Last updated: April 2026
Privacy Policy
How we collect, use, and protect your personal data.
Abijany Limited ("Company", "we", "us", "our") is committed to protecting your privacy and handling your personal data with transparency and care.
This Privacy Policy explains how we collect, use, store, and protect personal data when you use our AI-powered advertising management Platform ("Service"). It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Abijany Limited is the Data Controller for personal data collected through our Platform.
- Email: privacy@abijany.com
- Website: www.abijany.com
2. What Data We Collect and Why
2.1 Account Registration Data
We collect: your full name, business name, email address, phone number (optional), billing address, and payment information (processed by Stripe — we do not store card details).
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.2 Onboarding and Business Configuration Data
We collect: your business industry and objectives, advertising goals (target CPA, ROAS, budget caps), brand information, website URL, and your Google Ads, Meta, and TikTok Ads account IDs.
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.3 Advertising Account Performance Data
We collect: campaign, ad group, keyword, and ad performance metrics (impressions, clicks, conversions, spend, ROAS, CPA, CTR, CPM), search term reports, audience performance breakdowns, creative performance data, Meta Pixel and Conversions API event data, Google Ads conversion tracking data, and TikTok Pixel / Events API data including hook-rate signals and Spark Ad authorisation status.
Legal basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.4 AI Agent Decision Logs
We collect every action recommended by the AI agent, the reasoning behind each recommendation, the data that triggered each decision, the outcome of each action (measured after 7 days), and confidence scores.
Legal basis: Performance of contract and Legitimate interests (Article 6(1)(b) and 6(1)(f) UK GDPR).
2.5 Technical and Usage Data
We collect: IP address at login, browser type and version, pages visited within the dashboard, session duration, and error logs.
Legal basis: Legitimate interests (Article 6(1)(f) UK GDPR).
2.6 Customer Audience Data
Where you upload customer lists for audience creation, we process hashed email addresses and hashed phone numbers only (SHA-256 hashing applied before transmission). We do not store original unhashed data. You are the Data Controller for your customers' personal data.
3. How We Store Your Data
Your account data and AI decision logs are stored in a PostgreSQL database protected by TLS 1.3 encryption in transit and strict per-client access controls — every query is scoped to your account, so your data is never accessible to other clients.
Your advertising credentials (OAuth tokens) are never stored in our database. They are stored exclusively in AWS Secrets Manager (AES-256 encryption, eu-west-2 region). Our staff cannot read your advertising account credentials.
4. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account registration data | Duration of subscription + 6 years |
| Business configuration data | Duration of subscription + 12 months |
| Advertising performance data | 24 months from collection |
| AI decision logs | 24 months from creation |
| Audience data (hashed) | Deleted immediately after upload to ad platform |
| Billing records | 6 years (UK tax law) |
| Technical/access logs | 90 days |
5. Who We Share Your Data With
We do not sell your data. We share data only as follows:
- Google LLC, Meta Platforms, Inc., and TikTok (Bytedance Ltd / TikTok Information Technologies UK Ltd / TikTok LLC depending on your region) — via their official APIs to provide the core service.
- Anthropic, PBC — advertising performance metrics (numbers only, no PII) are processed by Claude AI under Anthropic's commercial API terms; Anthropic does not train its models on this data.
- AWS — Secrets Manager for credential storage and encrypted backups (eu-west-2 region, London).
- Stripe, Inc. — payment processing.
- Wise Payments Ltd — affiliate payout processing (bank account details of affiliate partners only; not used for client data).
- Resend — transactional email delivery.
- Sentry — application error tracking (no advertising data or PII in error reports).
6. Your Rights
Under UK GDPR, you have the right to: access your data, rectify inaccurate data, erasure ("right to be forgotten"), restriction of processing, data portability, and to object to processing.
For automated decision-making: you may request human review of any AI decision, switch to Supervised Mode (approval required before actions), or switch to Shadow Mode (analysis only, no execution).
To exercise any right: privacy@abijany.com. We respond within 30 days. You may also lodge a complaint with the Information Commissioner's Office (ICO).
To request deletion of your data connected to our Facebook/Meta application specifically, please visit our Data Deletion page.
7. Cookies
We use strictly-necessary cookies (sign-in, security, and remembering an affiliate referral) by default. We do not use advertising or third-party analytics cookies without your consent. You can review and change your choices at any time via the "Cookie preferences" control in the footer, or through your browser settings. See our Cookie Policy for the full list and details.
8. Security
We implement: TLS 1.3 encryption in transit, dedicated secrets management (AWS Secrets Manager with AES-256 encryption for all advertising credentials), strict per-client access controls on every query, nightly encrypted off-site backups (AES-256, AWS KMS), automated account-anomaly monitoring every 30 minutes, application error tracking, and dependency vulnerability scanning.
In the event of a data breach likely to result in risk to your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.
9. International Data Transfers
Some sub-processors operate outside the UK/EEA (Anthropic and Stripe in the United States). Where data is transferred outside the UK/EEA, we ensure appropriate safeguards including Standard Contractual Clauses approved by the ICO.
10. Changes to This Policy
We will notify you of material changes by email at least 30 days before they take effect. The current version is always at www.abijany.com/privacy.
11. Contact
Privacy Officer, Abijany Limited
Email: privacy@abijany.com
Website: www.abijany.com
ICO: ico.org.uk · 0303 123 1113