Privacy Policy for AdFlex

AdFlex is committed to protecting your privacy. This Privacy Policy explains how Novix Inc. (doing business as AdFlex) ("AdFlex," "we," or "us") collects, uses, stores, and shares your personal information when you use our websites, applications, and services (collectively, the "Services").

Novix Inc. is a Delaware limited liability company with its principal business address at 8 The Green, STE B, Dover, DE 19901, USA. For any questions or concerns about this Privacy Policy or your data, you can contact us at privacy@adflex.ai. We currently have not appointed a formal Data Protection Officer; however, we handle privacy inquiries via the above contact email.

Scope: This Privacy Policy applies to all users of AdFlex worldwide, including users in the United States, the Middle East (such as the UAE and KSA), Europe, and elsewhere. By using AdFlex, you acknowledge that your information will be processed as described in this Policy. If you do not agree with our practices, please do not use the Services.

AdFlex is an AI-powered design and marketing automation platform offered as a Software-as-a-Service (SaaS) product. Our Services enable small and medium-sized businesses, startups, and marketing agencies to create ad visuals, generate content (text and images), manage brand assets, simulate product photoshoots, and publish campaigns across social media and advertising channels. AdFlex is intended for use by business and professional users (such as marketers, designers, and business owners), not for personal household use.

No Use by Minors: AdFlex is not intended for children or minors. You must be at least 18 years old to register an account and use our Services. We do not knowingly collect personal information from anyone under the age of 13 (or under 16 in certain jurisdictions where a higher age of consent is required). If we become aware that a child under 13 has provided us with personal data, we will promptly delete that information. Parents or guardians who believe their child may have submitted personal information to us can contact privacy@adflex.ai to request deletion.

We require all users to certify that they are 18 or older during the sign-up process (for example, via a checkbox agreement to our Terms of Service). If we discover an underage user, we will terminate the account and remove associated data in accordance with applicable laws such as COPPA and GDPR.

We collect various types of information from and about users of AdFlex. This includes information you provide directly, information collected automatically about your use of the Services, and information from third parties (such as when you integrate other services or use social login). We limit our collection to what is necessary for the purposes described in this Policy.

Personal Information You Provide

Account Registration: When you sign up for AdFlex, we ask for personal information to create your account. This may include:

• Name (first and last name)
• Email Address (used as your login and for account communication)
• Password (which is encrypted and stored securely – we do not store plaintext passwords)
• Company or Organization Name (if you are registering on behalf of a business)
• Job Title or Role (optional)

If you choose to register or log in using a third-party account (such as Google or Facebook single sign-on), we will receive from that provider certain profile information that you authorize, typically your name, email address, and profile photo. We do not receive or store your third-party account password. Authentication is handled by the third-party provider, and you can revoke AdFlex’s access to your account at any time via your third-party account settings.

Facebook Login (Meta Integration)

If you choose to register or log in using Facebook Login, AdFlex will receive limited profile information from Meta, such as your name, email address, and profile picture.

This information is used strictly for authentication and account creation purposes only.

We only request the minimum permissions required for login (such as public_profile and email).

We do not use this data for advertising, profiling, analytics, or any unrelated purposes.

We do not access or store your Facebook password.

You may revoke AdFlex’s access at any time through your Facebook account settings.

Profile Information: You may optionally provide additional profile details to personalize your account:

• Profile Photo or Avatar
• Bio or Description
• Website URL or Social Media Links (e.g., a link to your LinkedIn or Instagram profile)
• Preferred Language or other preference settings

These details are voluntary and can be added, changed, or removed by you at any time via your account settings.

Contacting Us: If you fill out a contact form on our website, submit an inquiry via email, or engage with our support team, you will provide your contact information (such as name and email) and the content of your message. We will use this information solely to respond to your request and provide support. Similarly, if you sign up for our newsletter or marketing emails, we will collect your email address (and name if provided) to send you updates. You can unsubscribe from marketing communications at any time.

User Content and Uploads: AdFlex allows you to upload or generate content as part of our design and marketing tools. This includes:

• Images and Graphics you upload (which might include logos, product photos, or other visuals: these could potentially contain personal data if, for example, they depict a person).
• Text Content you provide or generate, such as ad copy, headlines, product descriptions, or other marketing text.
• Brand Assets and Brandbook Information: You may store brand information in AdFlex (like your brand name, logos, slogans, color palettes, fonts, and other brand guidelines). This data could include personal or company identifiers (e.g., a slogan with a company name, or an image with a person or trademark).

We treat all content you upload or create as your property (see User Content & Ownership below for more details). You are responsible for ensuring you have the right to use any personal data in the content you provide. We use the content only to provide the Services to you (for example, to generate designs or to include in ads you create). AdFlex will not access or use your uploaded content for any purpose outside the scope of providing and improving our Services, except in an anonymized or aggregated manner as described in this Policy.

