Privacy Policy
1. Who we are
AdSummon is a product operated by Rebu Media Limited, a company registered in Hong Kong SAR. Our registered details are as follows:
| Company name | Rebu Media Limited |
| Registered address | RM 1405, 135 Bonham Strand Trade Centre, 135 Bonham Strand, Sheung Wan, Hong Kong |
| Certificate No. | 79059698-000-10-25-1 |
| Legal status | Body Corporate |
| Contact | contact@adsummon.com |
2. What AdSummon does
AdSummon is an AI-powered advertising analysis tool built for digital advertising agencies and media buyers. It connects to your Meta Ads and Google Ads accounts via official APIs, retrieves performance data, and provides AI-assisted analysis through a conversational interface (the Analyst Section).
Within the Analyst Section, you can ask questions about specific brands or campaigns and receive AI-generated analysis based on your advertising data, conversation history, and brand context you provide. You can manage multiple brands, bind advertising accounts, and maintain ongoing conversation histories.
AdSummon is a productivity and analysis tool. It does not constitute financial, legal, or professional advertising advice. It operates in read-only mode - it does not create, modify, or delete campaigns or ads on your behalf.
3. Data we collect
Account data: Your name, email address, and profile information, collected at sign-up via Google OAuth. Used to create and manage your account and process your subscription via Stripe.
Advertising account data: Ad account metadata (account IDs, account names, connection status) and campaign performance data (spend, impressions, clicks, conversions, ROAS, CPA, and related metrics) retrieved from Meta Ads and Google Ads APIs. This data is fetched on demand when you request analysis and is not permanently stored in a separate reporting database.
Brand background information: Text you voluntarily input to provide context about a client or brand, used to inform AI analysis.
Conversation history: Your questions and the AI's responses within the Analyst Section, retained to support multi-turn conversations and ongoing analysis.
Action logs: Records of function calls executed by the AI during analysis sessions, visible to you within the interface.
Payment data: Payments are processed by Stripe, Inc. We do not store credit card details. We retain subscription status and transaction records. Stripe's privacy policy applies to payment data.
Usage data: Anonymous usage analytics collected via Google Tag Manager, including page views and session information. This data is not linked to your identity.
4. How we use your data
- To authenticate your identity and maintain your session
- To connect to your advertising accounts and retrieve performance data
- To generate AI analysis and responses within the Analyst Section
- To maintain your brand and conversation history
- To process payments and manage your subscription
- To communicate account updates, service changes, and product announcements
- To measure service usage via anonymous analytics
We do not sell your data. We do not use your data for advertising purposes.
5. How we use data from third-party APIs
Data obtained via Google OAuth and the Google Ads API, and data obtained via the Meta Ads API, is used exclusively to provide the Service to you.
Google API Limited Use Compliance: Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, this data:
- Is used only to generate advertising analysis and insights you have requested
- Is not used to train, fine-tune, or improve any AI or machine learning model
- Is not used for targeted advertising, profiling, or any marketing purpose
- Is not sold to third parties or data brokers
- Is not used for credit assessment or any purpose unrelated to advertising analytics
- Is not shared with any party except as strictly necessary to operate the Service
The founding team may review individual queries and AI outputs solely for quality assurance and to ensure the Service functions correctly for you. This review is conducted internally only and is not shared with third parties. Your queries and advertising data will never be used to train AI models or for any marketing purpose.
6. Data security
We implement robust technical and organizational security measures to protect your sensitive ad account credentials and data:
Encryption in transit: All data transmitted between your browser and AdSummon, and between AdSummon and third-party APIs (including Google Ads API and Meta Ads API), is encrypted using HTTPS/TLS. Browser sessions use secure, authenticated cookies.
Encryption at rest: Data is stored in MongoDB, hosted on Google Cloud Platform. We rely on the default encryption configurations provided by our managed database and cloud infrastructure.
OAuth token protection: Your Google and Meta OAuth access and refresh tokens are stored server-side. They are never exposed to your browser or stored in local storage. Token refresh operations are handled entirely server-side.
Access controls: Access to your data is restricted through authenticated server-side sessions. Administrative routes are protected by role-based access checks. Access to Google Ads data additionally requires a valid authenticated session, an active subscription, and a confirmed Google Ads connection.
Data isolation: Our AI retrieval system filters all data by user and brand before passing it to the AI model. You cannot access data belonging to other users or organisations.
Additional measures: CORS policies restrict API access to authorised origins only. Standard security middleware is applied across all routes. OAuth endpoints are rate-limited to prevent abuse.
7. Third-party services
Large language model APIs: AdSummon's AI analysis is powered by OpenAI's API. Your queries and relevant advertising data are transmitted to OpenAI to generate responses. OpenAI is contractually prohibited from using your data to train their models. If we change LLM providers, we will update this policy accordingly.
Meta Ads API: AdSummon accesses your advertising data via the official Meta Ads API under permissions you explicitly grant. Meta Platforms, Inc. has its own privacy policy governing your data on their platform.
Google Ads API: AdSummon accesses your Google Ads data via the official Google Ads API under permissions you explicitly grant. Google LLC has its own privacy policy governing your data on their platform.
Stripe: Payment processing is handled by Stripe, Inc. We pass your email to Stripe solely for the purpose of creating and managing your subscription.
Google Tag Manager: We use Google Tag Manager to collect anonymised usage analytics. No personally identifiable information is passed to Google Analytics.
Google Cloud Platform: Our infrastructure is hosted on GCP. Your data resides on GCP servers subject to Google's infrastructure security standards.
8. Data retention
| Data Type | Retention Period |
|---|---|
| Account and identity data | Retained while your account is active; deleted within 30 days of account closure upon request. |
| OAuth tokens | Retained while your connection is active; deleted upon disconnection or account closure. |
| Ad account metadata | Retained while your account is active. |
| Raw advertising performance data | Fetched on demand; not permanently stored. |
| Conversation history and action logs | Retained while your account is active; you may delete individual conversations at any time. |
| Brand background information | Retained while your account is active; you may edit or delete at any time. |
| Payment records | Retained as required for accounting, tax, and Hong Kong legal compliance. |
| Anonymous usage analytics | Retained per Google Tag Manager's standard policies. |
9. Your rights
You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email contact@adsummon.com. We will respond within 30 days.
You may disconnect your Google or Meta advertising accounts at any time from within AdSummon settings, or by revoking access via your Google Account permissions page.
10. Cookies
We use essential session cookies to keep you logged in. We use Google Tag Manager to collect anonymised usage data. We do not use advertising or tracking cookies.
11. Changes to this policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email at least 30 days before the change takes effect. Continued use of AdSummon after a change constitutes acceptance of the updated policy.
12. Changelog: Key differences from previous version (April 12, 2026)
| Section | Change | Reason |
|---|---|---|
| Section 2 | Updated to reflect Analyst, brand and conversation management, action logs, and read-only operation. | Reflects current product functionality. |
| Section 3 | Added brand background information, conversation history, and action logs. Clarified that raw ad data is fetched on demand and not permanently stored. | New data types introduced in the current product. |
| Section 5 | Removed model-improvement clauses. Added explicit statement that Google and Meta API data is not used to train or fine-tune any AI model. | Removes language that risks violating Google API Services Limited Use policy. |
| Section 5 | Added explicit reference to Google API Services User Data Policy and Limited Use requirements. | Required for GCP OAuth verification. |
| Section 6 | Added comprehensive Data Security section covering transit/at-rest encryption, server-side token storage, and access controls. | Directly addresses Google OAuth verification feedback regarding data protection mechanisms. |
| Section 7 | Added Google Cloud Platform as a named third-party provider. | Transparency about secure hosting infrastructure. |
| Section 8 | Restructured data retention categories and details as a table. | Clarity and completeness of compliance data. |