goodAds.ai icongoodAds.ai logogoodAds.ai
Back to Legal

goodAds.ai Privacy Policy

Effective Date: May 24, 2025

Last Updated: May 1, 2025

This Privacy Policy describes how Not George Technologies Inc., a Delaware corporation doing business as "goodAds.ai," with offices at 4792 SW Fairview Blvd, Portland, OR 97221 ("goodAds.ai," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit goodads.ai (the "Site") or use our advertising-creative platform and related services (collectively, the "Service").

goodAds.ai's Service is intended for use by businesses and their representatives. We do not offer products or services for use by individuals for their personal, family, or household purposes.

NOTICE TO EUROPEAN USERS: See Section 14 (Notice to European Users) for additional information for individuals located in the European Economic Area, the United Kingdom, or Switzerland.

NOTICE TO U.S. STATE RESIDENTS: See Section 15 (U.S. State Privacy Rights) for information about your rights under the CCPA, CPRA, and analogous laws in Virginia, Colorado, Connecticut, Utah, Texas, and other states.

Contents

1. Information We Collect

1.1 Information you provide to us

We collect the following categories of personal information when you sign up, use the Service, or otherwise interact with us:

  • Business contact information - name, work email, phone, job title, employer, mailing address.
  • Account information - username, password (hashed), account preferences, role assignments.
  • Customer product inputs - product images, logos, brand assets, copy, scripts, prompts, reference materials, audience descriptions, PDP details and other content you upload or submit to the Service, including associated metadata.
  • Payment information - billing name, billing address, and the last four digits of your payment card. Full card numbers and CVVs are collected and stored directly by our payment processor (Stripe) and never reach goodAds.ai's servers.
  • Communications data - the contents of messages you send us via email, support tickets, or in-product chat, and our responses.
  • Ad-platform access tokens and data - campaign and creative performance data, OAuth tokens, account IDs and related identifiers you authorize us to obtain from Meta, Google, TikTok, Snapchat, Applovin (Axon) and other ad platforms in order to publish, manage or analyze ads on your behalf.
  • Marketing data - your preferences for receiving our communications and details about how you engage with them.

1.2 Information collected automatically

When you use the Service, we and our service providers automatically collect:

  • Device data - operating system, browser type and version, device type, screen resolution, IP address, language settings, mobile carrier, and general location (city/region) inferred from IP.
  • Online activity data - pages and screens viewed, time spent, navigation paths, referring URLs, click and scroll events, and timestamps.
  • Cookies, web beacons, and similar technologies - used for authentication, session management, analytics, performance measurement, and (where you consent) advertising. See our Cookie Notice at goodads.ai/legal/cookies for details.

1.3 Information we obtain from third parties

We may receive information about you from third parties, including: (a) ad platforms (Meta, Google, TikTok, etc.) when you connect your accounts; (b) authentication providers (Google, Microsoft) when you sign in via SSO; (c) data enrichment and lead-research providers; (d) referral partners; and (e) publicly available sources.

Sensitive information. We do not request, and ask that you do not provide, sensitive personal information such as government identifiers, financial account numbers (beyond payment processing), precise geolocation, race, ethnicity, religion, health information, biometric data, or sexual orientation through the Service.

2. How We Use Personal Information

We use personal information for the following purposes:

2.1 Service delivery and operations

  • provide, operate, secure, and support the Service;
  • authenticate users and maintain accounts;
  • publish ads to ad platforms on your behalf based on the inputs and authorizations you provide and report on ad performance;
  • process payments and manage subscriptions;
  • communicate with you about the Service, including security alerts, billing, and administrative messages;
  • respond to support requests and feedback.

2.2 AI model development and Service improvement

IMPORTANT - AI training disclosure. goodAds.ai uses Customer Inputs and the AI-generated outputs we produce to train, fine-tune, evaluate, and improve our AI models, algorithms, and the Service. We also use this information to develop new features, conduct analytics, and benchmark performance. Where you have signed a written enterprise agreement or Data Processing Addendum that limits this use for your account, we honor those limits. Outside such agreements, the training use described in this paragraph applies as set forth in our Terms of Service (Section 7).

Wherever practicable, we use aggregated, de-identified, or anonymized data for these purposes. We do not sell Customer Inputs or AI outputs to third parties as a standalone dataset.

2.3 Analytics, marketing, and personalization

  • analyze how users engage with the Service so we can improve it;
  • send Service-related marketing communications you have not opted out of;
  • personalize your experience and remember your preferences;
  • measure and attribute marketing performance, including by working with third-party advertising partners.

2.4 Compliance and protection

  • comply with applicable laws, lawful requests, subpoenas, and other legal process;
  • enforce our Terms of Service and other agreements;
  • detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity;
  • establish, exercise, or defend legal claims.

No automated decision-making. We do not make decisions that produce legal or similarly significant effects about you using solely automated processing. We provide analytics and recommendations to our business customers; those customers make their own decisions based on that information.

3. How We Share Personal Information

We share personal information with the following categories of recipients:

  • Service providers and sub-processors - third parties that provide hosting (AWS, Google Cloud), payment processing (Stripe), email delivery, customer support tools, analytics (Google Analytics, Mixpanel, Segment), error monitoring, and similar services on our behalf. A current list of material sub-processors is available on request.
  • AI model and infrastructure providers - third parties that provide foundation-model APIs, GPU compute, and related AI infrastructure used to deliver the Service. Our use of these services is governed by their respective terms of service and privacy policies.
  • Ad platforms - when you authorize us to publish, manage, or analyze ads on your behalf, we share the necessary inputs with Meta, Google, TikTok, and other ad platforms you have connected. Those platforms process your data under their own privacy policies.
  • Affiliates - our corporate parent, subsidiaries, and affiliates.
  • Professional advisors - lawyers, accountants, auditors, bankers, and insurers, where necessary for the professional services they provide to us.
  • Authorities and others - law enforcement, government authorities, and private parties when we believe in good faith that disclosure is necessary to comply with law, enforce our agreements, or protect rights, property, or safety.
  • Business transferees - counterparties in a merger, financing, acquisition, reorganization, sale of assets, bankruptcy, or similar transaction.

We do not sell personal information for money. We may "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA. You can opt out of this "sharing" as described in Section 15.

4. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar technologies for: (i) strictly necessary site functionality and security; (ii) analytics; (iii) personalization; and (iv) advertising, subject to your consent where required. Our Cookie Notice (goodads.ai/legal/cookies) lists the specific cookies we use, their purposes, and how to manage them.

Do Not Track. Most browsers can be configured to send a "Do Not Track" signal. There is no industry consensus on how to respond to these signals, and we do not currently respond to them. We do honor the Global Privacy Control (GPC) signal as an opt-out of "sale" and "sharing" under the CCPA where you visit our Site from a supported browser.

5. Data Retention

We retain personal information only for as long as necessary to provide the Service and to meet our legal, regulatory, accounting, tax, audit, and fraud-prevention obligations, or to establish, exercise, or defend legal claims. We do not commit to fixed retention periods beyond what applicable law requires.

You may request deletion of your personal information at any time by emailing privacy@goodads.ai. We will honor verified deletion requests promptly, subject to limited exceptions for information we are legally required or permitted to retain (for example, transaction records required under tax law, records needed to defend legal claims, security/audit logs required by law, and backup copies that are purged in the ordinary course of business). Where we are not required to retain information, we will delete, anonymize, or aggregate it so it can no longer be associated with you.

For specific data categories - including Customer Inputs, account and billing records, ad-platform access tokens, support communications, and security/audit logs - retention is determined by the shorter of: (i) the period required by applicable law; (ii) the period necessary to provide the Service; or (iii) your deletion request. Backups containing residual copies are overwritten through routine rotation and are not separately preserved.

6. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest, role-based access controls, regular penetration testing, vendor security reviews, and employee training. No method of internet transmission or storage is 100% secure, and we cannot guarantee absolute security.

Security incident notification. If we become aware of a security incident that compromises personal information, we will notify affected customers and, where required, regulators, without undue delay and in any event in accordance with applicable law (including the seventy-two (72) hour timeline under the GDPR for personal data breaches).

7. International Data Transfers

goodAds.ai is headquartered in the United States. Personal information may be transferred to, stored in, and processed in the United States and in other countries where our service providers operate. These countries may have data-protection laws that differ from those in your home jurisdiction.

EU/UK/Swiss transfers. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision from the relevant regulator, we rely on the EU Standard Contractual Clauses (and the UK International Data Transfer Addendum or UK IDTA, as applicable) to provide an appropriate safeguard. Copies of the SCCs are available on request.

EU-U.S. Data Privacy Framework. Where we (or our sub-processors) participate in the EU-U.S. Data Privacy Framework, the UK Extension thereto, or the Swiss-U.S. Data Privacy Framework, we will comply with the principles of those frameworks.

8. Children

The Service is not directed to children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe we have collected personal information from a child, contact us at privacy@goodads.ai and we will take appropriate steps to delete it. (Note: this threshold is stricter than the U.S. Children's Online Privacy Protection Act (COPPA) baseline of 13 and the GDPR baseline of 16, reflecting our exclusively B2B audience.)

9. Third-Party Sites and Services

The Site and the Service may contain links to third-party websites, applications, or services we do not control. Their privacy practices are governed by their own policies. We are not responsible for the content or practices of those third parties.

10. Your Privacy Choices

10.1 Access, correction, and deletion

You may access and update certain account information by logging into the Service. To request access, correction, deletion, restriction, portability, or other rights with respect to your personal information, email us at privacy@goodads.ai. We will respond within the timeframes required by applicable law.

10.2 Marketing opt-out

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message or by contacting privacy@goodads.ai. Even after opting out of marketing, you may continue to receive Service-related and transactional communications.

10.3 Cookies and advertising opt-outs

You can manage cookie preferences via our in-Site Cookie Banner or through your browser settings. To opt out of interest-based advertising from participating companies, visit the Digital Advertising Alliance at optout.aboutads.info, the Network Advertising Initiative at thenai.org/about-online-advertising, or the European Interactive Digital Advertising Alliance at youronlinechoices.eu.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the Effective Date and, where required, by additional means such as email or an in-product notice. Your continued use of the Service after the updated Privacy Policy takes effect constitutes your acceptance of the updates.

12. How to Contact Us

Questions about this Privacy Policy or our privacy practices can be sent to:

goodAds.ai Privacy Team

Email: privacy@goodads.ai

Mail: Not George Technologies Inc., 4792 SW Fairview Blvd, Portland, OR 97221, United States

13. Notice to European Users (GDPR / UK GDPR)

This Section 13 provides additional information for individuals located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland (collectively, "Europe"). References to "personal data" have the meaning given in the GDPR.

13.1 Controller

Not George Technologies Inc. (d/b/a goodAds.ai) is the controller of personal data processed under this Privacy Policy. Contact details are in Section 12 above.

13.2 EU and UK Representatives

For inquiries about our EU/UK processing, you may contact our representative at the email address privacy@goodads.ai.

Under the GDPR, we rely on one or more of the following legal bases:

  • Contractual necessity - to provide the Service to you under our Terms of Service.
  • Legitimate interests - to secure, improve, and develop the Service, to communicate with our customers, to market our Service, to detect and prevent fraud and abuse, and to defend legal claims. We balance these interests against your rights and freedoms.
  • Compliance with legal obligations - to comply with applicable laws, lawful requests, and legal process.
  • Consent - for processing where consent is required (e.g., certain marketing cookies). You may withdraw consent at any time, without affecting processing performed before withdrawal.

13.4 Your rights

Subject to applicable law, you have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion ("right to be forgotten"); (d) restrict processing; (e) data portability; (f) object to processing based on legitimate interests, including direct marketing; and (g) withdraw consent. To exercise these rights, email privacy@goodads.ai.

Right to lodge a complaint. You have the right to lodge a complaint with the supervisory authority in your country of residence. For EEA users, contact details are at edpb.europa.eu/about-edpb/board/members_en. For UK users, ico.org.uk/make-a-complaint.

13.5 International transfers

See Section 7 above for the safeguards we apply to EU/UK/Swiss data transferred outside Europe.

13.6 Retention

See Section 5 above. Where we no longer need to retain personal data, we delete, anonymize, or aggregate it.

14. U.S. State Privacy Rights

This Section 14 provides information about the rights of residents of certain U.S. states. Depending on where you live, you may have one or more of the following rights:

14.1 California (CCPA / CPRA)

If you are a California resident, you have the rights to: (a) know the categories and specific pieces of personal information we collected about you, the sources of that information, the purposes for which we collected it, and the third parties with whom we shared it; (b) delete personal information we collected from you, subject to exceptions; (c) correct inaccurate personal information; (d) opt out of "sale" or "sharing" of personal information (we do not sell personal information for money but we may "share" it for cross-context behavioral advertising); (e) limit use and disclosure of "sensitive personal information"; and (f) be free from discrimination for exercising these rights.

How to exercise CCPA rights. Submit a request via privacy@goodads.ai or by visiting the "Do Not Sell or Share My Personal Information" link in our Site footer. We will verify your identity before processing your request. You may authorize an agent to submit requests on your behalf.

14.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Montana, Oregon, Tennessee, Iowa, Indiana, New Hampshire, Delaware, Maryland, Minnesota, Nebraska, New Jersey, and Rhode Island have rights analogous to those listed above for California residents, subject to the requirements of each state's privacy law. To exercise these rights, contact privacy@goodads.ai.

14.3 Categories of personal information

In the preceding twelve (12) months, we have collected the categories of personal information listed in Section 1 (Information We Collect). We have disclosed those categories to the service providers and other recipients listed in Section 3 (How We Share Personal Information) for the business purposes described in Section 2 (How We Use Personal Information).

14.4 Sensitive personal information

We do not knowingly collect "sensitive personal information" as defined under California or other state law. If you provide it to us, we use it only for the limited purposes permitted by law and as necessary to perform the Service.

14.5 Non-discrimination

We will not discriminate against you for exercising your privacy rights. Specifically, we will not (i) deny you the Service, (ii) charge different prices or rates, (iii) provide a different quality of Service, or (iv) suggest that you will receive different prices or quality, in retaliation for exercising your rights.

-- End of Privacy Policy --