Privacy
policy.

The data controller is WebTech Benedykt Tymiński, Sułków 431, 32-020, Poland. NIP 6772455057, REGON 386640074.

When you join the waitlist at adriva.app, we collect the email address you submit and the timestamp of your submission. Nothing else. No cookies that track you across sites, no fingerprinting, no analytics scripts.

When you sign up for and use app.adriva.app, we collect:

• Account data — name, email, and a hashed password. Sign-in is by email and password.
• Workspace data — the company, projects, brand context, and campaign drafts you enter into Adriva.
• Creative assets — the images and videos you upload for your ads, plus variants we generate from them for cropping and resizing.
• Ad-platform data — campaigns, ad groups, ads, keywords, targeting, budgets, spend, and performance metrics retrieved from the Google Ads and Meta Ads accounts you connect.
• Product telemetry — minimal logs (request IDs, error traces) needed to operate and debug the service. No third-party ad-tech trackers.

Adriva connects to your ad accounts via OAuth. We store the access and refresh tokens issued to us, encrypted at rest, and use them only to read and write the campaign data you ask Adriva to manage. You can revoke access at any time from your Google or Meta account settings, or by disconnecting the integration inside the app.

We use the data above to:

• Send waitlist invites and a small number of launch-related updates.
• Run the Adriva product — authenticate you, sync ad-account data, draft and publish campaigns to Google Ads and Meta Ads on your instruction, and show results in the dashboard.
• Provide customer support.
• Keep the service secure and reliable — abuse prevention, debugging, and incident response.

We do not sell, rent, or share your data with third parties for advertising or marketing purposes. We do not use your ad-account data to train AI models.

Adriva uses Groq(LLaMA models) to extract context from briefs, suggest keywords and geo targets, and infer roles for creative assets. The brand and campaign context you provide is sent to Groq for these tasks under Groq's commercial terms, which exclude using your inputs or outputs to train their models. Sensitive identifiers are not included in prompts.

We use a small set of vetted sub-processors to operate the service:

• AWS — cloud hosting, databases, and S3 object storage for creative assets (default region eu-west-1, Ireland).
• Groq — LLM inference for AI features.
• Google and Meta — when you connect those ad accounts, we send and receive data via their official APIs.
• Slack — internal notifications for new waitlist signups.

Each sub-processor is bound by a data-processing agreement. A current list is available on request.

Waitlist entries live in our application infrastructure and are mirrored to our internal Slack so the team can respond. We keep them only as long as needed to onboard you.

Application data lives on AWS — primarily in the EU (Ireland, eu-west-1). We retain account and ad-platform data while your account is active. After you close your account we delete or anonymize it within 90 days, except where law requires longer.

Some sub-processors (notably Groq) are based outside the EEA. Where that happens we rely on Standard Contractual Clauses and equivalent safeguards approved under GDPR.

Under GDPR and similar laws you can access, correct, export, or delete your data, restrict or object to processing, and withdraw consent at any time. From inside the app you can disconnect integrations and delete your account directly. For anything else — including waitlist removal — email benedykt@adriva.app. You also have the right to lodge a complaint with your local supervisory authority.

Data is transmitted over TLS and stored on infrastructure protected by industry-standard access controls. OAuth tokens and other credentials are encrypted at rest. Access to production data is limited to the minimum needed to operate the service. No method is perfectly secure, but we minimise what we collect so there is little to expose.

Adriva's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google Ads data only to provide the features you connected the integration for, and we do not transfer it to others except as needed for those features, to comply with applicable law, or as part of a merger or acquisition.

Adriva is a B2B product for advertising professionals and is not directed to anyone under 16. We do not knowingly collect data from children.

We may update this policy as the product and legal landscape evolve. Material changes will be reflected in the date at the top of this page and, for application users, communicated by email.

Questions, requests, or complaints: benedykt@adriva.app.