Privacy Policy - app - ibd-ventures.com

Effective Date: April 16, 2026

Last Updated: April 16, 2026

Version 1.0

Welcome to our creative app (the “Application,” “App,” “Service,” or “Platform”), an AI-powered advertising creative generation tool developed and operated by IBD Ventures LLC (“we,” “us,” “our,” or the “Company”). This Privacy Policy (“Policy”) describes in detail how we collect, use, disclose, store, protect, and otherwise process your personal information when you access or use our Application, including our integrations with Meta Platforms, Inc. (“Meta”), its APIs, products, and affiliated services (collectively, “Meta Services”).

This Policy applies to all users of the Application, including visitors to our website, registered account holders, paying subscribers, and developers integrating with our platform (collectively, “you,” “your,” or “User”). By accessing or using the Application, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree with any part of this Policy, please discontinue your use of the Application immediately.

IMPORTANT NOTICE REGARDING META PLATFORM INTEGRATION: This Application integrates with the Meta Marketing API, Meta Graph API, and other Meta developer tools to enable advertising creative generation and campaign management on Meta platforms (including Facebook, Instagram, and the Meta Audience Network). As a result of this integration, certain data you provide may be processed by Meta’s systems in accordance with Meta’s own Privacy Policy and Data Use Policy. We strongly encourage you to review Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/ and Meta’s Platform Terms at https://developers.facebook.com/terms/ to understand how Meta processes data independently of this Application.

TABLE OF CONTENTS

1. Definitions and Interpretation

2. Information We Collect

3. How We Use Your Information

4. Meta API Integration and Data Sharing

5. Legal Bases for Processing (GDPR)

6. Data Sharing and Disclosure

7. Cookies and Tracking Technologies

8. Data Retention

9. Data Security

10. Your Privacy Rights

11. Children’s Privacy

12. International Data Transfers

13. Third-Party Services and Links

14. AI-Generated Content and Data

15. Advertising and Marketing

16. Business Transfers

17. Changes to This Privacy Policy

18. California Privacy Rights (CCPA / CPRA)

19. European Privacy Rights (GDPR / UK GDPR)

20. Contact Information and Data Controller Details

1. DEFINITIONS AND INTERPRETATION

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:

“Ad Creative” means any visual, textual, audio, video, or multimedia content generated, edited, or managed through the Application for use in advertising campaigns.
“Meta API” means the collection of application programming interfaces provided by Meta Platforms, Inc., including but not limited to the Meta Marketing API, the Graph API, the Ads Insights API, and any other Meta developer tools utilized by the Application.
“Personal Data” or “Personal Information” means any information that relates to an identified or identifiable natural person, including but not limited to name, email address, IP address, device identifiers, advertising identifiers, and behavioral or usage data.
“Processing” means any operation or set of operations performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
“Data Controller” means IBD Ventures LLC, which determines the purposes and means of processing your Personal Data.
“Data Processor” means a third party that processes Personal Data on behalf of the Data Controller, including cloud service providers, analytics vendors, and Meta Platforms, Inc. in certain processing contexts.
“Consent” means any freely given, specific, informed, and unambiguous indication of a Data Subject’s agreement to the processing of their Personal Data.
“GDPR” means the General Data Protection Regulation (EU) 2016/679, as it has effect in EU law.
“UK GDPR” means the GDPR as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of the European Union (Withdrawal) Act 2018.
“CCPA” and “CPRA” means the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020, as amended.
“Meta Platform Data” means any data received from Meta through the Meta API, including advertising account data, audience data, campaign performance metrics, and user interaction data on Meta platforms.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect information that you voluntarily provide when you create an account, use the Application, or communicate with us, including:

2.1.1 Account Registration Information

Full name and display name
Email address and password (stored in encrypted form)
Business name, organization, or agency affiliation
Billing address, country, and tax identification numbers (where applicable)
Phone number (optional, used for two-factor authentication and account recovery)
Profile photograph or avatar (optional)

2.1.2 Payment and Financial Information

The Application offers a free tier as well as paid plans and subscriptions. When you upgrade to a paid plan, payment processing is handled by our third-party payment processor (such as Stripe, Inc.). We do not store full credit card numbers. We may retain:

Last four digits of payment card
Card expiry date
Billing address
Transaction history and subscription status
Payment processor transaction IDs and references

