letoads

Privacy Policy

Effective May 18, 2026

LetoAds (“LetoAds,” “we,” “our”) helps marketing teams plan, launch, and optimize advertising campaigns across Google Ads and Meta (Facebook and Instagram). This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. It applies to letoads.comand any associated subdomains or services (the “Service”).

1. Information we collect

1.1 Account information

When you sign in with Google, we receive your name, email address, profile picture, Google account ID, and the workspace you belong to. We do not receive or store your Google password.

1.2 Advertising platform data

When you connect a Google Ads or Meta Ads account to LetoAds, we receive and store data the platform makes available to you under your own credentials, including:

  • Account, business, and ad-account identifiers and names
  • Campaigns, ad sets, ads, audiences, and creative assets you create through LetoAds or sync from the platform
  • Performance metrics: impressions, clicks, spend, conversions, reach, frequency, and similar reporting fields
  • Billing entities and currency settings associated with the connected ad account
  • OAuth access and refresh tokens, which are encrypted at rest and used solely to call the platform’s APIs on your behalf

We only access ad-platform data that you have explicitly authorized through the platform’s OAuth consent screen. We do not access personal messages, contact lists, or any data outside the scopes you approve.

1.3 Assets you upload

Images, videos, copy, and other creative assets you upload to LetoAds are stored in our object storage so we can submit them to the advertising platforms you choose. You retain ownership of all assets you upload.

1.4 Usage and device data

We log technical information necessary to operate and secure the Service: IP address, browser type, device type, pages viewed, actions taken inside the app, and timestamps. We also record API responses from connected platforms for debugging and audit purposes.

1.5 Cookies and similar technologies

LetoAds uses strictly necessary cookies to keep you signed in and to protect against CSRF and abuse. We do not use third-party advertising cookies, and we do not run cross-site tracking on letoads.com.

2. How we use your information

We use the information described above to:

  • Provide, maintain, and secure the Service
  • Authenticate you and authorize access to your workspace
  • Call Google Ads and Meta APIs on your behalf to create, edit, pause, and report on campaigns you configure
  • Display dashboards, reports, and recommendations inside the Service
  • Send transactional emails about your account, security, billing, and important Service changes
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms

We do not sell your personal information, and we do not use ad-platform data to build advertising profiles or to train third-party AI models.

3. Google API Services User Data

LetoAds’ use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the OAuth scopes necessary to operate features you have enabled (sign-in and Google Ads management).
  • We do not transfer Google user data to third parties except as required to provide or improve user-facing features that are prominent in the requesting application.
  • We do not use Google user data to serve advertising.
  • We do not allow humans to read your Google user data unless we have your affirmative agreement, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and used for internal operations under this policy.

4. Meta Platform Terms

LetoAds is a Meta Tech Provider. Our use of data received from Meta’s APIs complies with the Meta Platform Terms and Developer Policies. We only use platform data to provide ad-management features to the user who connected the account.

5. How we share information

We share information only as described below.

  • Advertising platforms. When you create or sync campaigns, we send the relevant data to Google Ads or Meta on your behalf.
  • Service providers. We use vetted vendors for hosting (Vercel), database (Neon), object storage (Cloudflare R2), authentication (Auth.js), email (transactional provider), and error monitoring. Each vendor is bound by a written agreement that restricts use of the data to providing the service.
  • Within your workspace. Other members of your workspace can see campaigns, reports, assets, and connection metadata associated with the workspace.
  • Legal and safety. We may disclose information if required by law, legal process, or to protect the rights, property, or safety of LetoAds, our users, or the public.
  • Business transfers. If LetoAds is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction; you will be notified before your information becomes subject to a different privacy policy.

We do not sell or rent your personal information.

6. Data retention

We retain account information for as long as your workspace is active. Connected ad-platform data is retained for the lifetime of the connection plus a short rolling window for historical reporting. OAuth tokens are revoked and deleted when you disconnect a platform, when a token expires, or when your account is deleted.

Audit logs, security logs, and backups may be retained for up to 90 days after deletion, after which they are permanently purged. We may retain anonymized, aggregated information indefinitely.

7. Your choices and rights

  • Disconnect a platform.Go to Settings → Connections to revoke LetoAds’ access to any connected ad account at any time. You can also revoke access from your Google account or Meta business integrations page.
  • Delete your account. Email privacy@letoads.com from the address tied to your LetoAds account and we will delete your account and associated personal data within 30 days, subject to the retention windows above.
  • Access, correct, export. Depending on your location, you may have rights under the GDPR, UK GDPR, CCPA/CPRA, or similar laws to access, correct, port, or delete your personal information, and to object to or restrict certain processing. To exercise any of these rights, contact privacy@letoads.com.
  • Do Not Track. LetoAds does not respond to browser Do Not Track signals because we do not perform cross-site tracking.

8. Security

We protect your data with TLS in transit, encryption at rest, scoped OAuth tokens, audit logging, and least-privilege access controls. No system is perfectly secure; if we discover a breach affecting your data, we will notify you in accordance with applicable law.

9. International transfers

LetoAds is operated from the Cayman Islands and stores data primarily in the United States and the European Union via our cloud providers. If you access the Service from a region with different data protection rules, you consent to transferring your information to those locations, subject to appropriate safeguards (such as Standard Contractual Clauses where required).

10. Children

LetoAds is intended for businesses. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or in-app banner before the change takes effect. The “Effective” date at the top of this page reflects the latest revision.

12. Contact us

Questions, requests, or complaints? Email privacy@letoads.com. We respond within 5 business days.