Privacy Policy
Last updated: 8 May 2026
Ad Optima Ltd ("Ad Optima", "we", "us", "our") is a company registered in England and Wales. We are the data controller for the personal data we collect through our marketing site and from our customers. You can reach us at privacy@adoptima.ai for any data protection enquiry, or hello@adoptima.ai for general questions.
Our supervisory authority is the United Kingdom Information Commissioner's Office (ICO). ICO registration is in progress.
We collect what we need to talk to you, run our service, and keep our books. We do not sell your data, we do not share it with advertisers, and we do not use third-party advertising or analytics cookies. When the law gives you a right over your data, we honour it within 30 days.
The site has two forms: a self-serve ads audit (a six-step questionnaire that returns a written audit of your Google and Microsoft Ads setup) and a plain contact form. Between them, we collect your name, email address, website URL, monthly ad-spend band, your answers to the audit questions, your goal in free text, and any free-text message you send through the contact form. We also store the IP address and browser user-agent of the submitting request for legitimate-interest abuse prevention.
Where it goes. Submissions are committed as a single markdown file per lead into our private business-compiler repository on GitHub. A short summary of the lead is posted to our internal operations group on Telegram, and a notification email is sent via Resend to hello@adoptima.ai. For audit submissions, your answers are also sent to Anthropic's Claude API to generate the audit text (Anthropic processes them transiently under Zero Data Retention and does not retain them after the call). See our sub-processors for the full list of parties involved.
Lawful basis: our legitimate interest in responding to enquiries from prospective business customers and operating our marketing site. You can object to processing or ask us to delete your submission at any time by emailing privacy@adoptima.ai.
How long we keep it: 24 months from submission, unless you become a customer or ask us to delete it sooner.
We process the name, email address, billing details and account credentials needed to deliver the service. We also process - on your behalf, as your data processor - data drawn from the advertising and analytics accounts you connect (e.g. Google Ads, Microsoft Ads), search-term and conversion data, your landing-page content, and the inputs you give us through the dashboard.
Lawful basis: performance of the contract between you and us; for billing records, our legal obligation under UK accounting law.
How long we keep it: while your account is active, plus 30 days after cancellation for most categories. Billing records are kept for 6 years per HMRC requirements. The full retention table is available on request from privacy@adoptima.ai.
Our hosting providers retain short-term request logs (typically 1-7 days) for security and debugging. We retain a 12-month application audit log of security-relevant events (logins, OAuth grants, data exports, deletions). Lawful basis: our legitimate interest in operating a secure service.
We use a small number of vetted third parties to operate the service. Each is bound by a written data-processing agreement that restricts their use of your data to what we have instructed. The current parties are:
For each party's data categories, country of processing, transfer mechanism, and DPA, see the sub-processors page. We notify customers at least 30 days before adding, removing, or relocating a sub-processor.
The AWS infrastructure that will handle customer-facing product data is held within AWS UK Limited's eu-west-2 (London) region; no UK-resident customer data leaves the United Kingdom in the ordinary course of operating the product. Where personal data is transferred outside the UK to a non-EU sub-processor (currently Anthropic, Cloudflare and GitHub in the United States, and Telegram in the United Arab Emirates), we rely on the EU-US Data Privacy Framework (with the UK extension) where the receiving organisation is certified, and on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses where it is not. The Anthropic transfer additionally relies on Zero Data Retention so prompts and outputs are not stored beyond the immediate API call.
This site uses only essential cookies needed to make it function (e.g. CSRF protection on form submission). It does not use advertising cookies, third-party analytics cookies, or tracking pixels. We self-host our web fonts so your browser is not asked to fetch fonts from a third-party CDN.
If you become a customer, the customer dashboard uses an essential session cookie for authentication. Any non-essential cookies (e.g. opt-in product analytics) will be controlled by a cookie banner before any non-essential cookie is set.
Under the UK GDPR and the Data Protection Act 2018 you have the right to:
To exercise any of these rights, email privacy@adoptima.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to complain to the ICO at ico.org.uk/make-a-complaint, or by post to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
All traffic to the site, the dashboard, and our APIs is encrypted with TLS 1.3. Data at rest in our database is AES-256 encrypted. OAuth refresh tokens and other sensitive fields are envelope-encrypted with per-customer keys, so deleting a customer key effectively deletes ("crypto-shreds") the underlying data. Access to production systems is restricted to the founders, gated by single sign-on and multi-factor authentication, and logged. We do not store payment card details ourselves.
If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and notify you without undue delay. We maintain an internal breach-response runbook covering detection, severity classification, containment, and notification.
Ad Optima is a B2B service. We do not knowingly market to or collect personal data from children under 16.
We may update this policy from time to time. The "last updated" date at the top reflects the most recent material change. For changes that materially affect your rights, we will notify customers by email at least 30 days before the change takes effect.
If anything in this policy is unclear, email privacy@adoptima.ai and a real human will reply.