2.1.3 Meta Account and Advertising Data

When you connect your Meta account(s) to the Application, we collect and process the following data obtained through the Meta API with your explicit authorization:

Meta User ID and Business Manager ID
Meta Ads Account IDs and associated permissions
Facebook Pages and Instagram account identifiers you manage
Access tokens (stored securely and used solely to interact with Meta APIs on your behalf)
Advertising campaign data, including campaign names, objectives, budgets, and scheduling
Ad set configurations, including audience targeting parameters and placements
Creative assets uploaded to or retrieved from Meta’s Ads Manager
Performance metrics, including reach, impressions, clicks, conversions, and cost data
Custom Audiences and Lookalike Audiences data (identifiers only; we do not store underlying customer lists)
Pixel data and conversion event configurations (event names and metadata only)
Catalog and product feed identifiers used in dynamic ads

2.1.4 Creative Content You Upload

Images, graphics, logos, and brand assets you upload for ad creative generation
Text, headlines, descriptions, and call-to-action copy you input
Brand guidelines, color palettes, font preferences, and style specifications
Video and audio files uploaded for multimedia ad creatives
Product descriptions, URLs, and metadata used in ad generation workflows

2.2 Information We Collect Automatically

When you access or use the Application, we automatically collect certain technical and behavioral information:

2.2.1 Device and Technical Information

IP address and geolocation data derived from IP address (country, region, city)
Device type, operating system, and version
Browser type, version, and language settings
Screen resolution and device hardware identifiers
Network information, including ISP and connection type

2.2.2 Usage and Interaction Data

Pages and screens visited within the Application and time spent on each
Features accessed, buttons clicked, and actions taken
Ad creatives generated, modified, saved, exported, and published
Search queries and filters applied within the Application
Error messages, crashes, and performance issues encountered
Session start and end times, session duration, and frequency of use
Referral URLs and sources from which you arrived at the Application

2.2.3 Log Data

Our servers automatically record log data whenever you use the Application, including:

Date and time of each request
API endpoints accessed and HTTP response codes
Data volume transmitted
Diagnostic information for debugging and security purposes

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

Meta Platforms, Inc.: Public profile information and advertising account data accessible through the Meta API
Authentication providers: If you sign in using Google Sign-In, we receive your name, email, and profile image from Google
Payment processors: Transaction status, fraud flags, and billing confirmations
Analytics providers: Aggregated and anonymized behavioral insights
Marketing and advertising partners: Lead generation data if you engage with our promotional campaigns on third-party platforms
Business partners and resellers: Account provisioning information if you access the Application through a partner arrangement

3. HOW WE USE YOUR INFORMATION

3.1 Provision and Operation of the Service

We use your information primarily to operate and improve the Application, including:

Creating and managing your account and authenticating your identity
Processing your requests to generate, preview, edit, and publish ad creatives
Executing API calls to Meta on your behalf when you authorize us to do so
Storing your creative assets, templates, and campaign configurations
Processing subscription and plan payments and managing billing records
Providing customer support and responding to your inquiries
Sending transactional emails (account confirmations, password resets, billing receipts)

3.2 AI and Machine Learning Features

The Application uses artificial intelligence and machine learning to provide its core functionality. Specifically:

Your uploaded assets, text inputs, and brand preferences are used as inputs to AI models that generate ad creative variations
Usage patterns and creative performance data may be used to improve AI model suggestions and recommendations within your account
We may use aggregated and anonymized data across users to train and improve our AI models. We will NOT use your personally identifiable information or your Meta Platform Data to train models shared across users without your explicit, opt-in consent
AI-generated outputs are not reviewed by human employees unless you report a specific issue or submit a support request

3.3 Analytics and Product Improvement

Analyzing usage patterns to understand how the Application is used and identify areas for improvement
Diagnosing technical problems, bugs, and performance issues
Conducting A/B testing and user experience research
Generating aggregated, non-identifiable statistical reports about our user base
Monitoring service uptime, performance, and security

3.4 Communications and Marketing

Sending you service announcements, product updates, and security alerts
Sending you marketing communications about new features, promotions, and industry insights, where you have opted in or where permitted by applicable law
Personalizing in-app messages and recommendations based on your usage
Conducting user research surveys and feedback collection (participation is voluntary)

