Legal
Your data, joined into one truth, and nowhere else.
This policy explains what personal data Adverti Chat collects, why we collect it, how we protect it, and the choices you have. Written to meet India's DPDP Act, the GDPR, and US state privacy laws.
Jump to a section
Adverti Chat is an AI ad intelligence platform that connects to your advertising, store, and fulfilment accounts and reconciles the revenue your ad platforms report against the revenue you actually retain. To do that, we handle data. This policy is how we tell you exactly what we do with it, in plain language.
01Who we are
Adverti Chat (“Adverti”, “we”, “us”, or “our”) is a product of AdverGrow Solutions LLP, a limited liability partnership registered in India, with its registered office at A1/906, Palladium Tower, Corporate Road, Ahmedabad, Gujarat 380051, India, and LLPIN ACF-7495. The service is available at adverti.chat.
This policy covers the Adverti Chat platform, its website, and the connections you make to third-party accounts through it. It does not cover the practices of the ad platforms, stores, or other services you connect, which are governed by their own privacy policies.
02The two roles we play
How we treat your data depends on which of two roles we are in. This distinction matters, so we state it up front.
As a controller
For the personal data of the person who signs up and uses Adverti Chat, we are the controller (a Data Fiduciary under India's DPDP Act). This is your account and identity data, your billing records, how you use the product, and the questions you ask our assistant. We decide why and how this data is processed.
As a processor
For the data we pull from an account you connect, such as Meta Ads, Google Ads, Shopify, or WooCommerce, we are the processor (a Data Processor under DPDP, a “service provider” under US law, and a “Tech Provider” under Meta's terms). That data belongs to you or to your business, and it may contain personal data about your own customers. We process it only on your instructions, to produce the reconciliation and analytics you asked for. Where required, we make a Data Processing Agreement available to govern this relationship.
03The data we collect
Data you give us directly
- Account and identity data: your name, work email, phone number, password (stored only in hashed form), and business or brand name.
- Billing data: your plan, credit balance, and transaction records. Payments are processed through our payment gateway, Razorpay. We do not store full card numbers.
- Communications: messages you send to support and the questions and prompts you enter into the Adverti Chat assistant.
Data we collect automatically
- Usage and log data: features used, actions taken, timestamps, and error logs.
- Device and connection data: IP address, browser type, device identifiers, and approximate location derived from IP.
- Cookies and similar technologies: as described in the Cookies section below.
Access credentials for connected accounts
- When you connect a platform, we store the authorisation tokens or API credentials needed to fetch your data. These are encrypted at rest and are never shown to other users.
04Data from connected accounts
The core of the product is joining data from the accounts you choose to connect. We only fetch data after you authorise the connection, and only the data needed to provide the features you use. This can include:
- Advertising data from Meta Ads and Google Ads: campaign, ad set, and ad structure, spend, impressions, clicks, conversions, and reported ROAS.
- Store and order data from Shopify and WooCommerce: orders, order value, order and payment status, cancellations, returns, and fulfilment status. Depending on the fields you approve, this can include limited customer details such as name, contact, or delivery pincode used for return and cash-on-delivery analysis.
- Fulfilment data from services such as Shiprocket: shipment status, delivery outcomes, return-to-origin events, and cash-on-delivery results.
- Analytics data from Google Analytics 4, Google Search Console, and Microsoft Clarity: traffic, search performance, and on-site behaviour, where connected.
05How we use your data
We use data for these purposes and no others without telling you first:
- To provide the service: to compute retained revenue, true ROAS, wasted spend, creative health, and the other analytics and reports you request.
- To run the assistant: to turn your data into the answers, reports, and briefs you ask for, as described in the AI section below.
- To manage your account, process payments, and provide support.
- To keep the service secure, detect abuse, and troubleshoot problems.
- To improve the product using aggregated or de-identified data only, subject to the platform limits described below.
- To meet legal, tax, and regulatory obligations.
06The AI layer and your data
Adverti Chat uses large language models to turn your computed results into natural-language answers, reports, and creative briefs. We want to be precise about how this works, because it is where data leaves our systems.
- To generate a response, we may send the relevant computed results and the context of your request to a third-party model provider, currently Anthropic (Claude) and Google (Gemini). We send the minimum needed to answer, and we favour sending computed summaries over raw records.