Payment Information: If you purchase a paid subscription or other services from AdFlex, you will provide payment details. We use a secure third-party payment processor (such as Stripe) to handle credit card transactions. When you enter your payment information, it is transmitted directly to our payment processor via encrypted connections and is not stored on our servers. The payment processor provides us with:

• Billing Name and Address (for invoicing and record-keeping)
• Partial Card Information (such as the card brand, expiration date, and last four digits of your card number, for reference)
• Transaction details (amount paid, subscription plan, date of transaction)

We do not collect or retain your full credit card number or CVV code. All transactions are processed in accordance with PCI-DSS security standards by the third-party processor. We retain billing records (invoices, payment history) as required for accounting and legal compliance (typically 7 years).

Other Information: You may choose to provide other information to us from time to time. For example, if you participate in a survey, beta test, or provide feedback, we will collect whatever information you choose to provide in that context. We will use such information to improve our products and services and for the purposes explained at the time of collection.

Sensitive Personal Data: We do not intentionally collect any sensitive personal information about you, unless you choose to provide it. This includes data like your social security number or other government IDs, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic or biometric data, health information, or information about your sex life or sexual orientation. We ask that you do not upload or share such sensitive data on AdFlex. In the event we inadvertently receive sensitive data, we will apply special care to protect it and, if not needed for the Service, will delete it.

Like most online services, AdFlex and our third-party partners automatically collect certain information about your device and usage of our Services.

Usage & Device Data: When you use AdFlex, we collect log data and device information, such as:

• IP Address: This can provide a rough geolocation (country or city level). We use IP addresses to detect potential fraud, secure accounts (e.g., by recognizing new device logins), and aggregate usage by region.
• Device and Browser: This includes information about your device type (e.g., PC, smartphone), operating system, browser type and version, screen resolution, and other device identifiers.
• Activity Logs: We record information about your interactions with the platform, such as the features or pages you access, the time and date of your visits, the actions you take (e.g., generating an image, uploading a file, publishing a post), and any errors or crash reports. This data helps us troubleshoot issues and understand how users navigate our app.
• Cookies and Similar Technologies: We use cookies, web beacons, and local storage to collect information about your use of AdFlex. See Cookies and Tracking Technologies below for details.

This automatically collected data is primarily statistical in nature and does not directly identify you. However, it may be associated with your user account ID or email address, thus potentially making it personal data. We treat combined information as personal and protect it accordingly.

Cookies: Cookies are small text files placed on your device to store information. AdFlex uses cookies for several purposes:

• Essential Cookies: These are necessary for the website and application to function. For example, we use session cookies to keep you logged in as you navigate through the site and to protect against fraudulent use of your account. These cookies expire when you log out or shortly after your session ends.
• Preference Cookies: These cookies remember your preferences and settings to enhance your experience. For instance, they may store your chosen language or other customizations so you don’t have to set them every time. These are typically persistent cookies that remain until you delete them or they expire after a set period.
• Analytics Cookies: We use analytics cookies to collect information about how users interact with our Services. This helps us improve performance and design. For example, we might use cookies to count visitors on a page, see how users move around the site, or track what features are most popular. These cookies may be provided by third-party analytics providers (described below) and typically last from a few months up to a year.
• Advertising Cookies/Pixels: On our marketing website (but generally not within the AdFlex app interface), we may use advertising pixels or tags from third parties like Google or Meta (Facebook/Instagram). These trackers help us measure the effectiveness of our ads and show AdFlex promotions to people who have visited our site (a practice known as retargeting). For example, the Google Ads pixel and Facebook Pixel might log that you visited a certain page on our site, which could later result in you seeing an AdFlex advertisement on those platforms.

Third-Party Analytics: We utilize third-party services to better understand usage of AdFlex:

• Google Analytics: We use Google Analytics to collect information on website traffic and usage patterns. Google Analytics may set cookies or use similar identifiers to compile reports for us on user activity. The information Google Analytics collects includes data like your IP address (which is anonymized when possible), browser type, pages visited, and time spent on our site. This data helps us analyze how users find and use our website, so we can improve our content and navigation.
• Other Analytics Tools: We may use additional analytics or monitoring tools (for example, Mixpanel or Segment) to track in-app interactions and feature usage. These tools help us understand user engagement with specific features of the AdFlex platform, so we can improve functionality and user experience.

All analytics data is generally viewed in aggregate form. We do not use it to identify individual users, and any third-party analytics providers are prohibited from using the data for their own purposes. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, and you can refuse or delete cookies as described below.

Cookie Consent and Control: When you first visit our site, you may see a cookie notice or banner (especially if you are in a jurisdiction like the EU/EEA or UK where consent is required for certain cookies). You can manage your cookie preferences through that tool (if available) or by adjusting your browser settings. Most web browsers allow you to refuse new cookies, disable existing cookies, or alert you when new cookies are set. Please note that blocking or deleting cookies may affect the functionality of our Services: for example, you may not be able to stay logged in or some features might not remember your preferences.