3.5 Legal and Compliance Purposes

Complying with applicable laws, regulations, and legal obligations
Responding to lawful requests from courts, regulators, and law enforcement authorities
Enforcing our Terms of Service and other agreements
Detecting, preventing, and investigating fraud, abuse, and security incidents
Protecting the rights, property, and safety of the Company, our users, and the public

4. META API INTEGRATION AND DATA SHARING

4.1 Scope of Meta API Usage

Our app is built on top of the Meta Marketing API and related Meta developer tools. Our use of Meta APIs is subject to Meta’s Platform Terms (https://developers.facebook.com/terms/), Meta’s Developer Policies, and Meta’s Data Use Policy. We access only the Meta API permissions and data necessary to provide the features of the Application that you actively use.

4.2 Permissions We Request

When you connect your Meta account, you will be prompted to grant us specific Meta permissions. The permissions we may request include:

ads_management: Required to create, read, update, and publish ad creatives and campaigns on your behalf.
ads_read: Required to retrieve performance metrics, existing campaigns, ad sets, and creatives.
business_management: Required to access your Meta Business Manager, including business assets, pages, and ad accounts.
pages_read_engagement: Required to retrieve information about Facebook Pages you administer for use in ad creative generation.
instagram_basic: Required to retrieve Instagram account information associated with your Meta Business Manager.
public_profile and email: Required for account authentication and linking your Meta identity to your Application account.

We will clearly disclose the scope and purpose of each permission at the time of authorization. You may revoke these permissions at any time through your Meta account settings at https://www.facebook.com/settings?tab=business_tools, although doing so will limit or disable certain Application features.

4.3 Restrictions on Meta Platform Data

We adhere strictly to Meta’s Platform Terms and our obligations as a Meta developer. In particular:

We do not sell, transfer, or share Meta Platform Data with third-party data brokers or advertising networks
We do not use Meta Platform Data to build or augment user profiles for purposes unrelated to the Service
We do not use Meta Platform Data for targeting advertisements on non-Meta platforms
We do not use Meta Platform Data to make decisions about employment, credit, insurance, or other sensitive determinations
We do not combine Meta Platform Data with data from other sources except as necessary to provide the Service
Meta Platform Data obtained through the API is used exclusively to provide, personalize, and improve the Application for you
We store access tokens in encrypted form and revoke and delete them when you disconnect your Meta account

4.4 Meta’s Independent Data Processing

Meta processes your data independently of our Application in accordance with its own Privacy Policy. When you use Meta platforms (Facebook, Instagram, Audience Network) in connection with advertising campaigns you create through our Application, Meta’s data collection and processing practices apply to those interactions. We do not control Meta’s data practices and encourage you to review Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/.

4.5 Meta Business Tools

If our Application uses the Meta Pixel, Conversion API, or other Meta Business Tools in our own marketing or analytics, this data is governed by our agreements with Meta and is subject to Meta’s data processing terms. We use these tools only in accordance with applicable law and with appropriate disclosures to affected users.

5. LEGAL BASES FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we are required under the GDPR or UK GDPR to identify the legal basis for each of our processing activities. Our legal bases are:

Contractual Necessity (Article 6(1)(b) GDPR): We process account registration data, payment data, and operational data because it is necessary to perform our contract with you (i.e., to provide the Application and its features).
Legitimate Interests (Article 6(1)(f) GDPR): We process usage and analytics data, security and fraud prevention data, and communications data based on our legitimate interests in operating and improving a safe, effective Service, provided these interests are not overridden by your rights and interests.
Consent (Article 6(1)(a) GDPR): We process data for marketing communications, AI model training involving your data, and non-essential cookies based on your freely given, specific, informed consent. You may withdraw consent at any time.
Legal Obligation (Article 6(1)(c) GDPR): We may process your data where necessary to comply with a legal obligation, such as tax reporting requirements or responding to lawful court orders.

For Special Categories of Personal Data (Article 9 GDPR), we do not intentionally collect such data. If we become aware that we have collected such data inadvertently, we will delete it promptly unless processing is required or permitted under one of the conditions in Article 9(2).

