Privacy Policy
Last updated: July 2026
This Privacy Policy explains how Serann Limited, a company registered in England & Wales (Company No. 13457476; registered office 182-184 High Street North, Office 16521, East Ham, London, E6 2JA, United Kingdom), trading as Ad-Efficiency ("we", "us", "our"), collects, uses and protects personal data when you use our website, the Ad-Efficiency ads automation platform and our MCP (Model Context Protocol) connector (together, the "Service").
We are the data controller for personal data relating to our website, your account, lead and billing information. For the advertising-platform data that you (or your agency) connect to the Service, we act as a data processor on your documented instructions and process that data solely to deliver the Service to you. Business and agency customers can request a Data Processing Agreement (DPA) at privacy@ad-efficiency.com. For any questions about this policy, contact us at the same address.
1. What we collect
- Account information you provide directly: name, work email, company, country, role, and any information you submit through our contact or audit-request forms.
- Lead-form data: information you submit when requesting a free audit, joining the waitlist or contacting sales, including answers to qualifying questions.
- Advertising platform data, for users who connect an advertising account (Google Ads, Meta Ads, TikTok Ads, Microsoft Advertising, Amazon Ads, Google Analytics 4, Google Merchant Center, Shopify, etc.). Accessed strictly via each platform's official API under OAuth scopes you explicitly authorise. This may include:
- Account, campaign, ad group, ad and asset structure;
- Performance metrics (impressions, clicks, spend, conversions, CPA, ROAS);
- Budgets, bids, bidding strategies and pacing data;
- Search terms, negative keywords and audience configuration;
- Change history, recommendations and diagnostic data returned by the platform.
- Usage & technical data: IP address, browser type, device information, pages viewed, actions taken in the Service, and server logs required for security and troubleshooting.
2. Why we collect it
We process personal data to:
- Deliver free audits and reports you request;
- Provide, operate and maintain the Service, including continuous monitoring, anomaly detection, proposed optimisations and approval-gated changes to connected ad accounts;
- Communicate with you about your account, support requests and material product changes;
- Comply with legal obligations and defend legal claims;
- Improve the Service (aggregated / de-identified analysis only, see Section 4 on Limited Use).
3. Legal bases (UK GDPR / EU GDPR)
- Contract, to provide the Service you have signed up for or requested.
- Legitimate interests, to operate, secure and improve the Service, and to communicate with existing customers about their account. We balance these interests against your rights.
- Consent, for OAuth connections to advertising platforms and for any non-essential cookies. You can withdraw consent at any time.
- Legal obligation, for tax, accounting and lawful requests from authorities.
4. Google API Services User Data Policy, Limited Use
Ad-Efficiency's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, in relation to Google user data obtained via Google APIs (including Google Ads API, Google Analytics API and Google Merchant Center API):
- We only use Google user data to provide and improve user-facing features that are prominent in the Service (audits, reports, monitoring, and proposed / approved optimisations of your own ad accounts).
- We do not sell Google user data.
- We do not use Google user data for serving advertisements, including retargeting, personalised or interest-based advertising.
- We do not allow humans to read Google user data, except (a) with your explicit consent for specific data; (b) for security purposes, such as investigating abuse; (c) to comply with applicable law; or (d) where the data (including derivatives) has been aggregated and is used for internal operations in accordance with applicable law.
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition or sale of assets with your prior notice.
5. Meta and other advertising platforms
Data accessed through Meta (Facebook / Instagram) APIs, TikTok Marketing API, Microsoft Advertising API, Amazon Ads API, and any other connected platform is handled under the equivalent commitments: used only to deliver user-facing features of the Service, never sold, never used for advertising outside your own accounts, and never accessed by humans except with your consent, for security, or as required by law. We comply with each platform's Developer Terms and Platform Policies.
6. Retention
- Advertising platform tokens and cached data are deleted when you disconnect the platform in your dashboard or when your account is closed.
- Account and billing records are retained for the duration of your relationship with us and for up to 6 years afterwards where required by UK tax and accounting law.
- Lead-form submissions from prospects who do not become customers are retained for up to 24 months, then deleted or anonymised.
- Backups are rotated and purged within 30 days of the corresponding production deletion.
- You may request deletion at any time (see Section 10 and our Data Deletion page).
7. Subprocessors
We rely on a small number of vetted subprocessors to operate the Service, including:
- Hostinger (EU cloud hosting, Paris, France), primary application hosting and encrypted token store;
- Google (Google Ads API, Google Analytics API, Google Merchant Center API), advertising and analytics data accessed on your behalf under your OAuth authorisation;
- Managed database and object storage providers;
- Email delivery and transactional messaging providers;
- Analytics and error-monitoring providers;
- AI model providers used to generate reports and recommendations, these providers are contractually restricted from training their models on your data.
Each subprocessor is bound by a written data processing agreement with confidentiality and security obligations. Our current list of named subprocessors is available on request from privacy@ad-efficiency.com.
8. International transfers
Some subprocessors may process data outside the UK / EEA. Where this happens, transfers are protected by appropriate safeguards, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision covering the destination country.
9. Security and data residency
Where your data is hosted. Our primary infrastructure and the encrypted store that holds your advertising-platform connection tokens are hosted in the European Union, in a data centre in Paris, France, operated by our hosting subprocessor Hostinger. Only encrypted connection tokens are stored; we do not copy your campaign data into our systems, we read it on demand via each platform's official API when you or your approved automation ask us to.
We use industry-standard measures to protect personal data, including encryption in transit (TLS) and at rest, least-privilege access controls, audit logging of privileged actions, and regular review of our security posture. No system is perfectly secure; we will notify affected users and the ICO within statutory deadlines if a personal data breach is likely to affect your rights.
10. Your rights
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you;
- Ask us to rectify inaccurate data;
- Ask us to erase your data (see /data-deletion);
- Restrict or object to certain processing;
- Data portability, receive a machine-readable copy of data you provided;
- Withdraw consent at any time (without affecting prior lawful processing);
- Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority.
To exercise any of these rights, email privacy@ad-efficiency.com. We will respond within 30 days.
11. Cookies
We use essential cookies required for the site and product to function (session, security, load balancing) and, where enabled, privacy-respecting analytics cookies to understand aggregate site usage. We do not set advertising, retargeting or cross-site tracking cookies. Where required by law, we ask for your consent before setting non-essential cookies.
12. Children
The Service is a B2B product and is not directed at anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
13. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-product or by email at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the current version.
14. Contact
Serann Limited, trading as Ad-Efficiency
Company No. 13457476, Registered in England & Wales
Registered office: 182-184 High Street North, Office 16521, East Ham, London, E6 2JA, United Kingdom
Email: privacy@ad-efficiency.com