“Do Not Track” Signals: Some browsers offer a “Do Not Track” (DNT) setting that lets you signal to websites that you do not want to be tracked. Currently, AdFlex does not respond to DNT signals, because there is no consistent industry standard for compliance. We continue to monitor developments around DNT and Global Privacy Control signals and will revisit our practices if standards emerge. Regardless, you can use the other opt-out options described (browser controls, cookie consent) to manage tracking.

We use personal information collected from and about you for the following purposes:

• Providing the Services: We process your information to create and manage your account, authenticate you when you log in, and operate the core functionality of AdFlex. For example, we use your name and email to identify you in the system, your uploaded content to generate designs or social media posts as instructed by you, and your payment information to process subscription fees. This use is necessary to perform our contract with you (the Terms of Service).
• Maintaining and Improving the Platform: We analyze usage data, crash logs, and feedback to understand how our Services are performing and where improvements are needed. This includes debugging issues, monitoring uptime and security, optimizing our AI algorithms, and developing new features. For instance, if many users encounter an error in a particular workflow, we will investigate using the log data to fix that bug. These processing activities are in our legitimate interest to continually improve our product, and they benefit our user community. We use aggregated and de-identified data for these purposes wherever possible.
• Personalization: We may use the information we know about you and your business to personalize your experience. For example, we store your brandbook details (logo, brand colors, etc.) so that templates and AI-generated designs automatically incorporate your branding. We might also recommend certain templates or features based on your usage history. This makes the service more efficient and tailored to you. This use may be based on our legitimate interest in providing a relevant user experience.
• Communicating with You: We use contact information (primarily your email address) to send you service-related communications:
• Transactional Messages: These include account confirmations, password reset emails, billing receipts, subscription renewal notices, security alerts (such as login notifications), and important updates about the Service (for example, if we update our terms or privacy policy). Such communications are necessary to provide the Services and you cannot opt out of receiving them, because they are not promotional in nature.
• Marketing and Newsletters: With your consent (or as otherwise permitted by applicable law), we may send occasional emails about new features, tutorials, newsletters, or promotions related to AdFlex. For example, we might announce a new AI tool or offer a discount on an upgraded plan. You have the choice to opt out of these marketing communications at any time (see Your Rights & Choices below). We will only send you marketing materials if you have opted in, where required by law, and we will honor your opt-out requests promptly.
• Advertising and Retargeting: AdFlex does not use your personal data to sell advertisements of third-party products, nor do we share your personal information with third-party advertisers for their own marketing. However, we may use your data in a limited way to market our own services. For instance, if you visited our website but did not sign up, we might use a retargeting cookie (like the Facebook Pixel) to later show you an ad reminding you of AdFlex. Or, if you are an existing customer, we might show you new AdFlex features in-app or via email based on your usage. All such activities are performed in compliance with privacy laws (using consent where required), and you can opt out as described under Cookies and in Your Choices.
• Security and Fraud Prevention: We process certain data to protect our platform, our users, and their data. This includes using data like IP addresses, device information, and account activity to detect and prevent fraudulent transactions, bot abuse, unauthorized access, hacking attempts, or other misuse of the Services. For example, we might flag an account for review if we notice login attempts from different countries in a short time span, or unusually high usage that could indicate a compromised account. We also may use automated tools to screen for violations of our Acceptable Use Policy (such as scanning content for malware or illegal material). These activities are a combination of fulfilling legal obligations and pursuing our legitimate interest in keeping AdFlex secure.
• Legal Compliance: We retain and may use personal information as necessary to comply with our legal obligations. For instance, we keep transaction records to satisfy financial regulations and tax laws. We might also use or disclose information if we receive a lawful request from authorities. Additionally, if you are in a jurisdiction like the EU, we may process certain data to comply with local laws (for example, maintaining a record of consent, or age screening to comply with youth protection laws).
• Aggregated and Anonymized Insights: We may transform personal data into an aggregated or anonymized format for research and development purposes. For example, we might compile statistics like "the average number of campaigns created per user per month" or "the percentage of users in a region who use a certain feature." These insights do not identify any individual user or company. We use this non-identifying information to understand trends, improve our marketing, and in some cases, share general performance metrics (for instance, in investor updates or marketing materials, we might say "AdFlex served X number of campaigns last year" without revealing any user specifics). Importantly, any aggregated data shared externally will not contain anything that can be linked back to you.
• AI Model Training and Improvement: AdFlex may use data and content you provide to improve our underlying AI algorithms and features. When we do so, we take steps to anonymize or aggregate the data so that it is not associated with your account or identity. For example, if our AI image generator is trained or fine-tuned, it might learn from patterns in user-provided images or design edits, but it will not retain or expose your specific images or personal details. Improving our AI helps us deliver more accurate and useful results for you and all users. We do not use any sensitive personal data for AI training without explicit consent, and we do not use your content in public facing datasets or case studies without permission.

