieved from those platforms (such as audit results and cached metrics) is deleted within 30 days of disconnection.

How to request deletion. You can request deletion of your data in two ways:

• Self-service: disconnect any platform from /dashboard/integrations to immediately revoke and delete the OAuth tokens and queue cached data for deletion. To delete your full Campaignly account, go to Account Settings and use “Delete account”, or email us using the address below.
• Email request: send a deletion request to privacy@campaignly.net from the email address on your Campaignly account. We will confirm receipt within 5 business days and complete deletion within 30 days.

You can also independently revoke Campaignly’s access to your Google account at any time from your Google Account permissions page.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Canadian Users (PIPEDA)

Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access the personal information we hold about you, correct inaccuracies, and withdraw consent for certain uses of your data.

European Users (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR) including: the right to access, rectify, or erase your data; the right to data portability; the right to restrict or object to processing; and the right to lodge a complaint with your local supervisory authority.

California Users (CCPA)

California residents have rights under the California Consumer Privacy Act (CCPA) including the right to know what personal information is collected, the right to deletion, and the right to non-discrimination for exercising your rights. We do not sell personal information.

To exercise any of these rights, contact us at privacy@campaignly.net. We will respond within 30 days.

8. Children’s Privacy

Campaignly is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the changes take effect. Continued use of Campaignly after the effective date constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact: