Privacy Policy

1. Introduction

MapTheGap.ai ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, services, and applications, including our integration with the Facebook Marketing API (Meta Platform).

This policy applies to all users of our services, including business clients who authorize us to access their Facebook Ads Manager accounts, website visitors, and any individuals whose data may be processed through our advertising optimization services.

By using our services or authorizing access to your Facebook advertising accounts, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Contact information (name, email address, phone number, company name)
• Account credentials when you create an account with us
• Business information provided during onboarding
• Communications and correspondence with our team
• Payment and billing information

2.2 Information from Facebook Marketing API

When you authorize our application to access your Facebook Ads Manager account, we may collect and process the following data through the Facebook Marketing API:

• Ad Account Data: Account ID, account name, account status, currency, timezone, and spending limits
• Campaign Performance Data: Campaign names, objectives, status, budgets, impressions, reach, clicks, click-through rates, conversions, cost per result, and return on ad spend (ROAS)
• Ad Set Information: Targeting parameters, placements, optimization goals, bid strategies, and scheduling
• Ad Creative Data: Ad copy, headlines, descriptions, images, videos, call-to-action buttons, and creative performance metrics
• Audience Data: Custom audience names and sizes (not individual user data), lookalike audience configurations, saved audiences, and demographic targeting parameters
• Conversion Data: Pixel events, conversion values, attribution data, and offline conversion information
• Historical Performance: Historical campaign data for analysis and optimization recommendations
• Page and Business Information: Connected Facebook Pages, Instagram accounts, and business verification status

2.3 Automatically Collected Information

• IP address and approximate geographic location
• Browser type and version
• Device information and operating system
• Pages visited and time spent on our website
• Referring website or source
• Cookies and similar tracking technologies (see Section 8)

3. How We Use Your Information

3.1 Facebook Marketing API Data

We use data obtained through the Facebook Marketing API exclusively for:

• Campaign Analysis: Analyzing your advertising performance to identify optimization opportunities
• Reporting: Generating performance reports and dashboards for your review
• Optimization Recommendations: Providing data-driven recommendations to improve ad performance
• Campaign Management: Creating, modifying, and managing ad campaigns on your behalf (when authorized)
• A/B Testing: Setting up and analyzing split tests to improve conversion rates
• Audience Insights: Understanding audience performance to refine targeting strategies
• Budget Optimization: Recommending budget allocations across campaigns and ad sets

3.2 General Business Purposes

• Providing and improving our services
• Communicating with you about your account and our services
• Processing payments and managing billing
• Responding to inquiries and providing customer support
• Sending service-related notifications and updates
• Analyzing usage patterns to improve our platform
• Complying with legal obligations

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or Facebook advertising data to third parties for their marketing purposes. This includes data obtained through the Facebook Marketing API.

4.2 Limited Sharing

We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors who assist us in operating our business (e.g., cloud hosting, payment processing), subject to confidentiality agreements
• Meta/Facebook: As necessary to use the Facebook Marketing API and comply with Meta Platform Terms
• Legal Requirements: When required by law, court order, or governmental authority
• Business Protection: To protect our rights, privacy, safety, or property, and that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
• With Your Consent: When you have explicitly authorized the sharing

4.3 Aggregated and Anonymized Data

We may use aggregated, anonymized data that cannot identify any individual for research, analytics, and service improvement purposes. This data does not include any personally identifiable information or data that could be traced back to your Facebook advertising accounts.

5. Data Retention

We retain your information for the following periods:

• Active Client Data: For the duration of our business relationship plus 3 years for reporting and compliance purposes
• Facebook API Data: Campaign performance data is retained for 2 years from the date of collection, unless you request earlier deletion
• Contact Information: Until you request removal or 5 years after last interaction
• Financial Records: As required by applicable tax and accounting laws (typically 7 years)
• Website Analytics: 26 months from collection

Upon termination of services or at your request, we will delete or anonymize your Facebook advertising data within 90 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmissions are encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption
• Access Controls: Strict role-based access controls limit data access to authorized personnel only
• Authentication: Multi-factor authentication is required for accessing sensitive systems
• Secure Infrastructure: Our services are hosted on secure, SOC 2 compliant cloud infrastructure
• Regular Audits: We conduct regular security assessments and vulnerability testing
• Employee Training: All team members receive privacy and security training
• Incident Response: We maintain incident response procedures to address potential security breaches

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing reasonable safeguards.

7. Your Rights and Choices

7.1 General Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Rectification: Request correction of inaccurate or incomplete information
• Erasure: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limitation of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis

7.2 Facebook API Access

You may revoke our access to your Facebook advertising accounts at any time by:

• Removing our app from your Facebook Business Settings
• Contacting us directly to request disconnection
• Revoking permissions through your Facebook account settings

Upon revocation, we will stop collecting new data and delete existing Facebook API data within 90 days, unless retention is required for legal compliance.

7.3 European Economic Area (EEA) Residents - GDPR

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal bases for processing include:

• Performance of a contract with you
• Your consent (which may be withdrawn at any time)
• Our legitimate business interests
• Compliance with legal obligations

7.4 California Residents - CCPA/CPRA

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (with certain exceptions)
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use and disclosure of sensitive personal information

To exercise these rights, contact us at [email protected]. We will respond to verifiable requests within 45 days.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
• Marketing Cookies: Used to track visitors across websites for advertising purposes
• Preference Cookies: Remember your settings and preferences

8.2 Third-Party Analytics

We use Google Analytics to analyze website traffic. Google Analytics uses cookies to collect information about your use of our website. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set.

9. Meta Platform Compliance

Our use of the Facebook Marketing API is governed by Meta's Platform Terms and Developer Policies. We commit to:

• Using Facebook data only for the purposes disclosed in this policy and authorized by you
• Not transferring Facebook data to data brokers or selling data obtained through the API
• Implementing appropriate security measures as required by Meta
• Honoring data deletion requests and access revocations promptly
• Not using Facebook data to discriminate against individuals
• Complying with all applicable Meta Platform Terms and policies
• Deleting Facebook Platform data when requested by Meta or upon revocation of access

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with appropriate security provisions
• Certification mechanisms where applicable

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete the information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (for registered users) or prominent notice on our website
• Obtain your consent where required by applicable law

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Data Deletion Requests

To request deletion of your personal data or Facebook advertising data, you can:

• Use our online form: Visit our Data Deletion Request page to submit a request
• Email us: Send a request to [email protected] with the subject line "Data Deletion Request"
• Include your name, email address, and company name associated with the account
• Specify whether you want complete deletion or deletion of specific data types

We will verify your identity and process your request within 30 days. Some data may be retained as required by law or for legitimate business purposes (e.g., fraud prevention, legal claims).

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 5 business days. For urgent matters related to data security, please indicate "URGENT" in your subject line.

15. Summary of Legal Bases for Processing

Related Policies