6. DATA SHARING AND DISCLOSURE

6.1 We Do Not Sell Your Personal Information

We do not sell your personal information to third parties. We do not engage in the sale or sharing of personal information for cross-context behavioral advertising as defined under the CCPA/CPRA, except where you have provided explicit consent.

6.2 Service Providers and Subprocessors

We share personal information with carefully selected third-party service providers who process data on our behalf, under written data processing agreements that require them to protect your data and use it only for specified purposes. These include:

Cloud Infrastructure Providers: Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure for hosting, storage, and computing infrastructure.
Payment Processors: Stripe, Inc. or similar processors for secure payment handling.
Authentication Services: Google Identity Services or similar providers for secure account authentication via Google Sign-In.
Email Service Providers: SendGrid, Mailgun, or similar providers for transactional and marketing email delivery.
Analytics Providers: Mixpanel, Amplitude, or Google Analytics for product usage analytics (in privacy-respecting configurations).
Customer Support Tools: Intercom, Zendesk, or similar platforms for managing support communications.
Error Monitoring Services: Sentry, Datadog, or similar tools for application error tracking.
AI and Machine Learning Providers: Third-party AI model providers (including large language model APIs) used to power creative generation features. Input data sent to these providers is governed by our agreements with them and applicable data minimization practices.

6.3 Meta Platforms, Inc.

We share data with Meta Platforms, Inc. in the course of operating the Meta API integration. This includes transmitting your API access tokens, ad creative assets, campaign configurations, and related data to Meta’s servers as necessary to fulfill your requests to create and manage advertising campaigns. Meta’s processing of this data is governed by Meta’s own policies.

6.4 Legal Disclosures

We may disclose your personal information if required to do so by law or in response to:

Valid legal process, including a court order, subpoena, search warrant, or equivalent legal mechanism
Requests from governmental or regulatory authorities in connection with their official duties
Situations where disclosure is necessary to prevent or detect crime, protect national security, or protect the vital interests of any person
Enforcement of our Terms of Service, including investigation of potential violations

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, bankruptcy, or similar transaction, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice within the Application prior to your data being transferred and becoming subject to a different privacy policy.

6.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for industry research, benchmarking, and other purposes. This data is not considered personal information.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 Types of Cookies We Use

We use cookies and similar tracking technologies (web beacons, pixel tags, local storage objects) to operate and improve the Application. Specifically:

Strictly Necessary Cookies: Essential for the Application to function. These include session cookies, authentication tokens, and security cookies. These cannot be disabled.
Functional Cookies: Enable enhanced functionality such as remembering your preferences, language settings, and recent activity.
Analytics Cookies: Help us understand how users interact with the Application, including pages visited, features used, and errors encountered. This data is used in aggregate form to improve the product.
Marketing and Tracking Cookies: Used to deliver relevant advertising about our own services and to measure the effectiveness of our marketing campaigns. These are only placed with your consent.
Third-Party Cookies: Certain third-party services embedded in the Application (such as support chat widgets or analytics tools) may set their own cookies. Please refer to the respective third-party privacy policies for details.

7.2 Managing Cookies

You can control cookies through:

Our Cookie Preference Center, accessible via the cookie banner or a link in the Application footer
Your browser settings, where you can block or delete cookies (note: blocking essential cookies may impair Application functionality)
Opt-out tools provided by third-party analytics providers (e.g., Google Analytics Opt-out Browser Add-on)

For users in the EEA, UK, and certain US states, we will obtain your consent before placing non-essential cookies.

8. DATA RETENTION

8.1 Retention Periods

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. Our general retention guidelines are:

Account Data: Retained for the duration of your account and for up to 90 days after account deletion to allow for reactivation, followed by secure deletion or anonymization.
Creative Assets: Retained while your account is active and for 30 days following account deletion, after which they are permanently deleted.
Meta API Tokens: Deleted immediately upon account disconnection from Meta or account deletion.
Payment Records: Retained for 7 years to comply with financial record-keeping obligations.
Communication Records: Support communications retained for 3 years; marketing consent records retained for 5 years.
Usage and Analytics Data: Retained in identifiable form for 24 months, after which data is aggregated and anonymized.
Log Data: Retained for 90 days for security and debugging purposes.
Legal Hold Data: Data subject to a legal hold or regulatory investigation may be retained beyond normal retention periods until the matter is resolved.

8.2 Account Deletion

You may request deletion of your account at any time by accessing Account Settings > Delete Account, or by contacting us at [email protected]. Upon deletion, we will initiate the data deletion process described above. Some data may be retained for legal or legitimate business reasons as described in Section 8.1.

9. DATA SECURITY

9.1 Technical and Organizational Measures

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

Encryption in Transit: All data transmitted between your browser/app and our servers is encrypted using TLS 1.2 or higher.
Encryption at Rest: Sensitive data, including access tokens and payment information, is encrypted at rest using AES-256 encryption.
Access Controls: Access to personal data is restricted to employees and contractors who need it to perform their job functions, governed by role-based access control policies.
Authentication: We support and encourage two-factor authentication (2FA) for all user accounts.
Vulnerability Management: We conduct regular security assessments, penetration testing, and code reviews to identify and remediate vulnerabilities.
Incident Response: We maintain a documented data breach response plan and will notify affected users and relevant authorities in accordance with applicable law in the event of a data breach.
Employee Training: Our employees receive regular training on data protection and information security practices.

9.2 Limitations

No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

10. YOUR PRIVACY RIGHTS

10.1 Universal Rights

Regardless of your location, you have the following rights with respect to your personal information:

Right to Access: You may request a copy of the personal information we hold about you.
Right to Correct: You may update or correct inaccurate personal information through your Account Settings or by contacting us.
Right to Delete: You may request deletion of your personal information, subject to our legal obligations and legitimate interests.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Opt Out of Marketing: You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or through your Notification Settings.

10.2 Additional Rights Under GDPR and UK GDPR

If you are in the EEA or UK, you additionally have the right to:

Data Portability: Receive your personal information in a structured, commonly used, machine-readable format and transmit it to another controller
Restriction of Processing: Request that we restrict processing of your data in certain circumstances
Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes
Not be subject to Automated Decision-Making: Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, unless necessary for a contract, authorized by law, or based on explicit consent
Lodge a Complaint: Lodge a complaint with your national data protection supervisory authority

10.3 Exercising Your Rights

To exercise any of your rights, please contact us at [email protected] or through the privacy request portal in your Account Settings. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may require you to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

11. CHILDREN’S PRIVACY

The Application is not intended for, and we do not knowingly collect personal information from, children under the age of 16 (or under 13 in jurisdictions where the minimum age is 13). If you are under the applicable age in your jurisdiction, please do not use the Application or provide any personal information to us.

If we become aware that we have collected personal information from a child without appropriate parental consent, we will take steps to delete such information as promptly as possible. If you believe that we may have collected information from a child, please contact us immediately at [email protected].

12. INTERNATIONAL DATA TRANSFERS

We are headquartered in the USA and our infrastructure may be located in various countries. If you are accessing the Application from outside the USA, your personal information may be transferred to, stored, and processed in countries with different data protection laws than your own.

For transfers of personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we rely on appropriate safeguards, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
The UK International Data Transfer Addendum (IDTA) for transfers from the UK
The EU-U.S. Data Privacy Framework and UK Extension, where applicable

By using the Application, you understand that your information may be transferred to our facilities and to third parties outside your country of residence. We will ensure appropriate safeguards are in place for such transfers.

13. THIRD-PARTY SERVICES AND LINKS

The Application may contain links to third-party websites, services, or integrations (including Meta’s platforms). This Privacy Policy does not apply to the practices of third parties that we do not own or control. We encourage you to review the privacy policies of any third-party services you interact with through or in connection with the Application. We are not responsible for the privacy practices of such third parties.

Certain features of the Application may rely on third-party APIs, embeds, or widgets. When you interact with these features, your data may be transmitted to those third parties. Notable third-party integrations include:

Meta Platforms, Inc. (Facebook, Instagram) — Advertising API integration
Google (Sign-in, Analytics, Fonts)
Stripe (Payments)
Intercom or Zendesk (Customer support)
Cloudflare (CDN and security)

14. AI-GENERATED CONTENT AND DATA

The Application uses artificial intelligence models to generate advertising creative content. Please be aware of the following:

14.1 Input Data

Text, images, and other content you provide as input to AI generation features may be processed by our AI models and/or transmitted to third-party AI service providers. We implement data minimization practices and select providers with strong data protection commitments.

