KineticAd
Log inGet started

Privacy Policy

Effective date: March 26, 2026

1. Overview

KineticAd, operated by Kinetic Ad LLC (“we”, “us”, “our”), provides a SaaS platform that monitors advertising creatives across Meta, TikTok, Google Ads, Snapchat, and LinkedIn for performance fatigue. This Privacy Policy describes how we collect, use, store, and share information when you use our service at getkineticad.com.

By creating an account or using the service, you agree to the practices described in this policy.

2. Information We Collect

Account information

Your email address and encrypted password when you sign up.

Ad platform data

When you connect an ad account from any supported platform, we request read-only access to your creative-level performance data via that platform's API. This includes metrics such as impressions, clicks, spend, CTR, frequency, and engagement rates at the individual ad level. We do not have the ability to create, edit, pause, or delete your ads on any platform. We store this data to power fatigue detection, runway prediction, and historical reporting within the service.

OAuth access tokens

When you authorize a platform connection, we store an encrypted OAuth token (access token or refresh token depending on the platform) to retrieve your data on an ongoing basis. These tokens are stored with AES-256 encryption and are used exclusively to retrieve performance data on your behalf.

Slack webhook URL

If you enable Slack alerts, you provide a Slack Incoming Webhook URL. This URL is stored encrypted in our database and is used solely to deliver fatigue alert messages to your designated Slack channel. We do not use your webhook URL for any other purpose, and it is never shared with third parties outside of message delivery to Slack's API.

Usage data

Standard server logs including pages visited, timestamps, and browser/device type. This is used to maintain and improve the service.

Payment data

Billing is handled by Stripe. We do not store your credit card number, CVV, or full payment details. We store a Stripe customer ID to manage your subscription.

3. How We Use Your Information

  • To provide, operate, and improve the service
  • To detect creative fatigue and generate alerts
  • To calculate and display estimated creative runway
  • To send transactional emails (alert notifications, billing receipts)
  • To post fatigue alerts to your Slack channel via your webhook URL, if enabled
  • To manage your subscription and process payments
  • To respond to support requests

We do not sell your data to third parties. We do not use your ad platform data for any purpose other than providing the service to you.

4. Cookies and Tracking

Essential cookies

We use essential cookies that are strictly necessary for the operation of the service. These include authentication session cookies to keep you logged in and preference cookies to remember your settings.

Analytics cookies

We may use privacy-focused analytics tools (such as PostHog) to understand how the service is used. If analytics cookies are enabled, they collect anonymized usage data and do not track you across other websites. You may opt out of analytics cookies at any time.

No advertising cookies

We do not use any third-party advertising cookies or tracking pixels. We do not participate in ad networks or allow third-party advertisers to place cookies on our site.

Local storage

We use browser localStorage for UI preferences such as onboarding tour completion status, checklist dismiss state, and dashboard layout preferences. This data stays on your device and is not transmitted to our servers.

5. Third-Party Services

We use the following third-party providers to operate the service:

  • Supabase — database and authentication (data stored in US-East region)
  • Stripe — payment processing (governed by Stripe's privacy policy)
  • Resend — transactional email delivery
  • Railway — backend hosting
  • Vercel — frontend hosting
  • Slack Technologies LLC — Slack Incoming Webhooks API (used only if you enable Slack alerts)
  • Meta Platforms — Marketing API data source
  • TikTok / ByteDance — TikTok Business API data source
  • Google LLC — Google Ads API data source
  • Snap Inc. — Snapchat Marketing API data source
  • LinkedIn Corporation — LinkedIn Marketing API data source

Each provider has their own privacy practices. We recommend reviewing their respective policies.

6. Meta Platform Data

Our access to your Meta Ads data is governed by the Meta Platform Terms and our approved use case. We access only the data necessary to provide the fatigue detection service. We do not share your Meta Ads data with other users or third parties outside of the service providers listed above. You may revoke our access to your Meta account at any time through your Meta Business Settings.

7. TikTok Platform Data

Our access to your TikTok Ads data is governed by the TikTok Business API Terms of Service and Developer Agreement. We access only the ad performance data required to operate the fatigue detection service. We do not share your TikTok Ads data with other users or third parties outside of the service providers listed above. You may revoke our access at any time through your TikTok Business Center settings or by disconnecting the account within the service.

TikTok access tokens expire after 365 days. We will notify you when a token is approaching expiration so you can reconnect without service interruption.

8. Google Ads Data

Our access to your Google Ads data is governed by the Google Ads API Terms of Service and Google's Advertising Policies. We use short-lived access tokens that are automatically refreshed using your stored OAuth authorization. We access only creative-level performance metrics necessary for fatigue detection. We do not share your Google Ads data with other users or third parties outside of the service providers listed above. You may revoke our access at any time through your Google Account permissions at myaccount.google.com.

9. Snapchat Ads Data

Our access to your Snapchat Ads data is governed by Snap Inc.'s Business API Terms. We store your Snapchat refresh token (encrypted) and exchange it for a short-lived access token before each sync. Refresh tokens are valid for up to 90 days. We access only ad-level performance metrics necessary for fatigue detection and do not share this data with other users or third parties outside of the service providers listed above. You may revoke access at any time through your Snapchat Business Manager settings.

10. LinkedIn Ads Data

Our access to your LinkedIn Ads data is governed by the LinkedIn Marketing Developer Platform Terms. We store your LinkedIn OAuth token (encrypted) and use it to access creative-level performance metrics via the LinkedIn Marketing API. We access only the data necessary to provide the fatigue detection service. We do not share your LinkedIn Ads data with other users or third parties outside of the service providers listed above. You may revoke access at any time through your LinkedIn account settings under Permitted Services.

