Privacy Policy

Introduction

Compass Digital ("we", "us", or "our") operates Socialyzr (socialyzr.compassdigital.nl), an AI-powered Meta Ads creation platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable Dutch and European privacy laws.

Data We Collect

We collect the following categories of personal data:

• Account information: your name, email address, and encrypted password when you register for an account.
• Meta Ads data: your Meta (Facebook) Ads account access tokens, which are required to manage and publish ads on your behalf.
• Media assets: images and videos you upload for use in your ad campaigns.
• AI-generated content: ad copy, headlines, and descriptions generated by our AI tools based on your input.
• Usage data: information about how you interact with Socialyzr, including pages visited, features used, and timestamps.
• Technical data: IP address, browser type, device information, and cookies necessary for the functioning of the service.

How We Use Your Data

We use your personal data for the following purposes:

• To provide and maintain the Socialyzr platform, including creating, managing, and publishing Meta Ads campaigns.
• To generate AI-powered ad copy and recommendations tailored to your campaigns.
• To authenticate your identity and secure your account.
• To communicate with you about your account, service updates, and support requests.
• To improve our platform, analyze usage patterns, and develop new features.
• To comply with legal obligations and enforce our Terms of Service.

Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Meta Ads access tokens are encrypted using AES-256-GCM encryption before storage.
• Account data and campaign information are stored in a PostgreSQL database with encrypted connections.
• Media assets (images and videos) are stored securely on Cloudflare R2 object storage.
• Passwords are hashed using bcrypt and are never stored in plain text.
• Access to production systems is restricted and protected with multi-factor authentication.

Third-Party Services

We share data with the following third-party services, each for a specific purpose:

• Meta Platforms (Facebook/Instagram): We transmit your ad content and account tokens to Meta's APIs to create and manage your advertising campaigns. Meta processes this data under their own privacy policy.
• Anthropic (Claude AI): We send your campaign briefs and ad parameters to Anthropic's Claude AI to generate ad copy. No personal account data is shared with Anthropic — only the creative inputs you provide.
• Cloudflare: We use Cloudflare R2 for secure media asset storage and Cloudflare's CDN for content delivery. Cloudflare processes data in accordance with their privacy policy.

Cookies

Socialyzr uses only essential cookies required for the proper functioning of the platform:

• Session cookies: to keep you logged in and maintain your session state.
• Locale preference: to remember your language setting (English or Dutch).
• Security cookies: to protect against cross-site request forgery (CSRF) attacks.

We do not use third-party tracking cookies or analytics cookies. We do not serve advertisements on our platform.

Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete data.
• Right to erasure: You can request deletion of your personal data ("right to be forgotten").
• Right to restriction: You can request that we limit how we process your data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to the processing of your data for certain purposes.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at privacy@compassdigital.nl. We will respond to your request within 30 days as required by the GDPR.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain information. Media assets are deleted from our storage within 7 days of account deletion.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: