Privacy Policy

Last updated: March 9, 2026

Overseer ("we," "us," or "our") operates the overseerads.com website and the Overseer platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, company name, and billing information.
• API Credentials: To connect your ad platform accounts (TikTok, Meta, Snapchat, X), you provide access tokens and account identifiers. These are encrypted at rest and in transit using AES-256 and TLS 1.2+.
• Creative Assets: You may upload or provide access to images, videos, and ad copy for processing through our Service. We process these assets solely to fulfill your requests.
• Communications: When you contact us, we retain your email address and message content to respond and improve our Service.

1.2 Information Collected Automatically

• Usage Data: API call logs, request timestamps, response codes, and platform interactions for debugging and service improvement.
• Device and Browser Data: IP address, browser type, operating system, and referring URL when you access our website.
• Cookies: We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service, including processing ad creatives and managing campaigns on your behalf.
• Authenticate your identity and authorize access to connected ad platform accounts.
• Monitor usage for billing, rate limiting, and capacity planning.
• Detect, prevent, and address technical issues, abuse, or security incidents.
• Communicate with you about service updates, security alerts, and support inquiries.
• Comply with legal obligations and enforce our agreements.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• Ad Platforms: We transmit your creative assets and campaign data to TikTok, Meta, Snapchat, and X as necessary to fulfill your publishing requests. Each platform's own privacy policy governs their use of that data.
• Infrastructure Providers: We use AWS for hosting, credential storage (AWS Secrets Manager), and compute. Data is processed in accordance with AWS's data processing agreement.
• Authentication Provider: We use Clerk for authentication and identity management. Clerk processes your login credentials under their privacy policy.
• Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• API credentials and access tokens are stored in AWS Secrets Manager with strict IAM access controls.
• We enforce role-based access control and maintain audit logs for all credential access.
• We conduct regular security reviews and dependency audits.
• Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Account Data: Retained for the duration of your account plus 30 days after deletion request.
• Creative Assets: Processed transiently. We do not permanently store your creative assets after they have been successfully deployed to the target platforms, unless you explicitly configure asset storage.
• Usage Logs: Retained for up to 90 days for debugging and billing purposes, then aggregated or deleted.
• API Credentials: Deleted immediately upon account termination or when you revoke platform access.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request deletion of your personal data, subject to legal retention requirements.
• Object to or restrict processing of your personal data.
• Request data portability (receive your data in a structured, machine-readable format).
• Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@overseerads.com. We will respond within 30 days.

7. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) and other legally approved mechanisms to ensure adequate protection for international transfers.

8. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we will provide additional notice via email or a prominent notice on our Service.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@overseerads.com
• General inquiries: contact@overseerads.com