11. Slack Integration Data

If you enable the Slack integration, your Slack Incoming Webhook URL is stored encrypted in our database. It is used solely to post fatigue alert messages to your configured Slack channel. Alert messages include: creative name, severity level, CTR drop %, ad frequency, estimated runway, and a link back to your KineticAd dashboard. No personally identifiable information about your audience or customers is ever included in Slack messages.

You may disable Slack alerts or remove your webhook URL at any time from Settings. Upon removal, the webhook URL is deleted from our database within 24 hours.

Use of Slack is governed by Slack's own Privacy Policy. We are not affiliated with or endorsed by Slack Technologies LLC.

12. Task Integration Data

If you connect a task management platform (Notion, Linear, or Asana), we store your OAuth token encrypted using AES-256. This token is used solely to create tasks on your behalf when you choose to generate a task from a fatigue alert. Task content may include the creative name, fatigue severity, and relevant performance details.

We do not read, modify, or delete any existing tasks or data in your connected task management account. You may disconnect your task integration and remove the stored token at any time from Settings. Upon disconnection, the token is deleted from our database immediately.

13. NPS Feedback Data

If you submit NPS (Net Promoter Score) feedback through the service, we collect your score (1–10) and any optional comment you provide. This feedback is associated with your account and is used solely to improve the service. We do not share individual feedback responses with third parties. Aggregated, anonymized feedback data may be used to evaluate service quality.

14. Automated Decision Making

Our fatigue detection system uses algorithmic analysis of ad performance metrics (such as CTR trends, frequency, spend efficiency, and engagement rates) to identify creatives that may be experiencing fatigue. These algorithms produce alerts and recommendations within the dashboard.

No automated decisions are made that produce legal effects or similarly significant effects on users. Fatigue alerts are informational only. You retain full control over your ad campaigns and can always override, dismiss, or ignore any fatigue alert generated by the service.

15. Data Retention

We retain your account data and ad metrics for as long as your account is active. If you cancel your subscription and close your account, we will delete your personal data and ad metrics within 30 days of your request. Anonymized, aggregate usage statistics may be retained indefinitely.

16. Security and Data Breach Notification

We use industry-standard security practices including AES-256 encryption for stored OAuth tokens and Slack webhook URLs, HTTPS-only connections, and strict access controls. All ad account credentials are stored encrypted and are never exposed in plain text in logs or responses.

In the event of a data breach that affects your personal data or connected account credentials, we will notify affected users by email within 72 hours of confirming the breach, to the extent practicable. The notification will include: (a) what data was affected; (b) what happened; (c) steps we have taken to contain it; and (d) recommended actions for you to take, such as revoking OAuth access from the affected platforms and rotating your Slack webhook URL if applicable.

If you believe your account has been compromised, please contact us immediately at jake@getkineticad.comand revoke platform access via each ad platform's account settings. No system is perfectly secure. By using the service you acknowledge this inherent risk and accept that our liability for any breach-related loss is limited as described in our Terms of Service.

17. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Revoke API access for any connected platform at any time
  • Remove your Slack webhook URL at any time from Settings
  • Export your data upon request

To exercise any of these rights, email us at jake@getkineticad.com.

18. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, this section applies to you. KineticAd, operated by Kinetic Ad LLC, acts as the data controller for the personal data we process.

Legal basis for processing

We process your personal data under the following legal bases: (a) Contract performance — processing necessary to provide the service you signed up for; (b) Legitimate interest — processing necessary for our legitimate business interests, such as improving the service, preventing fraud, and ensuring security; and (c) Consent— where you have given explicit consent, such as opting in to optional analytics or marketing communications.

Your rights under GDPR

In addition to the rights listed in Section 17, EU/EEA users have the right to:

  • Access your personal data and receive a copy
  • Rectification of inaccurate or incomplete data
  • Erasure of your personal data (“right to be forgotten”)
  • Restriction of processing under certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at jake@getkineticad.com. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

19. CCPA / California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Your rights under CCPA

  • Right to know — You may request that we disclose what categories and specific pieces of personal information we have collected about you
  • Right to delete — You may request deletion of your personal information, subject to certain exceptions
  • Right to opt out of sale — We do not sell your personal information to third parties. Because we do not sell personal data, there is no need to opt out
  • Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, email us at jake@getkineticad.com. We will verify your identity using the email address associated with your account. We will respond to verifiable requests within 45 days.

20. Children's Privacy (COPPA)

The service is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will take steps to delete that information as promptly as possible. If you believe a child has provided us with personal data, please contact us at jake@getkineticad.com.

21. International Data Transfers

Your data is stored in the United States (Supabase US-East region). If you access the service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the service, you consent to this transfer.

Where required by applicable law, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards to ensure adequate protection of your data when it is transferred internationally.

22. Do Not Track

We respect browser Do Not Track (DNT) signals. When we detect that your browser has DNT enabled, we limit tracking to essential service operation only, such as authentication and security. No analytics or optional tracking data is collected when DNT is active.

23. Data Processing Agreements

Data Processing Agreements (DPAs) are available upon request for enterprise customers who require a DPA for GDPR compliance or other regulatory purposes. To request a DPA, contact us at jake@getkineticad.com.

24. Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated via email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

25. Contact

Questions about this policy? Email us at jake@getkineticad.com.