Privacy Policy

Last updated: 13 March 2026

1. Introduction

Adros AI ("Adros", "we", "us", or "our") is operated by Matrix AI Solution(s) Pte. Ltd., a company registered in Singapore (UEN: 202533936E), with its registered address at 22 Sin Ming Lane #06-76 Midview City, Singapore 573969.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore, the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

We collect the following categories of personal data:

Account Information: Name, email address, and authentication credentials when you create an account via email signup or third-party login (including Facebook Login).

Ad Platform Data (Meta/Facebook & Instagram): When you connect your Meta Ads account via OAuth, we access the following data through the Meta Marketing API:

  • Ad account information (account ID, account name, account status)
  • Campaign data (campaign names, objectives, budgets, status)
  • Ad set data (targeting parameters, placements, scheduling)
  • Ad creative data (ad copy, images, videos, headlines, descriptions)
  • Performance metrics (impressions, clicks, spend, conversions, ROAS)
  • Audience insights (demographics, interests, custom audiences)
  • Facebook Page information (page name, page ID) for ad publishing
  • Instagram account information for ad publishing

Ad Platform Data (Google Ads): When you connect your Google Ads account via OAuth, we access campaign data, ad performance metrics, keyword data, and audience information through the Google Ads API.

Usage Data: Information about how you interact with our services, including queries made, features used, session duration, pages visited, and actions taken within the platform.

Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card details. We receive only transaction confirmation, subscription status, and billing history from Stripe.

Technical Data (Automatically Collected): IP address, browser type and version, operating system, device type, screen resolution, referring URL, and cookies for service functionality and analytics.

Communication Data: Any information you provide when contacting our support team, including email correspondence and feedback.

3. Facebook/Meta Permissions We Request

When you connect your Meta (Facebook/Instagram) ad account to Adros, we request the following permissions through Facebook Login and the Meta Marketing API:

  • ads_management — To create, edit, and manage ad campaigns on your behalf
  • ads_read — To read and analyse your ad campaign performance data
  • business_management — To access your business account and associated ad accounts
  • pages_read_engagement — To read your Facebook Page data for ad publishing
  • pages_manage_ads — To publish ads through your Facebook Pages
  • instagram_basic — To access your connected Instagram account for ad publishing
  • instagram_manage_insights — To read Instagram performance metrics
  • email — To identify your account and for communication purposes
  • public_profile — To display your name and profile information within the Adros platform

We only request the minimum permissions necessary to provide our services. You can revoke these permissions at any time through your Facebook Settings > Security and Login > Apps and Websites, or by disconnecting your account within Adros.

Important: We do not post to your Facebook profile or Pages without your explicit instruction. We do not access your personal Facebook messages, friend lists, or non-advertising data. We do not sell your Facebook data to any third party.

4. Google Ads API Permissions & Data Use

When you connect your Google Ads account to Adros, we request access through the Google Ads API to the following data:

  • Campaign Management Data — Campaign names, objectives, budgets, bidding strategies, status, and settings
  • Ad Group & Ad Data — Ad group structure, ad copy, headlines, descriptions, display URLs, and creative assets
  • Keyword Data — Keywords, match types, bids, quality scores, and search term reports
  • Performance Metrics — Impressions, clicks, conversions, cost, CTR, CPC, ROAS, and other performance indicators
  • Audience Data — Audience segments, remarketing lists, and demographic targeting parameters
  • Account Information — Account ID, account name, currency, timezone, and billing status

Google API Services User Data Policy Compliance: Adros's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Limited Use: We limit our use of Google Ads data to providing and improving user-facing features that are prominent in the Adros application. Specifically:

  • We do not transfer or sell Google user data to third parties, advertising platforms, data brokers, or information resellers
  • We do not use Google user data for serving ads, retargeting, personalised advertising, or interest-based advertising
  • We do not use Google user data to determine credit-worthiness or for lending purposes
  • We do not use Google user data for surveillance purposes
  • We do not allow humans to read your Google Ads data unless: (a) you have given explicit consent, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymised for internal operations

You can revoke Adros's access to your Google Ads data at any time by visiting your Google Account Permissions page and removing Adros, or by disconnecting your Google Ads account within the Adros platform.

Important: We do not access your Gmail, Google Drive, Google Calendar, or any other Google services beyond Google Ads. We only request the minimum permissions necessary to manage your advertising campaigns.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI marketing services, including campaign analysis, ad creative generation, and performance optimisation
  • Campaign Management: To analyse your ad campaigns, generate marketing insights, create ad creatives, and deploy campaigns to Meta and Google Ads on your behalf
  • AI Model Improvement: To improve our AI models using anonymised, aggregated data (never individual user data or identifiable Facebook data)
  • Account Management: To process payments, manage your subscription, and authenticate your identity
  • Communication: To communicate with you about your account, service updates, and support requests
  • Legal Compliance: To comply with legal obligations under Singapore law and other applicable regulations
  • Security: To detect, prevent, and address fraud, abuse, and security issues

Facebook Data Use Limitation: We use Facebook data exclusively for providing our advertising management services to you. We do not use Facebook data for purposes unrelated to the services you have requested, and we do not use Facebook data to build independent user profiles for advertising or other purposes outside of our platform.

