Privacy Policy

Last updated: February 11, 2026

1. Information We Collect

We collect information necessary to provide ad attribution services connecting your Meta ad spend to point-of-sale revenue. The categories of information we collect include:

  • Account data — name, email address, and password when you create an account.
  • Tracking data — our tracking script (t.js), installed on your gym's website, collects visitor interactions including page views, click events, IP addresses, and browser fingerprints to enable attribution.
  • Ad platform data — campaign, ad set, and ad-level performance data from your connected Meta Ads account, including spend, impressions, clicks, and lead form submissions.
  • CRM data — contact records, lead status, and pipeline information from your connected GoHighLevel (GHL) account.
  • POS data — transaction and revenue data from your gym's Stripe account to close the attribution loop between ad spend and actual revenue.
  • Cookies & fingerprinting — first-party cookies and device fingerprints used to identify returning visitors for attribution purposes.

2. How We Use Information

We use the information we collect to:

  • Perform closed-loop ad attribution connecting Meta ad clicks to POS revenue.
  • Run our identity resolution and matching engine to link ad interactions to CRM contacts and transactions.
  • Generate analytics, dashboards, and reports on your ad performance and return on ad spend (ROAS).
  • Process billing and manage your Adsu subscription via Stripe.
  • Send transactional emails related to your account (e.g., onboarding, billing receipts, alerts).
  • Improve and maintain the reliability of our platform.

3. Data Sharing

We do not sell your data. We share data only with the following categories of third parties, solely to operate and deliver the service:

  • Integrated platforms — Meta, GoHighLevel, and Stripe, as configured by you to enable attribution.
  • Infrastructure providers — Neon (database), Vercel (hosting), Sentry (error monitoring), Resend (email delivery), and Inngest (background job processing).

Each provider processes data only as necessary to provide their respective services and is bound by their own privacy policies.

4. Data Security

We take the security of your data seriously and implement industry-standard protections including:

  • AES-256-GCM encryption for all API tokens and credentials stored at rest.
  • HTTPS/TLS encryption for all data transmitted between your browser, our servers, and third-party integrations.
  • Secure, HTTP-only cookie-based sessions for web authentication.
  • Webhook signature verification (HMAC-SHA256) for all incoming data from Meta, GoHighLevel, and Stripe.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide the service. When you close your account, we will delete your data within 30 days upon request. Certain data may be retained longer if required by law or for legitimate business purposes such as fraud prevention or financial record-keeping.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data.
  • Data export — request a portable copy of your data in a machine-readable format.

To exercise any of these rights, contact us at support@adsu.io.

7. Cookies & Tracking Technologies

Adsu uses the following tracking technologies:

  • Tracking script (t.js) — a lightweight JavaScript snippet installed on your gym's website that captures visitor interactions and UTM parameters for attribution.
  • First-party cookies — used to maintain session state and identify returning visitors.
  • Browser fingerprinting — used as part of our identity resolution engine to match anonymous visitors to known contacts when cookies are unavailable.
  • IP address collection — collected for attribution matching and fraud prevention.

8. Third-Party Services

We rely on the following third-party services to operate the platform:

  • Neon — serverless PostgreSQL database hosting.
  • Vercel — application hosting and deployment.
  • Sentry — error monitoring and performance tracking.
  • Resend — transactional email delivery.
  • Inngest — background job processing and scheduling.

Each service processes data in accordance with their own privacy policies. We encourage you to review them.

9. Children's Privacy

Adsu is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 13, please contact us at support@adsu.io and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification. Your continued use of the service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at support@adsu.io.