1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and company details when you sign up for our services.
• Contact Information: When you reach out to us through contact forms or email.
• Waitlist Signups: Email address when you express interest in upcoming products.

1.2 Information Collected Automatically

• Usage Data: Information about how you interact with our services.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP addresses, access times, and referring URLs.

1.3 Information from Third-Party Platform Integrations

When you connect your advertising platform accounts (such as TikTok Ads, Google Ads, Display & Video 360, Campaign Manager 360, or Meta Ads) to Tuxonomy, we access and store the following data:

• OAuth Tokens: Authentication credentials that allow Tuxonomy to access your ad platform accounts on your behalf. These tokens are encrypted at rest using industry-standard encryption (AES-128-CBC + HMAC-SHA256).
• Account Metadata: Advertiser account names, IDs, and status information used to identify which accounts you have connected.
• Campaign Naming Data: Campaign names, ad group names, and ad names from your connected accounts. This data is used solely for naming convention validation and compliance reporting.
• Entity Status: The operational status of campaigns, ad groups, and ads (e.g., active, paused, deleted).

We do not access billing information, creative assets, audience data, targeting settings, or performance metrics from your connected ad platform accounts.

2. How We Use Your Information

We use your information to:

• Provide and maintain our services
• Validate campaign, ad group, and ad names against your configured naming conventions
• Generate compliance reports showing which entities follow your naming rules
• Push corrected names back to your ad platforms when you approve a rename
• Respond to your inquiries and requests
• Send you updates, security alerts, and support messages
• Send marketing communications (with your consent)
• Analyse and improve our services
• Comply with legal obligations

3. Information Sharing

We do not sell your personal information to third parties. We may share your information with:

• Service Providers: Trusted third parties who help us deliver our services (hosting, analytics, email services).
• Ad Platform APIs: When you authorise a rename action, we send the updated name to the respective ad platform (e.g., TikTok, Google, Meta) via their official API. No other data is sent.
• Legal Requirements: When required by law or to protect our legal rights.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

4. Data Security

We implement industry-standard security measures to protect your data from unauthorised access, alteration, disclosure, or destruction:

• OAuth tokens and platform credentials are encrypted at rest using Fernet encryption (AES-128-CBC + HMAC-SHA256)
• All data is transmitted over HTTPS/TLS
• Database access is isolated per tenant with dedicated database instances
• Access controls enforce role-based permissions at the workspace level

However, no method of transmission over the Internet is 100% secure.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law.

• Account data is retained for the duration of your active subscription and deleted upon account closure.
• Synced campaign data (names, compliance history) is retained while your ad platform account is connected and deleted when you disconnect.
• OAuth tokens are deleted immediately when you disconnect an ad platform account.

6. Disconnecting Ad Platform Accounts

You can disconnect any connected ad platform account at any time from your workspace settings. When you disconnect:

• The stored OAuth token is immediately deleted from our systems
• All synced campaign data associated with that account is removed
• We can no longer access your ad platform account on your behalf

7. Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing
• Data portability
• Withdraw consent

8. Cookies

We use cookies and similar technologies to enhance your experience. You can manage cookie preferences through your browser settings, though some features may not function properly.

9. International Data Transfers

Your data may be transferred to countries with different data protection laws. We ensure appropriate safeguards are in place.

10. Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date.

12. Contact Us

For questions about this Privacy Policy, contact us at: