Privacy Policy
In accordance with Regulation (EU) 2016/679 (“GDPR”) and Romanian Law No. 190/2018 implementing the GDPR, the information below explains how we process your personal data when you use the Optimads platform and its subdomains/sections (the “Service”).
The date above indicates the last revision. We recommend checking this policy periodically.
1. Data Controller
| Name | FLAMINGO INDUSTRY SRL |
| Tax ID (CUI) | 46833688 |
| Trade Register No. | J20/1521/2022 |
| EUID | ROONRC.J20/1521/2022 |
| Privacy contact | contact@optimads.ai |
2. Who the Service is for
The Service is intended for adults (18+). We do not knowingly collect data about minors. If you register on behalf of a company, you confirm that you are authorized to represent it.
3. What data we process, for what purpose, and on what legal basis
Each processing activity has a legal basis (consent, performance of a contract, legitimate interest, or legal obligation).
3.1. Browsing and security
When you use the Service, we automatically collect technical identifiers (IP address, device identifier, metadata such as browser / HTTP headers) to prevent fraudulent use, detect and mitigate attacks (bots, DDoS), and maintain system security.
Basis: legitimate interest (system security and integrity).
3.2. User account
On registration we process: email and name (required); the password is stored encrypted (hashed) by our authentication provider. If you use federated login (e.g. Google), we receive your email, name and profile picture from that provider, with your consent.
Basis: performance of the contract (providing the Service).
3.3. Platform connections (OAuth tokens)
When you connect an advertising account (Meta), a store (Shopify) or other platforms, we securely store the necessary access tokens. They are never displayed in the interface, never written to logs, and never shared with third parties.
Basis: performance of the contract.
3.4. Advertising and store data
Through the connected platforms' APIs we process data about campaigns, ad sets, ads, audiences and statistics (spend, impressions, clicks, conversions, ROAS), and — for Shopify — aggregated financial information about orders (total value, number of orders) needed to compute profitability. We do not collect personal data of the store's buyers (name, email, address) unless strictly necessary and permitted.
Basis: performance of the contract. (See also section 4 on our role as a processor.)
3.5. Artificial intelligence features
When you use the AI features (the in-app assistant, creative generation), the content you input (text, images) is sent to our AI providers (e.g. Anthropic, Google) acting as sub-processors, solely to deliver the requested result. We do not use your data to train our own or third parties' AI models.
Basis: performance of the contract and legitimate interest (improving the Service).
3.6. Communications (support and marketing)
When you contact us for support, we process the data needed to respond, based on your request. We may send you communications about the Service (legitimate interest) or marketing communications (if you are a customer or have given consent); you can unsubscribe at any time.
4. Our role: controller vs. processor (important for business customers)
For your own account data (email, name) we are the controller. For the data you bring through your clients' accounts/stores (advertising data, orders), you (or the agency) are the controller, and we act as a processor, processing data only per your instructions and these terms. On request, we sign a Data Processing Agreement (DPA) — write to us at the contact address.
5. Providers and sub-processors
We use trusted providers that process data strictly to provide us their services, under contract and confidentiality:
- Meta Platforms — campaign management (Facebook/Instagram Ads);
- Shopify — reading order data for profitability;
- Google (future) — Google Ads / Drive;
- Supabase — database and authentication;
- The current hosting provider — hosting;
- Anthropic, Google — artificial intelligence features;
- Stripe (future) — payment processing (we do not store card data).
We do not sell or rent your personal data. You can request the updated list of providers at the contact address.
6. International transfers
Some providers may process data outside the European Economic Area (e.g. the USA). In such cases, the transfer is carried out under appropriate safeguards, in particular the European Commission's Standard Contractual Clauses (Art. 46 GDPR) or equivalent mechanisms.
7. How long we keep data
- Security / anti-fraud: technical identifiers, up to ~13 months.
- Account and contractual relationship: for the lifetime of the account, then blocked until the limitation periods expire (generally 5 years; 6 years for accounting documents).
- Connection tokens: until you disconnect the platform or delete the account — then deleted.
- AI inputs (images/audio): deleted immediately/shortly after the result is generated; results remain for as long as you have a relationship with us or until you delete them. AI sub-processors retain data for at most the period needed to deliver the service.
- Marketing communications: until you unsubscribe or object.
- Legal obligations: for the period required by law.
8. Security
We use encryption in transit (SSL/HTTPS) and at rest, access control, per-account data isolation, and we never expose access tokens in the interface or in logs.
9. Your rights (GDPR)
You have the right to: information, access, rectification, erasure (“the right to be forgotten”), restriction, portability, objection, withdrawal of consent, and the right not to be subject to automated decision-making with significant effects. You can exercise them by writing to contact@optimads.ai. We may ask you to verify your identity before acting on the request.
Note: deleting data from your account does not automatically delete it from the platforms that authenticate your identity (e.g. Google) — for those, contact that platform directly.
Deleting data obtained through Facebook/Meta: you can remove your connection token and associated accounts at any time, either from the app (Settings → Connections → Disconnect Meta) or by removing the Optimads app from your Facebook settings (Apps and Websites) — in which case Facebook notifies us automatically and we delete the data. Details and steps: Data Deletion page.
10. Complaints
You can lodge a complaint with us or with the supervisory authority — in Romania, ANSPDCP (the National Supervisory Authority for Personal Data Processing), dataprotection.ro.
11. Keeping data up to date
Please notify us of any change to your data, so that the information in our systems remains correct and current. You declare that the data provided is accurate and true.
12. Cookies
We use only strictly necessary cookies / local storage for authentication and platform functionality. We do not use third-party advertising cookies in the Platform.
13. Changes
We may update this policy. The current version is always available at this address, with the date of the last update.
14. Contact
FLAMINGO INDUSTRY SRL — contact@optimads.ai
© 2026 FLAMINGO INDUSTRY SRL. All rights reserved. · Terms & Conditions