Skip to content

Legal

Privacy Policy

Last updated: 2026-05-15

1. Who we are

DashOps is a software-as-a-service platform operated by Octatude LLC, a limited liability company organised under the laws of the State of Georgia, United States. Our registered address is:

Octatude LLC
3688 Clearview Ave, Ste 130
Atlanta, GA 30340
United States

For privacy-related questions, contact us at privacy@octatude.com.

2. Information we collect

We collect the following categories of information:

  • Account information: name, email address, password (hashed via bcrypt), agency name, role, profile photo (optional).
  • Authentication data: JWT session tokens, refresh tokens, optional 2FA secrets, recovery codes.
  • Meta integration data: when you connect a Meta Business account via OAuth, we receive an access token (encrypted at rest using AES-256-GCM) and the list of ad accounts, pages, pixels, and audiences your account has permission to access.
  • Advertising data: campaign / ad set / ad metadata, creative assets, performance insights (impressions, clicks, conversions, spend), audience definitions, and lead form submissions — all retrieved from the Meta Marketing API on your behalf.
  • Billing information: processed by Stripe, our payment processor. We store the Stripe customer ID and subscription status; we never store full payment card details.
  • Usage information: IP address, browser type, referrer, pages viewed, actions taken (logged for security and audit purposes).
  • Communications: emails you send to us, support tickets, in-app feedback.

3. How we use your information

  • To provide, maintain, and improve the DashOps service.
  • To authenticate you and protect your account.
  • To send transactional emails (verification, invitations, billing receipts) and digest emails you have explicitly opted into.
  • To enforce our Terms of Service and detect abuse.
  • To comply with legal obligations.
  • To respond to your support requests.

We do not sell your personal information. We do not use your data or your clients' advertising data to train general AI models. Future AI features (see our roadmap) will be opt-in and will use anonymised, aggregated patterns only.

4. How we share your information

We share information only with our sub-processors, who help us run the service. The full list is at /sub-processors. Each sub-processor is bound by a data-processing agreement that limits how they may use your data.

We may also disclose information if required by law (court order, subpoena), to enforce our Terms of Service, or to protect the rights, property, or safety of Octatude LLC, our users, or others.

5. Data retention

We retain account information and operational data for as long as your subscription is active. After cancellation:

  • 30-day soft-delete window: your data remains in our systems but is inaccessible to your account. You can re-activate during this window and resume where you left off.
  • After 30 days: all your account data — including Meta integration data, insights history, audience definitions, and team members — is permanently deleted from our active databases. Backups are purged within 90 days.
  • Audit log entries may be retained longer (up to 7 years) for security and compliance purposes, but only contain action metadata, not advertising content.

You can request immediate deletion at any time via your Privacy Settings.

6. Your rights

Depending on where you live, you may have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Rectify: correct inaccurate information via your profile.
  • Delete: request deletion of your account and personal data.
  • Port: receive your data in a machine-readable format (JSON export available in-app).
  • Object: object to certain types of processing.
  • Withdraw consent: revoke any consent you have given.

To exercise any of these rights, email us at privacy@octatude.com. We respond within 30 days.

California residents have specific rights under the California Consumer Privacy Act (CCPA) — including the right to know what personal information we collect and to opt-out of any sale (we do not sell personal information).

EU / UK residents have rights under the GDPR / UK GDPR. For these requests, our supervisory authority is the Information Commissioner's Office (ICO) in the UK and your local DPA in the EU.

7. Security

We protect your data with industry-standard measures:

  • TLS 1.3 encryption in transit; AES-256-GCM encryption for Meta access tokens at rest.
  • Bcrypt-hashed passwords with strict complexity requirements (12+ characters, optional HIBP breach check).
  • JWT authentication with 15-minute expiry and rotated 7-day refresh tokens.
  • Brute-force lockout, optional 2FA with recovery codes.
  • Per-user audit log of every change.
  • Hosted infrastructure (Vercel, Render, MongoDB Atlas) with SOC 2 Type II compliance.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@dashops.io.

8. International data transfers

We are based in the United States and our infrastructure is distributed globally (database in ap-south-1, backend in ap-southeast-1, frontend on global CDN). By using DashOps, you consent to your information being transferred to and processed in the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/UK.

9. Children's privacy

DashOps is a B2B service intended for adult users. We do not knowingly collect information from anyone under 16. If we learn we have collected such information, we delete it.

10. Cookies

We use a minimal set of essential cookies for authentication and session management. We do not use third-party tracking cookies, advertising pixels, or analytics tools that share data with third parties (no Google Analytics, no Facebook Pixel, no Hotjar). If we add any in the future, our cookie banner will let you opt in or out per category.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email to all account holders at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact us

For privacy questions, data subject requests, or any other concerns:

  • Email: privacy@octatude.com
  • Postal: Octatude LLC, 3688 Clearview Ave, Ste 130, Atlanta, GA 30340, United States