← Back to home

Privacy Policy

SIA “Advento.pro” · Registration No. 40203689734 · Latvia

Last updated: March 2026

Who we are

Advento.pro is operated by SIA “Advento.pro”, a company registered under the laws of Latvia with registration number 40203689734, registered address at Jēkabpils nov., Viesīte, Brīvības iela 6 – 7, LV‑5237 (“we”, “us”, “our”).

We are the data controller for personal data processed through this website. You can reach us at [email protected] for any privacy-related questions.

---

What data we collect and why

When you visit the website

We collect standard server log data when you load any page: IP address, browser type, referring URL, pages visited, and timestamps. This data is used to maintain site security and diagnose technical issues. We do not use third-party analytics or advertising trackers on the marketing pages.

Legal basis: Legitimate interest in maintaining site security and performance.

When you use the free Ad Account Analyzer

If you choose to connect your Meta (Facebook) ad account through our analyzer tool, we collect and process the following:

From Meta OAuth:

• Your Meta user ID and name
• Your email address (as provided by Meta)
• A long-lived access token for your Meta ad account

From your ad account (read-only):

• Campaign data (names, statuses, objectives, budgets)
• Ad set data (targeting, optimization settings, scheduling)
• Ad data (creative details, statuses)
• Performance insights for the last 30 days (impressions, clicks, spend, conversions, and related metrics)

How we use this data:

• Your ad account data is sent to Anthropic’s Claude API to generate the analysis report. Anthropic processes this data under their API terms, which state that API inputs are not used to train their models.
• The raw Meta data and the generated analysis are stored in our database so you can return to view your results.
• Your Meta access token is encrypted at rest using AES-256-GCM encryption before storage. Each token is encrypted with a unique initialization vector.

What we do NOT do:

• We never modify, create, or delete anything in your ad account. Access is strictly read-only.
• We do not use your ad account data for any purpose other than generating your analysis.
• We do not share your ad account data with anyone other than Anthropic’s API for the purpose of generating the analysis.
• We do not sell your data.

Legal basis: Your explicit consent, given when you authorize the Meta OAuth connection.

When you book a call

Our “Book a Call” buttons link to Google Calendar Appointments, a third-party scheduling service operated by Google. When you book a call, your data (name, email, and any information you provide in the booking form) is collected and processed by Google under their own privacy policy. We receive this data from Google to conduct the scheduled call.

Legal basis: Your explicit action of submitting the booking form; performance of a contract (pre-contractual steps).

---

Cookies and session data

We use a single essential session cookie to maintain your authenticated state when using the Ad Account Analyzer. This cookie:

• Is HTTP-only (not accessible to JavaScript)
• Expires after 24 hours
• Contains only a session identifier
• Is required for the analyzer to function

We do not use advertising cookies, tracking cookies, or any third-party cookies for analytics or marketing purposes.

---

Where your data is stored

• Database: Neon PostgreSQL (cloud-hosted). Your account data, encrypted access tokens, session records, and analysis results are stored here.
• AI processing: Your ad account data is transmitted to Anthropic’s Claude API (hosted in the United States) for analysis generation. Anthropic processes API data under their data processing terms and does not retain inputs after processing.
• Rate limiting: We store rate limit counters (user ID and request timestamps) to enforce fair usage of the analyzer (5 analyses per hour per user).

---

Data retention

---

Data deletion

You have the right to request deletion of all personal data we hold about you. When you request deletion, we permanently remove:

• Your user profile (Meta user ID, name, email)
• Your encrypted Meta access token
• All analysis reports and associated raw ad account data
• All session records
• All rate limit records

This deletion is cascading — removing your user account automatically removes all associated data from our database.

How to request data deletion

Option 1 — Email us: Send an email to [email protected] from the email address associated with your Meta account. Include “Data Deletion Request” in the subject line. We will process your request and confirm deletion within 30 days.

Option 2 — Revoke access via Meta: Go to your Meta Business Integrations settings, find “Advento.pro Analyzer”, and click “Remove”. This revokes our access to your ad account data. To also delete data already stored on our servers, follow up with an email to [email protected].

Confirmation: After processing your deletion request, we will send a confirmation email to the address associated with your account. If you do not receive confirmation within 30 days, please contact us again.

---

Your rights under GDPR

As a data subject under the General Data Protection Regulation, you have the following rights:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Erasure: Request deletion of your personal data. When we delete your user record, all associated sessions, analyses, and rate limit data are automatically deleted.
• Restriction: Request that we restrict processing of your personal data.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Withdraw consent: You may withdraw your consent for Meta OAuth data processing at any time. You can also revoke Advento.pro’s access to your Meta account directly through your Meta Business Settings.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija, www.dvi.gov.lv) or with the supervisory authority in your country of residence.

---

Data security

We implement the following security measures:

• Meta access tokens are encrypted at rest using AES-256-GCM with unique initialization vectors per token.
• Sessions use HTTP-only cookies that are not accessible to client-side scripts.
• Database access is restricted and connection credentials are managed through environment variables.
• The analyzer enforces rate limiting to prevent abuse (5 analyses per hour per user).
• All data in transit is encrypted via HTTPS/TLS.

---

Third-party services

---

International data transfers

Your data may be transferred to and processed in countries outside the European Economic Area, specifically the United States (for Anthropic API processing and Neon database hosting). These transfers are conducted in compliance with GDPR Chapter V, relying on Standard Contractual Clauses or the service providers’ adherence to recognized data protection frameworks.

---

Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. If we make material changes to how we process your personal data, we will update this page accordingly.

---

Contact

For any questions about this privacy policy or your personal data: