PRIVACY POLICY

Last updated: 25 June 2026

1. General

  1.  This Privacy Policy ("Policy") describes how Botan App Limited ("Company", "we", "us", or "our") collects, processes, and retains data in connection with the internal marketing analytics and campaign automation platform and its integration with the Meta Marketing API ("Service").
  2.  The Service is a business-to-business (B2B) technical integration. The users of the Service are business entities ("Clients") that connect their Meta Business Manager accounts and ad accounts to the Service. The Service does not interact with or collect personal data of end users of Client advertising campaigns.
  3.  This Policy is published for purposes of compliance with Meta Platform Terms and Meta App Review requirements. It is addressed to Clients and any other parties whose data may be processed in connection with the Service.
  4.  By accessing or using the Service, the Client acknowledges that it has read and understood this Policy.
  5.  If you have any questions regarding this Policy, please contact us at finance@botanapp.com.

2. Data Controller

  1.  Botan App Limited, with its registered address at Archiepiskopou Makariou III, 95 Charitini Building, 1st floor, Flat/office 102, 1071 Nicosia, Cyprus, is the data controller for any personal data processed in connection with the Service.

3. What Data We Collect

  1.  The Service collects and processes the following categories of data:
  1. The Service does not collect, process, or store personally identifiable information of end users of Client advertising campaigns. All advertising performance data processed through the Service is aggregated at the campaign, ad set, or ad level and does not identify individual persons.
  2. The Service does not collect special categories of personal data as defined under applicable data protection law.

4. Purposes and Legal Bases for Processing

  1. We process data collected through the Service for the following purposes:
  2. Provision of the Service: to collect, process, and present aggregated advertising analytics and campaign performance data to the Client; to enable automated creation and management of advertising campaign structures via the Meta Marketing API. Legal basis: performance of contract with the Client.
  3. Campaign automation: to programmatically create full campaign structures on behalf of the Client, including campaigns, ad sets, targeting configuration, budget and bid strategy, creative asset uploads, and individual ads. Legal basis: performance of contract with the Client.
  4. Service operation and improvement: to monitor Service performance, identify and fix errors, and ensure technical stability. Legal basis: legitimate interests of the Company in maintaining and improving the Service.
  5. Legal compliance: to comply with applicable laws, regulations, and platform policies, including Meta Platform Terms. Legal basis: legal obligation.

5. Meta Platform Data

  1.  The Service accesses Meta Platform Data (as defined in Meta Platform Terms) solely to provide the analytics and campaign automation services described in this Policy.
  2.  Meta Platform Data accessed through the Service includes advertising performance metrics, ad account data, campaign structure data, and Business Manager account information.
  3.  Meta Platform Data is not used for any purpose other than providing the Service to the Client whose accounts the data originates from.
  4.  Meta Platform Data is not sold, transferred, or otherwise disclosed to third parties, except as required by applicable law or as strictly necessary to operate the Service infrastructure (e.g., cloud hosting providers operating under appropriate data processing agreements).
  5.  The Company processes Meta Platform Data in compliance with Meta Platform Terms, including the restrictions on data use set out in Section 3 thereof.

6. Data Sharing and Disclosure

  1.  We do not sell Client data or Meta Platform Data to any third party.
  2.  We may share data with the following categories of recipients, strictly as necessary to provide the Service:
  3.  Infrastructure and cloud service providers: hosting, database, and technical operations providers who process data on our behalf under appropriate data processing agreements.
  4.  Professional advisors: lawyers, accountants, and auditors who are subject to confidentiality obligations.
  5.  Law enforcement and regulatory authorities: where required by applicable law, court order, or regulatory requirement.
  6.  Successors in business: in the event of a merger, acquisition, or sale of assets, subject to the acquirer agreeing to protect data in accordance with this Policy.

7. Data Retention

  1.  We retain advertising and campaign data for as long as necessary to provide the Service and as required by applicable law.
  2.  Upon termination of the Client relationship or upon Client request, data is securely deleted in accordance with Section 10 of this Policy.

8. Data Security

  1.  We implement appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction.
  2.  Access to data is restricted to authorized personnel who require access for the purpose of providing the Service.
  3.  We use industry-standard encryption protocols for data transmission and storage.
  4.  In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify affected parties and relevant regulatory authorities as required by applicable law.

9. International Data Transfers

  1.  Data processed through the Service may be transferred to and stored in countries other than the country in which it was originally collected.
  2.  Where data is transferred from the European Economic Area to countries that do not provide an equivalent level of data protection, we apply appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

10. Data Deletion

  1. Clients may request deletion of their data processed through the Service at any time.
  2. To submit a data deletion request, please contact us at: finance@botanapp.com. Please include in your request: the name of your organization, the Meta Business Manager account ID(s) associated with your account, and a description of the data you wish to have deleted.
  3. We will process deletion requests within 30 days of receipt. Upon completion, we will confirm deletion in writing.
  4. Please note that we may retain certain data after a deletion request where retention is required by applicable law or is necessary to resolve disputes or enforce our agreements.
  5. Where the Service receives a data deletion request from Meta or a Meta user pursuant to Meta Platform Terms Section 3(d)(i), we will process such request in accordance with our obligations under Meta Platform Terms.

11. Contact

Email: finance@botanapp.com

Data deletion requests: finance@botanapp.com