Last updated: April 2026
Privacy Policy
How we collect, use, and protect your personal data.
Abijany Limited ("Company", "we", "us", "our") is committed to protecting your privacy and handling your personal data with transparency and care.
This Privacy Policy explains how we collect, use, store, and protect personal data when you use our AI-powered advertising management Platform ("Service"). It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Abijany Limited is the Data Controller for personal data collected through our Platform.
- Email: privacy@abijany.com
- Website: www.abijany.com
2. What Data We Collect and Why
2.1 Account Registration Data
We collect: your full name, business name, email address, phone number (optional), billing address, and payment information (processed by Stripe — we do not store card details).
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.2 Onboarding and Business Configuration Data
We collect: your business industry and objectives, advertising goals (target CPA, ROAS, budget caps), brand information, website URL, and your Google Ads and Meta ad account IDs.
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.3 Advertising Account Performance Data
We collect: campaign, ad group, keyword, and ad performance metrics (impressions, clicks, conversions, spend, ROAS, CPA, CTR, CPM), search term reports, audience performance breakdowns, creative performance data, Meta Pixel and Conversions API event data, and Google Ads conversion tracking data.
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.4 AI Agent Decision Logs
We collect every action recommended by the AI agent, the reasoning behind each recommendation, the data that triggered each decision, the outcome of each action (measured after 7 days), and confidence scores.
Legal basis: Performance of contract and Legitimate interests (Article 6(1)(b) and 6(1)(f) UK GDPR).
2.5 Technical and Usage Data
We collect: IP address at login, browser type and version, pages visited within the dashboard, session duration, and error logs.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).
2.6 Customer Audience Data
Where you upload customer lists for audience creation, we process hashed email addresses and hashed phone numbers only (SHA-256 hashing applied before transmission). We do not store original unhashed data. You are the Data Controller for your customers' personal data.
3. How We Store Your Data
Your account data and AI decision logs are stored in an encrypted PostgreSQL database with encryption at rest, TLS 1.3 in transit, and row-level security ensuring your data is never accessible to other clients.
Your advertising credentials (OAuth tokens) are never stored in our database. They are stored exclusively in AWS Secrets Manager (AES-256 encryption, eu-west-2 region). Our staff cannot read your advertising account credentials.
4. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account registration data | Duration of subscription + 6 years |
| Business configuration data | Duration of subscription + 12 months |
| Advertising performance data | 24 months from collection |
| AI decision logs | 24 months from creation |
| Audience data (hashed) | Deleted immediately after upload to ad platform |
| Billing records | 6 years (UK tax law) |
| Technical/access logs | 90 days |
5. Who We Share Your Data With
We do not sell your data. We share data only as follows:
- Google LLC and Meta Platforms, Inc. — via their official APIs to provide the core service.
- Anthropic, PBC — advertising performance metrics (numbers only, no PII) are processed by Claude AI. Anthropic operates under Zero Data Retention for API customers.
- AWS — Secrets Manager for credential storage (eu-west-2 region).
- Stripe, Inc. — payment processing.
- Resend — transactional email delivery.
- Sentry — application error tracking (no advertising data or PII in error reports).
6. Your Rights
Under UK GDPR, you have the right to: access your data, rectify inaccurate data, erasure ("right to be forgotten"), restriction of processing, data portability, and to object to processing.
For automated decision-making: you may request human review of any AI decision, switch to Supervised Mode (approval required before actions), or switch to Shadow Mode (analysis only, no execution).
To exercise any right: privacy@abijany.com. We respond within 30 days. You may also lodge a complaint with the Information Commissioner's Office (ICO).
To request deletion of your data connected to our Facebook/Meta application specifically, please visit our Data Deletion page.
7. Cookies
Our dashboard uses session and authentication cookies only. We do not use advertising cookies or third-party tracking on our own platform. You can control cookies through your browser settings.
8. Security
We implement: AES-256 encryption at rest, TLS 1.3 in transit, dedicated secrets management, row-level database security, regular automated backups, intrusion detection, and dependency vulnerability scanning.
In the event of a data breach likely to result in risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.
9. International Data Transfers
Some sub-processors operate outside the UK/EEA (Anthropic and Stripe in the United States). Where data is transferred outside the UK/EEA, we ensure appropriate safeguards including Standard Contractual Clauses approved by the ICO.
10. Changes to This Policy
We will notify you of material changes by email at least 30 days before they take effect. The current version is always at www.abijany.com/privacy.
11. Contact
Privacy Officer, Abijany Limited
Email: privacy@abijany.com
Website: www.abijany.com
ICO: ico.org.uk · 0303 123 1113