AivoAds

Privacy Policy

Effective date: April 2, 2026

This Privacy Policy explains how AivoAds (operated by Tinysio Oy, Finland) collects, uses, stores, shares, and deletes personal data when you use AivoAds products, websites, and connected integrations (including Meta platform-connected features).

Who We Are Data We Collect How We Use Data Data Sharing Retention Deletion Requests Your Rights Contact

1. Who We Are

AivoAds is provided by Tinysio Oy (“we”, “our”, “us”). For privacy matters, the primary contact is listed in Section 12.

Depending on how AivoAds is used, Tinysio Oy may act as a controller (for account, security, and service operations) and/or processor (for campaign operations carried out on a customer’s instructions).

2. Data We Collect

We may process the following categories of data:

  • Account and identity data: name, email, authentication identifiers, and account status.
  • Business connection data: Meta-linked business/account identifiers, page identifiers, and related integration metadata.
  • Campaign and creative data: prompts, ad copy, objectives, uploaded assets, generated assets, campaign settings, and publish outcomes.
  • Operational and diagnostics data: job status, error logs, usage events, timestamps, IP/device/browser telemetry, and performance metrics.
  • Commercial data: plan/billing context, cost estimates, and cost-actual records where applicable.
  • Preference data: product settings such as theme or UI preferences.

3. How We Collect Data

  • Directly from you or your organization.
  • From connected platforms and APIs that you authorize (such as Meta).
  • Automatically through logs, cookies, and analytics/monitoring tools.
  • From service providers supporting infrastructure and operations.

4. How We Use Data

  • Provide and operate AivoAds features and campaign workflows.
  • Generate and manage ad assets and related campaign records.
  • Authenticate users, secure accounts, and prevent abuse/fraud.
  • Monitor reliability, debug incidents, and improve product quality.
  • Support billing, compliance, legal obligations, and auditability.
  • Respond to customer support requests and account inquiries.

Where required by law, we rely on appropriate legal bases, including contract, legitimate interests, legal obligations, and consent where applicable.

5. Meta Platform-Connected Data

If you connect Meta-related functionality, we process data permitted by your granted permissions and required to provide requested features. We do not sell platform data.

We process platform-connected data consistently with applicable Meta terms and developer policies, this Privacy Policy, and applicable law.

6. Data Sharing

We may share data with:

  • Infrastructure/service providers (for hosting, storage, logging, monitoring, security, and communication) under contractual protections.
  • Connected platforms (for example Meta) when required to execute requested campaign actions.
  • Legal/regulatory authorities where disclosure is required by law.
  • Corporate transaction counterparties in a merger, acquisition, or asset transfer, subject to applicable safeguards.

7. International Transfers

We and our service providers may process data in countries other than your own. Where required, we apply appropriate transfer mechanisms and safeguards under applicable law.

8. Retention

We retain personal data only as long as necessary for the purposes described in this policy, including contractual, operational, legal, tax, accounting, and security needs. When no longer required, data is deleted, anonymized, or de-identified.

9. Security

We use technical and organizational safeguards intended to protect personal data against unauthorized access, loss, or misuse. No system is perfectly secure; however, we continuously improve controls in line with product risk and maturity.

10. How to Request Data Deletion

You can request modification or deletion of personal data by contacting us through the details below. Please include enough information to identify your account and the scope of your request.

Send deletion requests to: info@tinysio.com with subject line: AivoAds Data Deletion Request.

We may need to verify identity before fulfilling requests. Some data may be retained where required by law, security, fraud prevention, dispute resolution, or legitimate record-keeping obligations.

This deletion route is available to all users who can access AivoAds, including users authenticated through connected platform flows.

For Meta-connected experiences, deletion requests initiated from Meta are supported via our platform callback flow. Meta sends a signed request to our deletion callback, and we return a confirmation code and status URL to complete the process.

Meta callback flow endpoints:

POST /v1/meta/data-deletion (signed callback from Meta)

GET /v1/meta/data-deletion/status?confirmation_code=... (status lookup)

11. Your Privacy Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to certain processing, and rights related to data portability. You may also have the right to lodge a complaint with a supervisory authority.

12. Contact Us

Email: info@tinysio.com
Sales contact: sales@tinysio.com
Entity: Tinysio Oy (Finland)

13. Changes to This Policy

We may update this policy from time to time. Material updates will be reflected by changing the effective date and, where appropriate, providing additional notice.

© 2026 Tinysio Oy, Finland. All rights reserved.