adsyncs← Back to home

Legal

Privacy Policy

Effective date: May 20, 2026

CÔNG TY TNHH MỘT THÀNH VIÊN ADSYNCS (ADSYNCS ONE MEMBER COMPANY LIMITED) (“Adsyncs,” “we,” “us,” or “our”) operates the Adsyncs platform, a hosted Model Context Protocol (MCP) server that connects advertising platforms, including Google Ads, Meta Ads, LinkedIn Ads, and Microsoft (Bing) Ads, to your AI client. Adsyncs is a single-member limited liability company organized under the laws of the Socialist Republic of Vietnam. This Privacy Policy explains what data we collect, how we use it, and the choices you have. For privacy inquiries, contact us at contact@adsyncs.net.

1. Categories of Personal Data We Collect

Account and Workspace Data

Information you provide when you create an account, join a workspace, or contact us, including your name, email address, company name, workspace role, and support messages.

Billing Data

Information needed to manage paid plans, invoices, and payment status. Payment card details, when required, are handled by our payment processor and are not stored by Adsyncs.

Authentication and Connection Data

MCP access tokens issued for your AI client, OAuth authorization records, connected provider names, selected ad account IDs, connection status, and encrypted OAuth access and refresh tokens issued by Google Ads, Meta Ads, LinkedIn Ads, and Microsoft Advertising.

Connected Ad Platform Data

Campaign, account, audience, creative, keyword, targeting, conversion, pixel, reporting, billing-currency, and performance data that your AI client requests through MCP tools. We access this data only after you connect the relevant ad platform and only to fulfill the tool calls you or your AI client initiate.

Usage, Security, and Diagnostic Data

Technical information automatically collected when you use the platform, such as IP address, browser type, operating system, request timing, tool names invoked, response status, quota counters, error categories, and connection metadata used to operate, secure, debug, and rate-limit the service. Adsyncs does not receive your raw conversation prompts from your AI client. We receive only the tool name and arguments your AI client sends in order to fulfill a tool call. Tool arguments and responses may be temporarily logged for debugging, abuse prevention, and security investigation.

Cookies and Device Information

Our dashboard uses session cookies required for authentication and a small set of first-party analytics cookies that help us understand product usage and improve reliability.

2. Purposes for Using Personal Data

  • Account and workspace administration: create accounts, manage workspace membership, and maintain user settings.
  • Authentication and authorization: issue MCP access tokens, verify client access, connect ad platforms with your consent, and refresh provider OAuth tokens.
  • Tool execution: retrieve, analyze, or modify connected ad-platform data only when a tool call requests it and your permissions allow it.
  • Security and abuse prevention: detect unauthorized access, enforce rate limits and account limits, investigate errors, and protect users and the platform.
  • Billing and plan management: process subscriptions, invoices, quotas, and payment-related support.
  • Support and service communications: respond to questions, send account, security, billing, quota, reauthorization, and product notices.
  • Service improvement: analyze aggregated or de-identified usage data that cannot reasonably be linked back to you to improve reliability, performance, tool design, and documentation.
  • Compliance: comply with applicable law, platform policies, and our Terms of Service.

Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process personal data under the following lawful bases under Article 6 of the GDPR (or the equivalent UK and Swiss provisions):

  • Performance of a contract (Art. 6(1)(b)): creating and operating your account, MCP authentication, ad-platform connection, tool execution, billing, and providing the core service.
  • Legitimate interests (Art. 6(1)(f)): security, abuse prevention, rate limiting, debugging, fraud detection, aggregated analytics, service improvement, and direct service communications. You may object to processing under this basis as described in Section 8.
  • Consent (Art. 6(1)(a)): non-essential cookies, optional marketing communications, and any other processing where consent is required. You may withdraw consent at any time.
  • Compliance with legal obligations (Art. 6(1)(c)): tax and accounting records, responding to lawful requests, and applicable retention requirements.

3. How We Handle Connected Ad Platform Data

Limited use. Data retrieved from Google Ads, Meta Ads, LinkedIn Ads, and Microsoft Ads is used solely to power the MCP tools you invoke. It is not used for advertising on third-party networks, sold to data brokers, or used to train or improve third-party generalized artificial intelligence or machine-learning models.

Google API Services User Data Policy. Adsyncs’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

OAuth tokens. Access and refresh tokens issued by ad platforms are encrypted at rest in our managed database and decrypted only at the moment they are needed to make a request on your behalf.

Compliance with platform policies. Our integrations operate under each platform’s API terms, including Google’s API Services User Data Policy (with the Limited Use requirements), Meta’s Platform Terms and Developer Policies, LinkedIn’s Marketing Developer Platform Agreement, and Microsoft Advertising’s Terms.