14.2 AI Output

AI-generated content is produced automatically and may not always be accurate, appropriate, or suitable for your intended purpose. You are responsible for reviewing AI-generated creatives before publishing them. We make no warranties regarding the accuracy or fitness for purpose of AI-generated content.

14.3 Model Training

We may use anonymized and aggregated usage data to improve our AI models. We will NOT use your personally identifiable information or your specific creative assets to train publicly shared models without your explicit opt-in consent. You may opt out of any AI model training involving your data by contacting us at [email protected].

15. ADVERTISING AND MARKETING

We may use your contact information and usage data to send you information about our products, features, and promotions. We will only send you marketing communications where we have a lawful basis for doing so (e.g., your consent, or our legitimate interest where permitted by law).

You can opt out of marketing communications at any time by:

Clicking the ‘Unsubscribe’ link in any marketing email
Updating your notification preferences in Account Settings
Contacting us at [email protected]

Please note that even if you opt out of marketing communications, we will continue to send you essential transactional communications related to your account and the Service.

16. BUSINESS TRANSFERS

If the Company is involved in a merger, acquisition, sale of assets, financing, reorganization, or insolvency proceeding, your personal information may be transferred as part of such transaction. We will provide notice to you through the Application and/or by email before your personal information becomes subject to a different privacy policy. The acquiring entity will be required to maintain the same or equivalent protections for your personal information.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated Privacy Policy within the Application with the new Effective Date
Notify you by email at the address associated with your account
Display a prominent notice within the Application for at least 30 days after the update

For material changes that significantly affect your rights, we may seek your renewed consent where required by law. Your continued use of the Application after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

18. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy.

18.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California residents:

Identifiers (name, email, IP address, account IDs)
Commercial information (subscription records, purchase history)
Internet or electronic network activity (usage logs, browsing history within the Application)
Geolocation data (approximate location derived from IP address)
Inferences drawn from other personal information (preferences derived from usage patterns)
Professional or employment-related information (company name, job title, if provided)

18.2 Your California Rights

California residents have the following rights:

Right to Know: To know what personal information we collect, use, disclose, and sell
Right to Delete: To request deletion of personal information we have collected
Right to Correct: To correct inaccurate personal information
Right to Opt-Out of Sale/Sharing: To opt out of the sale or sharing of personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: To limit the use of sensitive personal information to necessary service purposes
Right to Non-Discrimination: Not to receive discriminatory treatment for exercising California privacy rights

18.3 Submitting Requests

California residents may submit privacy requests by emailing [email protected] or using the Request Portal in Account Settings. We will verify your identity before processing requests. Authorized agents may submit requests on your behalf with written authorization.

19. EUROPEAN PRIVACY RIGHTS (GDPR / UK GDPR)

This section applies to individuals in the European Economic Area (EEA) and the United Kingdom and supplements the rest of this Privacy Policy.

19.1 Data Controller

IBD Ventures LLC is the Data Controller for personal data processed through the Application. Our contact details are provided in Section 20.

19.2 Privacy Contact

We have not appointed a Data Protection Officer (DPO), as we are not required to do so under Article 37 GDPR. All data protection and privacy-related inquiries should be directed to our Privacy Team at [email protected]. We are committed to responding to all requests within the timeframes required by applicable law.

19.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may contact the Information Commissioner’s Office (ICO) at: https://ico.org.uk.

19.4 Automated Decision-Making

We may use automated processing to generate ad creative recommendations and to detect fraud. Where such automated processing has a significant legal or similarly significant effect on you, you have the right to request human review, contest the decision, and obtain an explanation. Please contact us at [email protected] to exercise this right.

20. CONTACT INFORMATION AND DATA CONTROLLER DETAILS

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below:

IBD Ventures LLC

Attn: Privacy / Data Protection Team

Address: 30 N Gould St Ste R, Sheridan, Wyoming 82801, United States

Email: [email protected]

Website: https://ibd-ventures.com

For urgent matters involving potential security incidents or data breaches, please use the subject line ‘URGENT: Data Security Incident’ when contacting us by email.

We are committed to resolving privacy concerns promptly. If you are not satisfied with our response, you have the right to lodge a complaint with the appropriate supervisory authority as described in Section 19.3.

This Privacy Policy was last updated on April 16, 2026 and is effective as of that date.