Privacy Policy

Last updated: April 2026

1. Introduction

This Privacy Policy describes how AdsSarthi (operated by Webfluence Marketing Solutions, a company registered in India) collects, processes, stores, and shares personal data of users of the AdsSarthi platform, including its web dashboard, APIs, and WhatsApp assistant. We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and comply with the Information Technology Act, 2000 and its related rules.

2. Data We Collect

• Account data: name, email, mobile number, password hash, company name, GSTIN (if supplied), billing address.
• Ad platform tokens: OAuth refresh tokens and scoped access tokens for Google Ads, Meta Ads, Flipkart Ads, Amazon Ads India, and LinkedIn Ads, encrypted at rest using AES-256-GCM.
• Campaign performance data: impressions, clicks, spend (in INR), conversions, auction insights, keyword lists, creatives, and audience segments pulled on your behalf from connected ad accounts.
• WhatsApp messages: inbound and outbound messages you exchange with the AdsSarthi WhatsApp assistant, retained for service continuity.
• Offline conversion GCLIDs/FBCLIDs: click identifiers you upload for offline conversion tracking (phone leads, showroom walk-ins).
• Usage telemetry: pages viewed, features used, IP address, browser fingerprint, device type — collected via PostHog only with your cookie consent.

3. How We Use Your Data

• Operating the autonomous optimization engine that scans your connected ad accounts every 15 minutes to surface recommendations.
• Generating AI-powered ad creatives using Anthropic Claude based on briefs you submit.
• Sending WhatsApp performance digests at 8 AM IST daily and festival budget alerts 3 days in advance.
• Producing GST-compliant invoices (CGST/SGST/IGST) for your account and your agency's clients.
• Applying changes to your Meta/Google/Flipkart/Amazon ad accounts only when you explicitly click "Approve & apply" on a recommendation card.

4. Meta (Facebook/Instagram) Data Specifically

When you connect a Meta ad account via Facebook Login, AdsSarthi requests the following Meta permissions:

• ads_read — read campaign, ad set, and ad performance data
• ads_management — write back optimizations you approve (pause ad sets, adjust budgets, create ads from AI creatives)
• business_management — list your ad accounts and Facebook Pages across Business Manager portfolios
• read_insights — read historical insights for dashboards and fatigue detection

Meta data is stored in our multi-tenant PostgreSQL database with tenant isolation at the agencyId level, encrypted at rest, and retained for 24 months after you disconnect the ad account. We never sell or share your Meta data with third parties.

4A. Google API Services & OAuth Scopes

Data Controller: AdsSarthi by Webfluence Marketing Solutions, contact hello@webfluence.in.

When you connect a Google account via Google Sign-In or the Google Ads / Search Console integrations, AdsSarthi requests the following OAuth scopes and uses the data only for the stated purposes:

• https://www.googleapis.com/auth/adwords — We access your Google Ads accounts to manage campaigns, fetch performance metrics, apply optimizations on your behalf, and read auction insights.
• https://www.googleapis.com/auth/webmasters.readonly — We read Google Search Console data including search queries, click counts, impressions, and ranking positions for SEO analysis.
• https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile — Identity for account creation.

Data Retention (Google data)

• Account data: until account deletion.
• Aggregated metrics: 24 months.
• Performance logs: 90 days.

Data Sharing

We do not sell or share your Google Ads or Search Console data with third parties. Anthropic (Claude API) processes campaign data to generate AI recommendations under their data processing agreement.

Your Rights & Account / Data Deletion

You can request data deletion at hello@webfluence.in or via in-app account → delete. The full mechanism is documented at https://adssarthi.com/legal/data-deletion.html.

Google API Services User Data Policy — Limited Use

AdsSarthi's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4B. Meta Platform Permissions & WhatsApp Data

When you connect a Meta (Facebook/Instagram/WhatsApp Business) account, AdsSarthi requests the following Meta permissions and uses each only as described:

• ads_management — apply campaign / ad set / ad changes you approve.
• ads_read — read campaign & ad performance data.
• business_management — list ad accounts and Pages across your Business Manager portfolios.
• whatsapp_business_management — manage WhatsApp Business templates and phone numbers you connect.
• whatsapp_business_messaging — send and receive WhatsApp messages with end users who initiate contact, for the AdsSarthi WhatsApp assistant.
• public_profile — basic profile (name, ID) for account linking.
• read_insights — read historical insights for dashboards and ad-fatigue detection.

WhatsApp Message Storage

We store WhatsApp transcripts (inbound and outbound messages between you, your end users, and the AdsSarthi assistant) for 90 days to provide AI agent context and conversation continuity. After 90 days, transcripts are permanently deleted from primary storage. Aggregated, anonymized message-volume counters may be retained longer for billing and abuse prevention.

Page-Specific Data

AdsSarthi does not read Facebook Page posts, Page comments, Page inbox, or Page follower lists. We access only ad-related data via the permissions above.

Meta Data Sharing & Retention

Meta data is stored in our multi-tenant PostgreSQL database with tenant isolation, encrypted at rest with AES-256-GCM, and retained for 24 months after you disconnect the ad account. We never sell or share your Meta data with third parties. You can delete Meta data at any time via https://adssarthi.com/legal/data-deletion.html.

5. Sharing With Third Parties

We share data with the following service providers strictly to operate AdsSarthi:

• Ad platforms — Google, Meta, Amazon, Flipkart, LinkedIn — only the optimizations you approve.
• Razorpay (payments) — invoice and subscription metadata. PCI DSS Level 1 compliant.
• Anthropic (Claude API) — prompts generated from anonymized campaign metadata for AI recommendations and creative generation. We have a Data Processing Agreement and enterprise DPA in place.
• PostHog — product analytics (with cookie consent only).
• Sentry — error monitoring (PII scrubbed before transmission).

6. International Data Transfers

Anthropic (Claude API), Sentry, and PostHog may process data on servers located in the United States. Transfers are covered by Standard Contractual Clauses and, for EU/UK data, UK IDTAs. Indian personal data is not transferred to any country restricted under Section 16 of the DPDP Act.

7. Your Rights Under the DPDP Act

• Right to access: export all your data at /dashboard/privacy
• Right to correction: edit your profile at /dashboard/settings
• Right to erasure: delete your account at /dashboard/privacy — 7-day grace period then cascading deletion
• Right to nominate: nominate another person to exercise your rights on your behalf — contact us at dpo@adssarthi.com
• Right to grievance redressal: file a grievance with our Data Protection Officer (see Section 10)

8. Data Retention

Account data is retained for the life of your subscription plus 24 months for legal hold (GST records must be retained for 72 months per Indian tax law — only aggregated billing data is kept that long). Ad campaign data is deleted when you disconnect the ad account or delete your account, whichever is sooner.

9. Security

AES-256-GCM encryption at rest for tokens and sensitive fields. TLS 1.3 in transit. Role-based access controls. SOC 2 Type II audit in progress (target: Q3 2026). All employee access is logged and reviewed monthly.

10. Data Protection Officer

For any privacy concerns, rights requests, or grievances:

• Name: Rohtash Tiwari
• Email: dpo@adssarthi.com (respond within 72 hours)
• Address: Webfluence Marketing Solutions, India (full address on request)

If we fail to resolve your grievance, you may escalate to the Data Protection Board of India (once operational per DPDP Act Section 18).

11. Changes to This Policy

We will notify you via email and WhatsApp at least 15 days before material changes take effect. Immaterial changes (typos, clarifications) may be published without notice.

12. Contact

General inquiries: hello@webfluence.in