AI client and provider processing. When you use Adsyncs through an AI client such as Claude (Anthropic), ChatGPT (OpenAI), or another MCP-compatible host, your prompts, conversation context, and the tool results returned by Adsyncs are transmitted to and processed by that AI provider under its own privacy policy and terms. Adsyncs does not control how the AI provider uses, retains, logs, or trains on that data. We recommend reviewing your AI provider’s privacy policy before connecting Adsyncs. Adsyncs itself does not receive your raw conversation prompts; we only receive the tool name and arguments your AI client sends to fulfill a specific tool call.

Revocation. You can disconnect any ad platform at any time from your Adsyncs dashboard, which revokes the associated tokens. You may also revoke access directly from your platform account settings.

4. Categories of Recipients

We do not sell your personal data or connected ad-platform data. We disclose data only to the following categories of recipients as needed to operate the platform:

  • Infrastructure providers: hosting, database, logging, monitoring, storage, and email delivery vendors that process data for Adsyncs under confidentiality and security obligations.
  • Payment processors: billing and subscription providers that process payment status, invoices, and payment method details when you use a paid plan.
  • Connected advertising platforms: Google Ads, Meta Ads, LinkedIn Ads, and Microsoft Advertising receive requests made on your behalf when you invoke tools for those platforms.
  • AI clients and hosts you choose to use: tool results are returned to the AI client or host you connected to Adsyncs, such as ChatGPT, Codex, Claude, or another MCP-compatible client.
  • Workspace members: authorized members of your workspace may see workspace settings, selected provider connections, usage, and connection status according to their role.
  • Legal and safety recipients: regulators, courts, law enforcement, or affected parties when disclosure is required by law or necessary to protect rights, safety, security, or prevent abuse.
  • Corporate transactions: in connection with a merger, acquisition, financing, reorganization, sale of assets, insolvency, or similar transaction, personal data may be transferred to a successor or acquirer, subject to commitments consistent with this Policy.

5. Data Retention Timelines

We keep data only as long as needed for the purposes described in this Policy, unless a longer period is required by law, platform policy, security investigation, dispute resolution, or enforcement of our agreements.

  • Account and workspace data: retained while your account or workspace is active, then deleted or de-identified within 90 days after verified account deletion, or for a longer period where retention is required to comply with legal, tax, accounting, audit, security, or dispute-resolution obligations or to enforce our agreements.
  • Provider OAuth tokens and connection records: retained until you disconnect the provider, revoke access, delete your account, or the token expires or is invalidated; encrypted token material is deleted or made unusable after disconnect or account deletion.
  • Connected ad-platform data returned by tool calls: generally processed transiently to answer the request and not stored as a long-term copy, except for selected account metadata, tool output needed for debugging, or records you explicitly save in the product.
  • Usage, quota, audit, and security logs: retained for up to 24 months to operate, secure, debug, and audit the service, unless a longer period is needed for security, legal, or abuse-prevention reasons.
  • Billing records: retained for up to 7 years where required for tax, accounting, chargeback, and compliance obligations.
  • Support communications: retained for up to 3 years after the last interaction, unless you ask us to delete them earlier and no legal or security reason requires retention.
  • Backups: removed on the normal backup rotation cycle, generally within 35 days after deletion from production systems.

Aggregated and de-identified data. Aggregated, anonymized, or de-identified information that cannot reasonably be linked back to an identified or identifiable individual or workspace is not considered personal data under this Policy. Adsyncs may retain and use such information indefinitely for any lawful purpose, including operating, improving, securing, and benchmarking the service, provided we maintain the information in a de-identified form and do not attempt to re-identify it.

6. User Controls

You can control your data and connected accounts in the following ways:

  • Disconnect any connected ad platform from the Adsyncs dashboard.
  • Revoke Adsyncs access directly from Google, Meta, LinkedIn, or Microsoft account settings.
  • Choose which ad accounts are active for a workspace connection.
  • Rotate or reissue MCP client access by reconnecting your AI client or revoking existing access where available.
  • Request access, correction, export, deletion, or restriction of your personal data by emailing contact@adsyncs.net.
  • Opt out of non-essential product communications by using the unsubscribe link where provided or contacting us.

7. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal data, including transport-layer encryption for data in transit, encryption at rest for credentials, access controls, logging, and periodic reviews of our security posture. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us at contact@adsyncs.net.

8. Your Rights

Depending on the data protection laws that apply to you, which may include the EU and UK GDPR, Switzerland’s FADP, the California Consumer Privacy Act as amended by the California Privacy Rights Act, other U.S. state privacy laws, Vietnam’s Personal Data Protection Decree, Japan’s Act on the Protection of Personal Information, Korea’s Personal Information Protection Act, Singapore’s Personal Data Protection Act, Brazil’s LGPD, Canada’s PIPEDA, and other similar laws, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for processing where consent is the basis
  • Receive a copy of your data in a portable format

Exercise these rights by emailing contact@adsyncs.net. Before acting on a request, we will verify your identity using reasonable measures proportionate to the sensitivity of the request; statutory response periods begin once verification is complete. We will respond within the timeframes required by applicable law. If a request is manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or decline to act on the request to the extent permitted by applicable law. Certain rights are subject to exceptions, including where retention or processing is necessary to comply with legal obligations, to establish, exercise, or defend legal claims, or to protect the rights and freedoms of others.

