Privacy Policy

1. Scope & Roles

This Privacy Policy describes how DriveReachAds ("we", "us", or "our") collects, uses, and shares information in connection with our websites, products, and services, including our AI-assisted creative tools and advertising platform (collectively, the "Services"). For some data, we act as a data controller (e.g., your account and billing information). For data that our customers upload or connect to the Services (e.g., inventory, leads, ad audiences), we generally act as a data processor/service provider processing such data on our customers’ documented instructions.

2. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Name, email address, password, company/business name.
• Payment Information: Billing details processed by our payment provider (we do not store full card numbers).
• Business Data: Vehicle/property inventory, listing details, photos, and other content you upload.
• AI Usage Data: Prompts, generated content, manual edits, credit usage, and content preferences.
• Platform Connections: OAuth tokens and configuration for integrated platforms (e.g., Facebook/Instagram) stored encrypted at rest.
• Usage & Device Information: Log data, IP address, browser type, device identifiers, pages viewed, and interactions with the Services.
• Campaign Data: Ad campaigns, audiences, targeting preferences, budgets, performance metrics.

You should not upload or provide sensitive personal data (e.g., health, biometric, precise geolocation, government identifiers) or personal data of children under 18 to the Services.

3. How We Use Information

• Provide, operate, maintain, and improve the Services.
• Process payments and manage subscriptions through our payment provider.
• Generate AI-assisted copy, images, and videos; power creative suggestions and automation.
• Publish, manage, and measure advertising campaigns across integrated platforms.
• Monitor usage, troubleshoot, detect, prevent, and address fraud or abuse.
• Send service notices, product updates, and—with your consent—marketing communications.
• Comply with legal obligations and enforce our Terms.

Automated Decision-Making & Profiling: Some features use algorithmic outputs (e.g., ad optimization suggestions). These assist users but do not make final decisions about your legal rights or obligations.

4. Legal Bases (GDPR/UK GDPR)

Where required, we rely on the following legal bases to process personal data: (i) performance of a contract (to provide the Services), (ii) our legitimate interests (e.g., to secure and improve the Services), (iii) your consent (e.g., for certain marketing or cookie uses), and (iv) compliance with legal obligations.

5. Information Sharing

We share information with service providers acting on our behalf, such as:

• Payment Processing: Stripe (subscriptions, invoicing)
• AI Services: OpenAI (generation) and Google services (e.g., video/analytics)
• Ad Platforms: Meta (Facebook/Instagram) for publishing and measurement
• Hosting & Delivery: Vercel and cloud infrastructure providers
• Databases & Storage: Managed database/storage providers
• Analytics/Monitoring: Tools that help us understand and improve performance

We may also disclose information to comply with law, protect rights and safety, or in connection with a corporate transaction. We do not sell your personal information.

6. Cookies & Tracking

We use cookies and similar technologies for authentication, preferences, security, and analytics. Where required by law, we obtain consent through a banner and provide controls to manage preferences.

• Essential cookies are required for core functionality.
• Analytics cookies help us understand usage (aggregated/anonymous where possible).
• Advertising pixels may be used to measure campaign performance when you connect ad platforms.

You can adjust settings at any time via your browser or our Cookie Preferences. Disabling essential cookies may affect functionality.

7. Data Security

• Encryption: TLS in transit; encryption at rest for tokens and other select data.
• Access Controls: Role-based access and least-privilege principles.
• Secure Development: Security reviews and logging/monitoring of the platform.
• Incident Response: If we become aware of a breach affecting your data, we will notify you as required by law.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary based on the type of data and our legal or operational needs.

9. International Data Transfers

We may transfer, store, and process information in countries other than where it was collected. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect personal data.

10. Your Privacy Rights

Depending on your location, you may have rights to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete information in certain circumstances.
• Port data to another service.
• Opt out of certain processing, such as marketing.

For California residents, you may have additional rights under the CCPA/CPRA, including the right to opt out of certain sharing for cross-context behavioral advertising and the right to limit use of sensitive personal information. We do not sell personal information.

To exercise rights, email us at system@drivereachads.com and we will respond consistent with applicable law. If your data was provided to us by one of our customers, please contact that customer directly.

11. Customer Data (Processor Role)

When customers upload or connect personal data (e.g., leads, inventory, or audience lists), they are the data controllers. We process such data solely to provide the Services, in accordance with our agreement and the customer’s instructions. We do not use customer data to build profiles for our own marketing.

Customers are responsible for providing any required notices and obtaining any consents from their end users.

12. Third-Party Services & Links

The Services may link to third-party sites and services with their own privacy practices. Your use of those services is governed by their terms and privacy policies.

13. Children’s Privacy

The Services are intended for use by businesses and professionals. We do not knowingly collect personal information from individuals under 18. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted within the Services or via email notice. The "Last updated" date reflects the effective date of the current version.

15. Contact

Questions or requests? Email system@drivereachads.com.