FireAdsGet started

Privacy Policy

Last updated: March 23, 2026

FireAds ("we", "us", "our") operates the website fireads.run. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

1. Data Controller

The data controller responsible for your personal data is:

[Company Name] UG (haftungsbeschränkt)
[Address]
Germany
Email: [email protected]

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Your name and email address (from Facebook Login)
  • Your Facebook User ID
  • Your Meta Ad Account IDs

2.2 Authentication Tokens

When you connect your Facebook account, we generate a long-lived access token. This token is displayed to you in your dashboard for local use. We store a hashed reference to track token validity and subscription status.

2.3 Payment Data

Payment processing is handled by Lemon Squeezy (our Merchant of Record). We do not store credit card numbers. We receive subscription status, plan details, and billing email from Lemon Squeezy via webhooks.

2.4 Usage Data

We collect basic analytics: page views, feature usage, and error logs. We do not track your ad campaigns, creatives, or performance data. The MCP server runs locally on your machine — your ad data flows directly between your device and Meta's API.

3. How We Use Your Data

  • To provide and maintain the service (account, authentication, subscription)
  • To communicate with you about your account or service updates
  • To process payments through our Merchant of Record
  • To improve our service based on aggregated, anonymized usage data

4. Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the service you subscribed to
  • Legitimate interest (Art. 6(1)(f)): Service improvement, fraud prevention, security
  • Consent (Art. 6(1)(a)): Marketing communications (opt-in only)

5. Data Sharing

We share data only with:

  • Meta Platforms, Inc. — for OAuth authentication and API access
  • Lemon Squeezy — for payment processing (as Merchant of Record)
  • Cloudflare — for hosting and CDN

We do not sell your data. We do not share it with advertisers or data brokers.

6. Data Retention

We retain your account data for the duration of your subscription. When you cancel, we delete your personal data within 30 days, except where retention is required by law (e.g., tax records for 10 years under German law).

7. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise any of these rights, email us at [email protected].

8. Data Security

We use industry-standard security measures including encrypted connections (TLS), hashed token storage, and access controls. Your Meta access token is displayed to you for local use — we recommend storing it securely in your local environment.

9. International Transfers

Your data may be processed in the EU and US (Cloudflare, Meta). Where data is transferred outside the EU, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as appropriate.

10. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.

12. Contact & Supervisory Authority

For privacy questions: [email protected]

You have the right to lodge a complaint with your local data protection authority. In Germany, this is the relevant Landesdatenschutzbeauftragte.