9. Notice to California Residents

If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), provides additional rights regarding your personal information.

Categories of personal information collected in the last 12 months. Identifiers (such as name, email, account ID, IP address); commercial information (such as subscription tier and billing records); internet or other electronic network activity (such as usage logs, tool invocations, and request metadata); approximate geolocation derived from IP address; professional or employment information (such as company name and workspace role); and inferences drawn from the above (such as usage patterns).

Sources of personal information. Directly from you; automatically from your use of the platform; from your connected AI client; and from the ad platforms you connect.

Business purposes for collection. The purposes described in Section 2 of this Policy.

Categories disclosed for a business purpose. Identifiers and internet activity to infrastructure, hosting, logging, and email vendors; commercial information to payment processors; identifiers and connection metadata to connected ad platforms when you invoke a tool.

Sale or sharing of personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising. We have not sold or shared personal information of California residents in the preceding 12 months, including the personal information of minors under 16.

Sensitive personal information. We do not knowingly collect or process sensitive personal information (such as government identifiers, precise geolocation, biometric data, health information, racial or ethnic origin, religious beliefs, union membership, or the contents of mail, email, or text messages) other than as permitted under California Code of Regulations title 11, section 7027(m) (uses necessary to provide the service, ensure security, or prevent fraud).

Your California rights. Subject to verification and applicable exceptions, California residents may request to know, access, correct, or delete their personal information; to opt out of the sale or sharing of personal information (which we do not engage in); to limit the use of sensitive personal information (we already limit such use to permitted purposes); and to be free from retaliation or discrimination for exercising these rights. To exercise your rights, email contact@adsyncs.net. We will verify your identity using reasonable measures appropriate to the request and respond within the time periods required by law. An authorized agent may submit a request on your behalf with written authorization.

Shine the Light. California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information to third parties for those third parties’ direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

Other U.S. state residents. Residents of other U.S. states with comprehensive consumer privacy laws, including, as applicable, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, and Rhode Island, may have rights that are substantially similar to those described above, including rights to access, correct, delete, and obtain a copy of their personal information, and to opt out of the sale of personal information or targeted advertising (neither of which we engage in). To exercise these rights, contact us at contact@adsyncs.net.

10. Notice to Vietnamese Residents

Adsyncs is established in Vietnam and processes personal data in accordance with the Personal Data Protection Decree (Decree No. 13/2023/ND-CP) (“PDPD”) and other applicable Vietnamese law. If you are located in Vietnam, in addition to the rights described in Section 8 you have the following rights with respect to your personal data:

  • To be informed about the processing of your personal data;
  • To consent to processing and to withdraw consent at any time where consent is the basis of processing;
  • To access, view, and request correction of your personal data;
  • To request deletion of your personal data, subject to applicable retention requirements;
  • To request restriction of processing or to object to processing;
  • To request a copy of your personal data in a portable format;
  • To lodge a complaint with the Ministry of Public Security or other competent Vietnamese authority;
  • To claim damages in accordance with applicable Vietnamese law.

To exercise any of these rights, contact us at contact@adsyncs.net. We will respond within the timeframes required by applicable Vietnamese law. Where we transfer personal data of Vietnamese individuals outside of Vietnam, we apply appropriate safeguards consistent with applicable Vietnamese law.

11. International Data Transfers

Adsyncs is operated from Vietnam, and personal data may be processed in Vietnam or in other countries where our cloud, hosting, and infrastructure providers operate. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to Vietnam or another jurisdiction that has not received an adequacy decision, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum, supplemented by additional technical and organizational measures where required.

If you access or use the platform from outside Vietnam, including from the United States, the European Economic Area, the United Kingdom, Switzerland, Japan, Korea, Singapore, Australia, or any other jurisdiction, you acknowledge and, to the extent permitted by applicable law, consent to the transfer of your personal data to Vietnam and to any other jurisdiction where our infrastructure providers operate, and you understand that data protection laws in those jurisdictions may differ from those of your home jurisdiction. Where local law requires additional consent or formalities for such transfers, your continued use of the platform constitutes such consent to the extent permitted by law.

12. Children’s Privacy

The platform is not directed to individuals under 16, and we do not knowingly collect personal data from anyone under 16 (or under 13 in jurisdictions that apply that threshold). If you believe a child has provided us with personal data, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and, for material changes, provide additional notice (for example, via email or an in-product notice). Continued use of the platform after a change indicates acceptance of the updated policy.

14. Contact Us

Questions, concerns, or requests regarding this Privacy Policy can be sent to contact@adsyncs.net.