- These providers process your data only on your behalf and only to produce the response you asked for. They are contractually bound not to use your data to train or improve their models.
- We do not use data received from connected platforms to train, fine-tune, or build any generalised AI or machine-learning model.
- Our engine does not make legally significant or similarly significant decisions about any individual automatically. It produces analysis for you to act on.
07The legal bases we rely on
Where the GDPR or similar laws apply, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the service and your connected-account features | Performance of a contract with you |
| Sending your computed results to a model provider to answer your request | Performance of a contract, and your consent given at connection |
| Security, fraud prevention, and product improvement using aggregated data | Our legitimate interests |
| Billing, tax, and legal compliance | Legal obligation |
| Optional marketing communications | Your consent, withdrawable at any time |
Under India's DPDP Act, we process your personal data on the basis of the consent you give, or for a legitimate use permitted by the Act. You can withdraw consent at any time, as described in Your Rights.
09Platform-specific disclosures
Some of the platforms we connect to require us to make specific commitments about how we handle the data we receive from them. We make those commitments here.
10International data transfers
Your data is primarily stored in India, on Amazon Web Services infrastructure in the Mumbai region. Some processing happens outside India, in particular by our AI model providers in the United States, when the assistant generates a response.
- Under India's DPDP framework, transfers outside India are permitted except to countries the government restricts. We monitor those notifications.
- For personal data of individuals in the EEA or the UK, we use Standard Contractual Clauses or another approved safeguard for transfers to countries without an adequacy decision.
11How long we keep data
- We keep your account data for as long as your account is active.
- When you disconnect a platform, we stop fetching new data from it and delete or de-identify the associated data within a reasonable period, unless we must keep it to meet a legal obligation.
- When you close your account, we delete or de-identify your personal data within a reasonable period, subject to legal retention requirements.
- We retain security and access logs for at least the minimum period required by applicable law.
12How we protect your data
We use reasonable technical and organisational measures to protect your data, including:
- Encryption of data in transit and at rest, including the tokens and credentials for your connected accounts.
- Role-based access controls, so only authorised personnel can access data, with access logged.
- Monitoring and logging to detect and respond to unauthorised access.
No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify the relevant authority and affected individuals as required by law, including the reporting timelines under the DPDP Rules and the GDPR.
13Your rights and choices
Depending on where you are, you have some or all of the following rights over your personal data:
- Access a copy of the personal data we hold about you.
- Correct or complete data that is inaccurate or incomplete.
- Erase your data where there is no lawful reason to keep it.
- Withdraw consent at any time, as easily as you gave it. Withdrawal does not affect processing already carried out.
- Restrict or object to certain processing, and request portability of data you provided.
- Nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act.
- Complain to a data protection authority. In India this is the Data Protection Board. In the EEA or UK it is your local supervisory authority.
To exercise any of these, contact us using the details in the Contact section. We will respond within the timelines set by applicable law. We will not discriminate against you for exercising your rights.
14Notice for United States residents
If you are a resident of California or another US state with a comprehensive privacy law, you have the right to know what personal information we collect, to access and delete it, to correct it, and to opt out of any sale or sharing for cross-context behavioural advertising.
- We do not sell your personal information, and we do not share it for cross-context behavioural advertising.
- We honour recognised opt-out preference signals, including Global Privacy Control, where our systems detect them.
- We do not use or disclose sensitive personal information beyond the purposes permitted by law.
To exercise your rights, contact us using the details below. You may use an authorised agent, and we will verify your request as the law allows.
16Children
Adverti Chat is a business tool intended for use by adults aged 18 and over. It is not directed to children, and we do not knowingly collect personal data from anyone under 18. If we learn that we have collected such data, we will delete it. Consistent with the DPDP Act, we do not track, profile, or serve targeted advertising to children.
17Changes to this policy
We may update this policy as our product, our sub-processors, or the law change. When we make a material change, we will update the date at the top and, where required, notify you and ask for renewed consent before we use your data in a new way. Please check this page from time to time.
18Contact and grievance redressal
For any question about this policy, to exercise your rights, or to raise a concern about how we handle your data, contact us:
Grievance Officer
We will acknowledge your request and respond within the timelines required by applicable law.