Legal Bases for Processing (for Users in the EU/EEA, UK, and similar jurisdictions): If you are located in regions with data protection laws like the GDPR, we process your personal information under the following legal grounds:

• Contract: Most of our processing is to provide you with the Services under our Terms of Service (Article 6(1)(b) GDPR). For example, we need to process your account info, content, and payment details to deliver the features you've signed up for.
• Legitimate Interests: We rely on legitimate interests (Article 6(1)(f) GDPR) to process data in ways that users would reasonably expect and that have minimal privacy impact, such as improving the service, ensuring security, and doing analytics. We always consider your rights and will not process on this basis if our interests are overridden by your interests or fundamental rights.
• Consent: In certain cases, we ask for your consent (Article 6(1)(a) GDPR), for example before sending marketing emails or setting non-essential cookies. Where we rely on consent, you have the right to withdraw it at any time (which will not affect the lawfulness of processing before withdrawal).
• Legal Obligation: Sometimes we must process data to comply with a law (Article 6(1)(c) GDPR), such as retaining financial records for tax compliance or responding to valid legal requests.

If you have questions about the legal bases for specific processing activities, feel free to contact us.

Your Content is Yours: AdFlex does not claim ownership of the content, creative assets, or data that you upload or create using our Services. You retain all rights to your texts, images, graphics, logos, and other materials that you provide to AdFlex.

License to Operate the Service: In order to provide the functionality of AdFlex, when you upload or create content on the platform, you grant us a limited license to use that content solely for the purposes of operating, maintaining, and improving the Services as described in our Terms of Service. This means, for example, we have your permission to temporarily store your images on our servers, to display your content back to you and those you share it with, to modify it as you instruct (such as generating variations or resizing images), and to back it up as part of our infrastructure. We do not use your content for any unrelated purposes: we don’t sell it, we don’t post it publicly (unless you direct us to, such as publishing an ad via an integration), and we don't claim it as our own.

Sharing and Publication of Your Content: The AdFlex platform may offer you features that involve sharing your content (for example, publishing an ad to your connected Facebook Ads account, or collaborating with team members on a project). Such actions are under your control. We will not share your content with any third party except (a) as needed to provide the service at your direction (e.g., sending your ad to Facebook when you hit publish, or using an AI API to process an image if applicable), or (b) as required by law or to enforce our legal rights (very rare, as discussed under disclosures). Internally, access to user content is restricted to authorized personnel who need to support the system or assist you (for example, if you request support and we need to look at a specific item in your account, we will do so only with your permission or where necessary to resolve the issue).

Use of Anonymized Data: As noted in "How We Use Your Information," we might utilize certain data derived from your content in an anonymized or aggregated way to improve our services or for analytics. For instance, we might track the number of images generated across all users or the general topics of text prompts to see usage patterns. These insights never include personal details or identifiable content from your materials. We do not use any personal or confidential content from your account in marketing or external communications without your explicit consent.

If AdFlex would like to feature your usage or content in something like a case study or testimonial, we will reach out to you for permission. Outside of such consent-driven scenarios, your content stays within the confines of the AdFlex service and under your control.

We understand that your personal information and your content are important, and we only share data with third parties in a few specific situations, each of which is aimed at running our business and delivering the Services to you. We do not sell your personal information to third parties.

Here are the scenarios in which we share information, and what we share:

• Service Providers (Processors): We employ a number of trusted third-party companies to perform tasks on our behalf, and we need to share certain information with them to provide our Services to you. These service providers are bound by confidentiality and data protection obligations and may only use your data as instructed by AdFlex. Key categories of service providers include:
• Cloud Hosting & Infrastructure: We use reputable cloud platforms (for example, Amazon Web Services (AWS)) to host our application, databases, and files. All of your personal data and content is stored on such secure servers. These providers have access to stored data for the purpose of storage and backup only; they do not use it for any other purposes.
• Payment Processors: As mentioned, Stripe (and possibly other payment gateways like PayPal, if offered) handle payment transactions. When you make a purchase, your billing information is transmitted to the processor. They return transaction details to us (like a payment confirmation, subscription ID, last4 of your card) so we can record your subscription. These processors are PCI-DSS compliant and AdFlex does not see your full credit card data.
• Email and Communication Services: We use third-party email services such as SendGrid (Twilio SendGrid) to send out emails for verification, password resets, notifications, and newsletters. These services will process your email address and the content of the email under our instructions. For example, if we send a welcome email or a system alert, it goes through SendGrid. We may also use customer support platforms (like Zendesk or Intercom) to manage support tickets and live chat, which means if you contact support, your email and messages will be stored in those systems.
• Analytics Services: Third-party analytics tools (like Google Analytics, as described above, or others like Mixpanel) process usage data on our behalf. They may receive data such as your IP (masked), device info, and interaction events for the purpose of providing aggregated analytics to us. These providers do not identify you personally in their reports to us.
• Other Specialized Tools: We might use additional services for specific functions, for example, a service for sending SMS verification codes, or a cloud AI service to process images or text. If we do, we ensure those vendors only get the data necessary (e.g., a phone number for SMS, or the image to be processed by the AI) and that they are under appropriate data protection terms.
• Business Partners and Integrations (At Your Direction): AdFlex offers integrations with third-party platforms to enhance your workflow. If you choose to connect AdFlex to an external service, we will share data with and receive data from that service with your consent and at your instruction. For example:
• Social Media & Ad Platform Integrations: You may connect your Facebook/Instagram, Google Ads, LinkedIn, or other advertising accounts to AdFlex in order to publish ads or content directly through our interface. When you do this, we use the respective API to push your content (e.g., an ad image and caption) to that platform. We might also retrieve campaign performance data (like impressions, clicks) from the platform to display in your AdFlex dashboard. We only exchange data that is necessary for the integration, and this happens securely via official API channels. Importantly, AdFlex does not collect the personal data of your end-customers or ad viewers from these platforms: we may receive aggregate stats and identifiers needed to manage the campaigns, but not e.g. individual names of people who see or click your ads.
• Third-Party Login: As noted, if you use a Google or Facebook login for AdFlex, those services will confirm your identity and share basic profile info with us (name, email). No passwords are shared, and you can disconnect the link at any time.
• In all such cases, your relationship with the third-party service (Facebook, Google, etc.) is governed by that service’s own terms and privacy policy. AdFlex is not responsible for data that those services may collect or how they use it. We recommend reviewing their privacy policies when you connect them to understand their practices. You can disconnect any integration via AdFlex or the third-party’s settings.
• Affiliates: As of the date of this Privacy Policy, AdFlex does not have parent or subsidiary companies with whom we share personal data. If AdFlex in the future is part of a corporate family, we may share information within our group of affiliated companies under the same privacy safeguards. For example, if AdFlex establishes an affiliate or branch in the EU or Middle East to better serve customers, data might be shared with that affiliate. Any such change will be reflected in an updated Privacy Policy, and the affiliate will be required to honor the same commitments to protect your privacy.
• Business Transfers: If AdFlex is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed to the successor or potential acquirer (and their advisors) as part of evaluating or executing the transaction. If a change of ownership occurs, the acquiring company will take on the rights and obligations described in this Privacy Policy regarding your personal information. We will notify you (for example, via email or a notice on our site) of any such deal and outline any choices you may have regarding your data in that event, to the extent required by law.
• Legal Compliance and Protection: We may disclose your information when we believe in good faith that such disclosure is necessary to:
• Comply with the law or legal process: This includes responding to subpoenas, court orders, government requests, or other legal process. We will only provide the information specifically required and will object to requests we believe are improper.
• Enforce our terms and policies: If necessary, we may release information to enforce or apply our Terms of Service or other agreements, including investigation of potential violations.
• Protect rights, property, and safety: We may share information to protect the rights, property, or safety of AdFlex, our users, or the public. For example, we might disclose information to investigate and prevent security threats or fraud.

In such cases, we will only share the information that is reasonably required (for instance, providing logs to law enforcement investigating a security incident, or providing account details to handle a fraud report).

• With Your Consent: Aside from the cases listed above, if we ever need to share your information for any other purpose, we will explain and ask for your explicit consent. You have the right to withdraw such consent at any time.

No Selling of Personal Data: AdFlex does not sell, rent, or trade your personal information to third parties for their own marketing or other purposes. We also do not share personal data for cross-context behavioral advertising. In plain terms, we’re not in the business of monetizing your personal information; our business is providing our SaaS platform to you.

AdFlex is a global service, and your information may be transferred to or accessed by our team or service providers in countries other than your own. In particular:

• Our primary servers and data storage are located in the United States (for example, in AWS data centers in the U.S.). This means if you are using AdFlex from outside the U.S., your personal data will likely be transferred to and processed in the United States.
• We may also utilize servers or technical support in other regions (for example, to provide support or redundancy). Some data might be processed in or accessed from the European Union or other regions as needed for backup, maintenance, or faster access by users in those regions.

