Skip to main content

Legal

Privacy Policy

Last updated: June 2026

Your privacy matters to us. This policy explains how AdsByVirtue collects, uses, protects, and shares your personal information.

1. Information We Collect

We collect information you provide directly to us, information collected automatically when you use our platform, and information from third-party sources.

1.1 Information You Provide

  • Account information: Name, email address, password, phone number, and profile photo.
  • Profile information: For influencers — niche, follower counts, social handles, rates, portfolio. For brands — company name, website, industry, halal certification. For publishers — website URL, category, traffic data.
  • Payment information: Processed securely through Payoneer. We do not store credit card numbers or bank account details on our servers.
  • Communications: Messages sent through our contact form, support tickets, and email correspondence.
  • Content: Campaign briefs, ad creatives, sponsored content, and other materials uploaded to the platform.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, clicks, search queries, and timestamps.
  • Device information: Browser type, operating system, device type, screen resolution, and language preferences.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies: Session cookies for authentication, preference cookies for settings, and analytics cookies to understand platform usage.

1.3 Information from Third Parties

  • OAuth providers: If you sign up with Google, we receive your name, email, and profile picture from Google.
  • Social platforms: Public social media data (follower counts, engagement metrics) used for influencer verification and campaign matching.
  • Halal certifiers: Public certification data to verify brand halal status.

2. How We Use Your Information

We use the information we collect to:

  • Provide our platform: Create and manage your account, process campaigns, facilitate payments, and enable communication between brands, influencers, and publishers.
  • Shariah compliance: Screen ads and content through our 5-layer compliance shield, including automated filtering and policy review.
  • Improve our services: Analyze usage patterns, fix bugs, develop new features, and optimize performance.
  • Communicate: Send transactional emails (campaign updates, payment confirmations), platform announcements, and respond to support requests.
  • Ensure security: Detect and prevent fraud, enforce our terms of service, and protect the safety of our users.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

  • Platform participants: Influencer profiles (niche, follower counts, rates) are visible to brands. Brand campaign details are visible to influencers. Publisher site data is visible to advertisers. This is essential for platform functionality.
  • Service providers: We share data with trusted third parties who provide services on our behalf — Payoneer (payments), Supabase (hosting/auth), Resend (email), and analytics providers. These partners are contractually obligated to protect your data.
  • Legal requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect rights, safety, or property.
  • Business transfers: In a merger, acquisition, or sale of assets, user information may be transferred. We will provide notice before your data is transferred under new ownership.

4. Data Protection & Security

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest.
  • Authentication: We use Supabase Auth with secure session management. We support multi-factor authentication for brands, publishers, and admins.
  • Access controls: Row-Level Security (RLS) on every database table ensures users can only access their own data. Role-based access control restricts admin functions.
  • Minimal data: We collect only what is necessary. Payment details are never stored on our servers.
  • Audit logging: All Shariah compliance decisions and admin actions are logged in an immutable audit trail.
  • Incident response: In the event of a data breach, we will notify affected users within 72 hours as required by GDPR.

5. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("right to be forgotten"). Note that we may retain certain data as required by law or for legitimate business purposes.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for specific purposes.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and platform functionality. These cannot be disabled.
  • Preference cookies: Remember your settings (e.g., dark mode, language).
  • Analytics cookies: Help us understand how users interact with our platform. We use privacy-focused analytics (Plausible or PostHog self-hosted).

We do not use advertising cookies or tracking cookies. We do not sell or share cookie data with advertisers.

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide our services. When you delete your account, we will:

  • Delete your profile information within 30 days.
  • Retain anonymized transaction records for legal compliance (up to 7 years).
  • Retain immutable Shariah audit log entries (these are append-only by design).
  • Remove your data from backups within 90 days.

8. Children's Privacy

Our platform is not directed to children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it immediately.

9. International Data Transfers

Your data may be processed in Pakistan, the EU, or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) where required.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related inquiries, contact us at: