Privacy Policy
Effective Date: [July 2025]
?
1. Introduction
?
AdAlong (“we”, “our”, or “us”) provides social content management services to professional clients (“Clients”) through our platform. This Privacy Policy (“Policy”) describes how we collect, use, and protect personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”).
?
AdAlong handles two categories of personal data:
● Section 2: Personal Data of AdAlong Users (Clients)
● Section 3: Personal Data of Social Media Creators (Creators)

?
2. Personal Data of AdAlong Users (Clients)
?
2.1 Data Controller and Purpose
AdAlong acts as the data controller for personal data collected from users of the AdAlong platform (typically employees or representatives of Clients). This data is collected to:
● Provide and manage access to the AdAlong platform
● Deliver services under contract
● Communicate with users (e.g., support, updates)
● Manage business relationships

2.2 Categories of Data Collected
Data Type : Name, job title, email address, phone number
Purpose : Account setup, client support, communication
Retention Period : Duration of the business relationship + legal retention period

Data Type : Login credentials
Purpose : Platform access
Retention Period : Until account deletion

Data Type : Usage logs and IP addresses
Purpose : Security, performance monitoring
Retention Period : Up to 12 months unless longer required for legal reasons
?
2.3 Legal Basis
The legal bases for processing this data are:
● Contract performance (Art. 6(1)(b) GDPR)
● Legal obligations (Art. 6(1)(c) GDPR)
● Legitimate interests in managing our services (Art. 6(1)(f) GDPR)

2.4 Data Transfers and Security
All data is hosted within the European Union. We do not transfer user data outside the EU. Security measures include:
● Encrypted connections (HTTPS, TLS)
● Role-based access control
● Regular security audits
AdAlong does not share personal data with third parties except where required by law or for service operation (e.g., secure hosting providers)
?
?
3. Personal Data of Social Media Creators
?
3.1 Introduction
AdAlong provides Clients with tools to discover and manage user-generated content (“UGC”) from social media platforms such as Instagram, Facebook, Pinterest, TikTok, and YouTube. In doing so, AdAlong may process public personal data from creators (“Creators”) on behalf of Clients.
AdAlong acts as a data processor, while the Client is the data controller under GDPR.
?
3.2 Data Processed and Legal Basis
Data Type: UGC content
Source: Public social media API
Purpose: Providing AdAlong’s service
Retention Period: UGC content is not stored or reused unless explicit consent has been obtained

Data Type: Username, user ID
Source: Public social media API
Purpose: Providing AdAlong’s service
Retention Period: Up to 3 years or until consent withdrawn

Data Type: Date/hashtags/captions/Tags
Source: Public social media API
Purpose: Providing AdAlong’s service
Retention Period: Up to 3 years or until consent withdrawn

These data are publicly available and collected in compliance with the terms of each social platform.
?
3.3 Consent and Responsibilities
Clients are responsible for obtaining valid consent from Creators before using UGC in a marketing or commercial context. For example:
“By replying with #YesClientName, you agree to our use of your post under these terms: [link to full Client T&Cs].”
Clients must also:
● Maintain records of each consent
● Provide transparency regarding use
● Share this Privacy Policy and their own with Creators

3.4 Rights of Creators
In accordance with GDPR, Creators may exercise their rights (access, rectification, erasure, restriction, objection, and data portability) by contacting the Client directly. AdAlong will support Clients in addressing these requests (Art. 28(3)(e) GDPR).
?
3.5 Data Retention and Deletion
AdAlong retains Creator data only as long as necessary (up to 3 years), unless the Creator withdraws consent, in which case the data is deleted promptly.
?
3.6 Security
AdAlong applies technical and organizational measures including:
● Secure EU-based hosting
● Encrypted transmission
● Access controls

3.7 Data Breach Notification
In case of a breach, AdAlong will notify the Client without undue delay. The Client is responsible for notifying the authorities and Creators as necessary.
?
3.8 International Transfers
No personal data of Creators is transferred outside the EU.
AdAlong does not share personal data with third parties except where required by law or for service operation (e.g., secure hosting providers)
?
3.9 Data Processing Agreement (DPA)
Each Client relationship is governed by a DPA in accordance with Art. 28 GDPR.
?
4. Contact
For any questions about this Policy or our data practices, please contact us:
?? Email: hello@adalong.com
??? Subject Line: Data Protection Inquiry
Clients may also designate a Data Protection Officer (DPO) if required.
?
5. Changes to this Policy
AdAlong reserves the right to update this Policy at any time. Material changes will be communicated to Clients, who are responsible for informing affected data subjects (e.g., Creators).
?