Regardless of where your data is processed, we protect it under the same standards described in this Privacy Policy. When we transfer personal data out of your country, we take steps to ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws:

• European Users: If you are in the EEA, UK, or Switzerland, and your data is transferred to the U.S. or any country not deemed “adequate” by the EU/UK, we rely on approved mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, which contractually oblige recipients to protect your data. We have Data Processing Agreements incorporating these clauses with our service providers as required.
• We also consider any supplemental measures recommended by regulators to ensure that, in practice, your data has an equivalent level of protection to that in the EU. For example, data at rest is encrypted, and we carefully vet U.S. vendors’ commitments to privacy.
• Additionally, if applicable, we may rely on certifications or frameworks like the EU-U.S. Data Privacy Framework (and corresponding UK/Swiss frameworks) should our company or relevant vendors become certified under it. As of the Last Updated date of this Policy, we primarily rely on SCCs.
• Other Regions: Similarly, if we transfer data from other countries with data export requirements, we will ensure compliance with those (for instance, using contractual clauses or obtaining consent where required).

By using AdFlex, or providing information to us, you consent to the transfer of your personal data to the United States and other jurisdictions as described. We understand that privacy laws may vary between countries, so we will handle your data with care and implement necessary protections no matter where it is processed.

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including for any legal, accounting, or reporting requirements. Retention periods can vary depending on the type of data and the purposes of processing.

General Retention Periods:

• Account Information: We keep your account data (like your name, email, and profile info) for as long as your account is active. If you choose to delete your account (or if we need to delete it due to inactivity or policy violations), we will remove or anonymize personal information associated with your account within approximately 30 days of the deletion request or account closure. However, as noted below, we may retain certain information for longer if needed for legal compliance or legitimate interests.
• User Content: Content you create or upload to AdFlex is stored on our servers until you delete it or your account is deleted. If you remove specific content from your account, we will endeavor to purge it from our systems (or anonymize it in our backups) within the same 30-day window. If other users (such as your team members) had access to that content, they might still retain copies in their account if it was a collaborative asset, until they also delete it.
• Usage Logs: Logs and analytics data (like event logs, IP address logs, etc.) are generally retained for 12 months for troubleshooting, analysis, and security purposes. After that period, we either delete the data or aggregate/anonymize it for long-term retention (for example, keeping overall usage statistics but not detailed logs tied to individual users).
• Communications: If you contact support or send us emails, we may retain those communications and any attached information for as long as necessary to assist you, and for our records. Typically, support tickets and emails are kept for a few years (often 2–3 years) in case similar issues recur or for training our support team, unless you request their deletion sooner.
• Financial Records: We retain transaction records, invoices, and related billing information for at least 7 years (or longer if required by tax law) to comply with accounting and auditing standards. This means if you made a payment to us, the record of that payment (including your name, company, billing address, date, amount, and method, but not sensitive card details) will be kept for that period even if you delete your account.

Deletion Requests: You have the right to request deletion of your personal data (see Your Rights & Choices below for how to submit such requests). When you request account deletion:

• We will verify your identity (to prevent unauthorized deletions) and then proceed to remove your personal information from our active databases. Account identifiers will be erased or irreversibly anonymized.
• We will aim to complete this process within 30 days. If fulfilling the request will take longer (due to complexity or volume), we will inform you of the delay.
• After deletion, you will no longer be able to log into your account, and any content you had in the account will be made inaccessible to you.

Backup and Archive: Please note that our backups and archives may retain residual copies of your personal data for up to 90 additional days. This is a common practice for disaster recovery and continuity. However, such backups are stored securely and are only accessed if needed for security audits or disaster recovery. After the retention period, backups are overwritten or deleted. Even if data remains in backups for a short time, it will not be readily accessible to operate the Services once your account is deleted.

Retention for Legal Compliance & Legitimate Interests: There are circumstances where we may keep data even after an account deletion or request:

• As noted, financial/payment records and invoices are kept to comply with legal obligations.
• We may retain logs or records that relate to security, fraud prevention, or abuse reports to protect our interests and the safety of others (for example, keeping a record of users who were banned for misuse to prevent repeat abuse, or preserving evidence of fraudulent transactions).
• If there is an ongoing issue, dispute, or investigation, we will retain the necessary information until it is resolved.
• Any data that we retain will continue to be subject to this Privacy Policy and our internal security policies.

We take security very seriously at AdFlex and employ administrative, technical, and physical safeguards to protect your personal information and content. However, no method of transmission over the Internet or electronic storage is 100% secure, so we cannot guarantee absolute security. That said, here are key measures we have in place:

• Encryption: All communications between your browser/app and AdFlex are encrypted in transit using SSL/TLS (HTTPS). This means that data you send to us (including passwords and personal information) is protected from eavesdropping during transmission. Additionally, we encrypt sensitive data at rest in our databases and storage, using strong encryption algorithms. For example, any sensitive personal data fields and stored files are encrypted on our servers so that they are not readable even if someone gained unauthorized access to the storage.
• Secure Authentication: Passwords are stored using one-way hashing and salting. We never store plaintext passwords. We also support multi-factor authentication (if enabled) to add an extra layer of security on accounts. If you use social login, that login is secured by those providers, and we rely on their secure protocols (OAuth).
• Access Controls: We restrict access to personal data on a need-to-know basis. Only a limited number of authorized AdFlex personnel (or contractors operating under strict confidentiality agreements) can access user data, and only for purposes such as technical support, system maintenance, or as otherwise described in this Policy. Internal access to systems is protected via strong authentication, and employees are trained on proper data handling. We employ role-based access control so that, for instance, a support agent might see your account info if helping you, but cannot arbitrarily browse everyone's data.
• Network Security: Our infrastructure with AWS includes robust security at the network and server level. We use firewalls, intrusion detection systems, and monitoring services to guard against unauthorized access. There are safeguards to detect and mitigate DDoS attacks and other common threats. We regularly update our software and systems to address security vulnerabilities.
• Audits and Testing: We conduct periodic security assessments and code reviews. This includes vulnerability scanning and, where feasible, third-party penetration testing of our applications to identify and fix potential security weaknesses. Critical systems are monitored and audited for unusual activity.
• Incident Response: AdFlex has a data breach response plan in place. If we suspect or become aware of any unauthorized access to or disclosure of personal data, we will promptly investigate and take steps to mitigate the issue. In the unfortunate event of a data breach that poses a significant risk to your rights or privacy, we will notify affected users and/or appropriate regulatory authorities as required by law (for example, within the timeline mandated by GDPR or state breach notification laws). We hope this never occurs, but we have procedures ready just in case.
• Organizational Practices: Our team members receive training on data privacy and security. We maintain internal policies to ensure that personal data is handled and disposed of safely. All employees must adhere to confidentiality obligations.

User Responsibilities: We also want to remind you that you play a role in keeping your data secure. Please use a strong, unique password for AdFlex and do not share it with others. Update your password periodically and be cautious of phishing attempts (AdFlex will never ask you for your password via email). If you suspect someone has gained unauthorized access to your account, please change your password immediately and contact us. Also, when you integrate AdFlex with other services or download content, be mindful of your own device and network security.

No Security Guarantee: While we are dedicated to protecting your information, no security program is infallible. Therefore, we cannot guarantee that personal data may never be compromised. By using our Services, you understand that any transmission of data is at your own risk. We will, however, do our best to prevent and, if necessary, address any security incidents.

Depending on your jurisdiction and the applicable law, you may have certain rights regarding your personal information. AdFlex is designed to give you control over your data, and we also facilitate your rights to the extent possible and required by law. Below, we outline key privacy rights and how you can exercise them:

• Access and Portability: You have the right to request a copy of the personal data we hold about you, and to be informed about how we process it. This is commonly known as a Subject Access Request. We can provide you with a summary of your information in a structured, commonly used format (typically electronic). For example, you can request an export of your account details and content. In some cases (where applicable by law), you can also request that we transmit this data to another service provider if technically feasible (this is the “data portability” right under GDPR).
• Correction (Rectification): If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct it. Much of your basic information can be updated directly by you in your account settings (for instance, you can change your name, email, or profile details). For any information that you cannot update yourself, contact us and we will correct it as needed.
• Deletion (Erasure): You have the right to request that we delete your personal data. This is sometimes called the “right to be forgotten.” As described in Data Retention and Deletion, you can delete your AdFlex account via the account settings, or by contacting us at privacy@adflex.ai with a request. We will then erase your personal data from our active systems, except for information we are required to retain for lawful purposes. If you request deletion, please be aware it is permanent and you will lose access to your account and content (so be sure to back up any content you want to keep before deletion). We will inform you when the deletion process is completed.
• Objection to Processing: In certain situations, you have the right to object to our processing of your data. For example, if we process your information based on our legitimate interests, you can object if you believe it impacts your rights. If you object to direct marketing, we will stop processing your data for those purposes immediately (see “Marketing Communications” below). For other types of objections, we will consider your request and either stop processing or explain why we have a compelling legitimate interest to continue (e.g., security or legal requirements).
• Restriction of Processing: You can ask us to restrict (pause) the processing of your personal data in certain circumstances. This could apply if you contest the accuracy of the data (while we verify it), or if you want to preserve data for a legal claim but not have us process it otherwise, or if you have objected to processing and await verification of our grounds. When processing is restricted, we will still store your information but will not use it until the restriction is lifted (unless necessary for legal claims or to protect others’ rights).
• Withdrawal of Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For instance, if you consented to receive our newsletter, you can unsubscribe (withdraw consent) and we will stop sending it. Withdrawing consent will not affect the lawfulness of any processing we did before your withdrawal, and it won’t affect processing that is under other legal bases. It may mean that certain features become unavailable (for example, if you withdraw consent for certain cookies, some site functions might not work).
• Automated Decision-Making: AdFlex does not typically make any legally significant decisions about you purely by automated means (without human involvement). If that changes, and you are subject to laws that grant rights regarding automated decisions (like GDPR’s provisions on profiling and automated decisions), we will notify you and provide appropriate rights such as the ability to request human review of a decision.
• Non-Discrimination: AdFlex will never discriminate against you or deny you services for exercising your privacy rights. For example, if you choose to opt out of marketing emails or request deletion of some data, we will not provide you a lesser service (beyond the impact to features that rely on that data).

