← Back to Adium

Privacy Policy

Last updated: March 24, 2026

Introduction

Adium (“we,” “us,” or “our”) operates the Adium platform. This Privacy Policy explains how we collect, use, and protect information when you use our ad benchmarking service. By using Adium, you consent to the practices described in this policy.

Information We Collect

Account Information

When you create an account, we collect your full name and email address. Authentication is handled through Supabase Auth.

Company Information

During onboarding, you provide a company name and select an industry classification. This information is used to group your benchmarks with relevant peers.

Ad Platform Data

When you connect your ad platform accounts via OAuth, we access read-only performance metrics including impressions, clicks, spend, conversions, and conversion value. We support connections to Google Ads, Meta Ads, LinkedIn Ads, and TikTok Ads. We do not access:

  • Your ad creative content or copy
  • Audience targeting settings
  • Billing or payment information
  • Personal data of the people who see your ads
  • Campaign management or configuration settings

OAuth Tokens

We store encrypted OAuth access and refresh tokens to maintain your ad platform connections. These tokens grant read-only access only.

Usage Data

We collect standard usage data such as page views, feature usage, and server logs to improve the service.

How We Use Your Information

We process your data for the following purposes:

  • To pull your ad performance metrics and display them on your dashboard
  • To calculate anonymized, aggregated benchmarks across users in the same industry and spend tier
  • To authenticate you and manage your account
  • To improve, maintain, and secure the service

We do not use your data for advertising, profiling, building user profiles, or any purpose other than providing and improving the Adium benchmarking service.

Platform-Specific Data Handling

Meta (Facebook) Platform Data

Data received from Meta APIs is used solely for the purpose of providing ad performance benchmarks to you. We comply with the Meta Platform Terms and Developer Policies. Specifically:

  • We request only the ads_read permission (read-only access to ad account metrics).
  • We do not sell, license, or transfer Meta Platform Data to any third party.
  • We do not use Meta Platform Data to build or augment user profiles.
  • We do not use Meta Platform Data for surveillance, discrimination, or eligibility determinations.
  • Meta Platform Data is deleted when you disconnect your account, request deletion, or when no longer needed for the benchmarking service.

Google Ads Data

Our use of Google Ads data is subject to the Google API Services User Data Policy.

LinkedIn Ads Data

Our use of LinkedIn Ads data is subject to the LinkedIn API Terms of Use.

TikTok Ads Data

Our use of TikTok Ads data is subject to the TikTok for Business Developer Terms.

Benchmarking and Anonymization

Your individual ad performance data is never shared with other users. Benchmarks are computed as statistical aggregates (median, 25th percentile, 75th percentile) across a minimum threshold of accounts per industry and spend-tier segment. Individual account data cannot be reverse-engineered from these aggregates.

Data Sharing

  • We do not sell your data. We do not sell, license, or purchase any Platform Data received from ad platforms.
  • We do not share individual account data with third parties.
  • Aggregated benchmark data (which cannot identify you) may be used in marketing materials or industry reports.
  • We share data with service providers who process data on our behalf under contractual obligations, including Supabase (database and authentication) and Vercel (hosting). These service providers are contractually required to use your data only for providing their services to us and to maintain its confidentiality.

Law Enforcement and Government Data Requests

We are committed to protecting the privacy of our users when responding to requests from law enforcement agencies, government bodies, or other public authorities for personal data or personal information. We have the following policies and processes in place:

  • Legality review: All requests from public authorities for user data are reviewed for legal validity and sufficiency before any information is disclosed. We require that requests be made through proper legal channels and comply with applicable laws.
  • Challenging unlawful requests: We will challenge or refuse requests that we believe to be unlawful, overbroad, or otherwise inappropriate. This includes requests that lack proper legal basis, fail to follow required procedures, or seek data beyond the scope of legitimate authority.
  • Data minimization: When we are legally required to disclose user data, we limit disclosure to the minimum information necessary to comply with the specific request. We do not provide bulk or unrestricted access to user data.
  • Documentation: We maintain records of all requests received from public authorities, including the nature of each request, our response, the legal reasoning behind our decisions, and the actors involved.

Where permitted by law, we will notify affected users of requests for their data. For questions about our law enforcement request policies, contact legal@adium.com.

Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies. OAuth tokens are encrypted at rest using Supabase Vault. The service is hosted on Vercel with HTTPS encryption in transit. Access is restricted by authentication and authorization checks at the middleware and API level. We maintain administrative, physical, and technical safeguards designed to protect against unauthorized access, destruction, loss, alteration, or disclosure of your data.

Data Retention

We retain your ad performance metrics for as long as your ad account is actively connected and your Adium account is active. When you deactivate an ad account connection (stopping new data pulls), we retain existing metrics for up to 90 days to allow you to reactivate and resume benchmarking. After 90 days of inactivity, metrics for deactivated accounts are automatically deleted. When you disconnect an account or delete your account, all associated data (metrics and tokens) is deleted immediately.

Your Rights and Choices

You have the following rights regarding your data:

  • Disconnect accounts: You can disconnect any ad account from your company settings at any time. This permanently deletes the account connection and all associated metrics.
  • Delete account data: You can delete individual ad accounts and their data from the Connected Accounts tab in your company settings.
  • Request full account deletion: You can request deletion of your entire Adium account and all associated data by emailing privacy@adium.com.
  • Revoke OAuth access: You can revoke Adium’s access directly from your Google, Meta, LinkedIn, or TikTok account settings at any time.

For detailed instructions on how to delete your data, visit our Data Deletion page.

Third-Party Services

Adium integrates with the following third-party services, each subject to their own privacy policies:

  • Google Ads API - subject to Google’s API Services User Data Policy
  • Meta Marketing API - subject to Meta’s Platform Terms
  • LinkedIn Marketing API - subject to LinkedIn’s API Terms of Use
  • TikTok Business API - subject to TikTok’s Developer Terms
  • Supabase - database and authentication provider
  • Vercel - hosting provider

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at privacy@adium.com. For security vulnerabilities, contact security@adium.com.