6. Third-Party Services & Data Sharing

Adros integrates with third-party services to provide our platform. We share data with the following categories of third parties only as necessary to deliver our services:

  • Meta Platforms, Inc. — We send ad campaign data, creatives, and targeting parameters to Meta's Marketing API to create and manage your ad campaigns on Facebook and Instagram
  • Google LLC — We send campaign data to the Google Ads API to manage your Google Ads campaigns
  • AI Model Providers (Anthropic, OpenAI) — We send anonymised campaign data and marketing queries to AI providers for generating insights, ad copy, and strategies. No personally identifiable information or raw Facebook user data is shared with AI providers
  • Stripe, Inc. — We share billing information with Stripe for payment processing
  • Supabase (Database Hosting) — Your account data and campaign data are stored in Supabase-hosted databases with encryption at rest
  • Vercel (Hosting) — Our web application is hosted on Vercel's infrastructure

We do not sell your personal data or Facebook data to any third party. We do not share your data with data brokers, advertisers, or any party not listed above.

OpenClaw Integration: If you choose to use the OpenClaw integration (including the Done-For-You setup), OpenClaw runs on your own infrastructure (VPS or local machine). Adros does not host, manage, or have access to your OpenClaw instance after setup is complete. You are solely responsible for the security and maintenance of your OpenClaw installation.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

  • Account Data: Retained for the duration of your active account, plus 30 days after account deletion
  • Facebook/Meta Ad Data: Campaign performance data is retained for up to 12 months after your last active session to provide historical reporting. Upon account deletion, all Facebook data is deleted within 30 days
  • Google Ads Data: Same retention policy as Facebook/Meta ad data
  • Payment Records: Retained for 7 years as required by Singapore tax and accounting regulations
  • Usage Logs: Retained for up to 90 days for security and debugging purposes
  • AI-Generated Content: Ad creatives and strategies generated for your campaigns are retained for the duration of your account

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

8. Data Deletion

You have the right to request deletion of your personal data at any time. To request data deletion:

Upon receiving your request, we will:

  • Verify your identity to prevent unauthorised deletion
  • Delete your account information, campaign data, and all associated personal data within 30 days
  • Revoke all connected ad platform OAuth tokens (Meta, Google) and delete all cached API data
  • For Google Ads: revoke your Google OAuth token and delete all Google Ads data from our systems. You can also revoke access directly at Google Account Permissions
  • Remove your data from our AI training datasets (if applicable)
  • Send you a confirmation email once deletion is complete

Facebook Data Deletion Callback: If you connected your Facebook account to Adros, you can also initiate data deletion directly from Facebook by removing Adros from your Facebook Settings > Security and Login > Apps and Websites. This will trigger our data deletion callback and we will delete all Facebook data associated with your account within 30 days.

Please note: Data deletion is irreversible. Once your data is deleted, it cannot be recovered. Some data may be retained in encrypted backups for up to 90 days before being permanently purged.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit (TLS 1.2+/SSL) for all data transmissions
  • Encryption at rest for stored data
  • Secure authentication via OAuth 2.0 for ad platform connections
  • Role-based access controls for internal data access
  • Regular security audits and vulnerability assessments
  • Secure token storage — OAuth tokens are encrypted and never exposed to client-side code

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Under Singapore PDPA:

  • Access: Request access to your personal data that we hold
  • Correction: Request correction of inaccurate or incomplete personal data
  • Withdrawal of Consent: Withdraw your consent for the collection, use, or disclosure of your personal data at any time
  • Data Portability: Request a copy of your data in a structured, machine-readable format

Under GDPR (EU/EEA Users):

  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing of your personal data
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Lodge a Complaint: Lodge a complaint with a supervisory authority

Under CCPA (California Users):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at [email protected] or visit our Data Deletion page.

11. International Data Transfers

Your data may be transferred to and processed in countries outside of Singapore, including the United States (where our hosting and AI providers are located). Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Data processing agreements with all third-party service providers
  • Compliance with the PDPA's transfer limitation obligation

12. Cookies & Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential Cookies: Required for authentication, session management, and core service functionality. These cannot be disabled
  • Analytics Cookies: Used to understand how our services are used, including page views, feature usage, and user flows. We use privacy-respecting analytics
  • Preference Cookies: Used to remember your settings and preferences within the platform

You can control cookie settings through your browser preferences. Disabling essential cookies may affect the functionality of our services.

13. Children's Privacy

Adros is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will delete the data.

14. Automated Decision-Making

Adros uses artificial intelligence and automated systems to analyse your ad campaigns, generate marketing insights, create ad creatives, and optimise campaign performance. These automated processes are designed to assist your marketing efforts and do not make decisions that produce legal effects or similarly significant effects on you. You always retain full control over whether to deploy, modify, or reject any AI-generated recommendations.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

16. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Data Protection Officer
Matrix AI Solution(s) Pte. Ltd.
22 Sin Ming Lane #06-76 Midview City, Singapore 573969
Email: [email protected]

For data deletion requests, please visit our Data Deletion page or email [email protected].