Marketing Communications: If you have subscribed to our newsletter or promotional emails and no longer wish to receive them, you can opt out at any time. The easiest way is to click the “Unsubscribe” link included in the footer of any marketing email we send. You can also manage your email preferences in your account settings or by contacting us. Please note that even if you opt out of marketing messages, we will still send you transactional and service-related emails as noted earlier (you cannot opt out of those if you continue to use AdFlex, since they're necessary for service).

Cookies & Tracking Choices: As detailed in the Cookies section, you have control over cookies and tracking. You can adjust your browser settings to refuse cookies. If we provide a cookie consent banner or settings, you can use that to manage preferences (for instance, disabling analytics cookies). You can also opt out of targeted ads from certain ad networks; for example, the Network Advertising Initiative (NAI) and Digital Advertising Alliance (DAA) websites offer tools to opt out of interest-based advertising, and settings on Google and Facebook allow you to adjust ad preferences. Keep in mind these do not remove ads entirely, but may make them less relevant.

If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), which grants specific rights. In addition to the general rights outlined above, California law ensures:

• Right to Know: You can request that we disclose the categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting (or selling/sharing, if applicable) it, the categories of third parties with whom we share it, and the specific pieces of personal information we hold about you.
• Right to Delete: You can request that we delete personal information we have collected from you (subject to exceptions like those mentioned under retention: e.g., we may keep data needed for legal obligations).
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: Note: AdFlex does not sell personal information as defined under the CCPA, nor do we share it for cross-context behavioral advertising. Therefore, there is no need for you to opt out of sale/sharing, and we do not offer a "Do Not Sell or Share My Personal Information" link because it is not applicable. We reiterate that we do not monetize your data by selling it to third parties.
• Right to Limit Use of Sensitive Info: AdFlex does not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Services, so this right (specific to CPRA and sensitive data) is not applicable in any material way for our users. We do not collect sensitive categories like precise geolocation, social security numbers, etc., apart from basic financial information needed for transactions (which we handle as described).
• Non-Discrimination: As noted, we will not treat you differently because you exercised any of these rights.

California residents can exercise their rights by contacting us at privacy@adflex.ai with the specifics of their request. We will ask you to verify your identity (for example, by confirming information we already have on file, or responding from the email associated with your account) to ensure we are dealing with the correct person. If you have an authorized agent making the request on your behalf, we will require proof of their authority and also verification of your identity directly (unless the agent has a power of attorney under the California Probate Code).

For all users, including California residents, any requests or questions regarding your privacy rights can be sent to privacy@adflex.ai. We will respond within the timeframe required by law (30 days under GDPR, 45 days under CCPA, etc., with extensions if needed and communicated). Typically, we try to resolve requests as quickly as possible.

The AdFlex website and application may contain links to external websites or services that are not operated by us. For example, our website might link to our social media pages (on LinkedIn, Facebook, X/Twitter, etc.), or to articles and resources we reference. Additionally, as described in How We Share Your Information, you may interface with third-party services through AdFlex integrations (like publishing content to a social network or logging in via Google).

This Privacy Policy does not cover how third-party sites or services process your data. If you click on a link to an external site or use a third-party service (even one connected to AdFlex), those third parties may collect your data under their own policies. For instance, if you click a link to an article on another company’s blog, that site might set its own cookies or collect personal info through forms.

We encourage you to review the privacy policies of any third-party websites or services you visit or integrate with. We do not control and are not responsible for the content, privacy practices, or data handling of any third-party sites.

Note that when you use AdFlex’s optional integrations (such as connecting an ad account or using social login), we only share the information necessary to facilitate that integration, as described earlier, and such sharing is done under agreements with those providers. However, any data collected directly by the third party (for example, if Facebook collects analytics on how you use their interface while posting an ad) is governed by their privacy terms.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on our website and update the "Last Updated" date at the top.

If changes are significant, we will provide a more prominent notice or seek your consent if required by law. For example, we might notify you via email or a message within the AdFlex dashboard if we make material alterations to how we handle personal data. In certain cases, if legal regulations require, we will give advance notice or the opportunity to consent to those changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of AdFlex after any changes to this Privacy Policy constitutes your acceptance of the updated terms (to the extent permitted by law). If you do not agree with any changes, you should stop using the Services and, if appropriate, delete your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or how AdFlex handles your personal data, please contact us:

Email: privacy@adflex.ai Postal Mail: Novix Inc. (AdFlex) – Privacy, 8 The Green, STE B, Dover, DE 19901, USA

We will gladly address your inquiries and work with you to resolve any issues relating to your privacy. Your trust is important to us, and we are committed to safeguarding your information.