Privacy Policy for PlentyLabs

Effective Date: April 22, 2026

Version: 2.1

Policy URL: https://plentylabs.com/privacy

1. About This Policy

This Privacy Policy (“Policy”) explains how PlentyLabs (“PlentyLabs,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our website and services at https://plentylabs.com (the “Website”, “Platform”, or “Service”).

PlentyLabs is operated by VXA AB, a company registered in Sweden (Org.nr: 559454-1855), with postal address at Västgötagatan 2, 118 27 Stockholm, Sweden.

2. Purpose of the Service

PlentyLabs is an AI-powered advertising platform that helps businesses create, publish, and analyze advertisements across major online advertising platforms. At the date of this Policy, PlentyLabs integrates with Meta (Facebook and Instagram), Google, and TikTok. We add support for additional advertising platforms over time; where we do, the commitments in this Policy apply to those integrations as well, and we will update the platform-specific sections below as new integrations are released.

We refer to Meta, Google, TikTok, and any additional advertising platforms we integrate with as “Connected Platforms.” Our Service enables users to:

  • Create and generate ad creatives using AI technology
  • Publish advertisements and creative assets to Connected Platforms
  • Analyze ad performance data to optimize future campaigns
  • Store brand assets, products, and campaign information

Please note that we do not control any personal data processing conducted by the Connected Platforms themselves, by other third-party services that may be linked to our Service, or by our customers. For information on how those platforms handle personal data, please refer to their own privacy policies:

As we add new Connected Platforms, we will add links to their privacy policies here.

3. Information We Collect

3.1 Information You Provide Directly

When you register for and use PlentyLabs, we collect:

  • Account information: Your name, email address, and password
  • Business information: Company name, company URL, and business details
  • Brand assets: Product information, brand guidelines, logos, and creative materials you upload
  • Payment information: Processed securely through our payment provider (we do not store full payment card details)

3.2 Information from Connected Platforms (When You Connect Your Account)

When you authorize PlentyLabs to connect to a Connected Platform via that platform’s OAuth or equivalent authorization flow, we may access (with your permission) information that the platform makes available to us for the features you have enabled. We request only the minimum OAuth scopes required to provide those features, and you can review and revoke those permissions at any time through the respective platform. The categories of data we may access are described per platform below. As we add new Connected Platforms, we will add corresponding sub-sections here.

3.2.1 Information from Meta

When you authorize PlentyLabs via Meta OAuth, we may access (with your permission):

  • Your connected Ad Accounts, Pages, and Business Manager
  • Ad performance data (e.g., spend, impressions, clicks, ROAS, CTR, conversions)
  • Ad creatives metadata (e.g., creative IDs, preview URLs, headlines)
  • Historical and real-time campaign performance metrics

3.2.2 Information from Google

When you authorize PlentyLabs via Google OAuth, we may access (with your permission):

  • Your Google Ads customer accounts that you have granted access to
  • Campaign, ad group, and ad performance metrics (e.g., spend, impressions, clicks, conversions)
  • Ad asset metadata (e.g., asset IDs, headlines, descriptions)
  • Account-level settings necessary to publish and manage ads on your behalf

You can review and revoke these permissions at any time at myaccount.google.com/permissions .

3.2.3 Information from TikTok

When you authorize PlentyLabs via TikTok’s authorization flow, we may access (with your permission):

  • Your connected TikTok Ads / Business Center accounts that you have granted access to
  • Ad performance data (e.g., spend, impressions, clicks, conversions)
  • Ad creatives metadata (e.g., creative IDs, preview URLs)
  • Account-level settings necessary to publish and manage ads on your behalf

You can review and revoke these permissions at any time through your TikTok account settings, or by contacting us at support@plentylabs.com .

3.3 Information We Do NOT Collect

We do not collect:

  • Personal profile information of end users from Connected Platforms (e.g., Facebook, Instagram, Google, or TikTok users)
  • Private messages or personal communications
  • Personal names or email addresses of individuals from Connected Platforms
  • Personal behavioral data for profiling or tracking individuals

4. How We Use Your Data

We use your data to:

  • Provide and operate the PlentyLabs Service
  • Generate AI-powered ad creatives based on your brand and product information
  • Fetch, display, and analyze your ad performance data from Connected Platforms
  • Identify high-performing ad patterns and optimize recommendations
  • Publish advertisements and creative assets to your connected Ad Accounts on Connected Platforms
  • Communicate with you about your account and our services
  • Improve and develop new features for the Service

We do not:

  • Sell, rent, or redistribute your data to third parties
  • Share your business data with other users
  • Transfer data to third parties except to provide the Service to you as described in this Policy

5. Google API Services User Data Policy

PlentyLabs’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy , including the Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve the user-facing features of the PlentyLabs Service that are prominent in the application’s user experience.
  • We do not transfer Google user data to third parties except as necessary to provide or improve these user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior user consent.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read Google user data unless we obtain the user’s affirmative consent to view specific messages or data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.

6. Meta Platform Data Use

PlentyLabs’s use of information received from Meta adheres to the Meta Platform Terms and Meta Developer Policies. We only access Meta user data to provide the features you have enabled in the PlentyLabs Service, and we do not sell, rent, or trade Meta user data. You may revoke PlentyLabs’s access to your Meta account at any time at facebook.com/settings?tab=business_tools .

7. TikTok Platform Data Use

PlentyLabs’s use of information received from TikTok adheres to TikTok’s Developer Terms of Service and applicable TikTok platform policies. We only access TikTok user data to provide the features you have enabled in the PlentyLabs Service, and we do not sell, rent, or trade TikTok user data. You may revoke PlentyLabs’s access to your TikTok account at any time through your TikTok account settings, or by contacting us at support@plentylabs.com .

8. Additional and Future Platform Integrations

We expect to add support for additional advertising platforms over time. When a new Connected Platform is added to the Service:

  • We will request only the minimum scopes or permissions required to provide the features you enable.
  • We will apply the same general commitments described in this Policy — including Sections 4 (How We Use Your Data), 9 (Data Storage and Retention), and 10 (Third-Party Services) — to data obtained from the new platform.
  • We will update the platform-specific sections of this Policy (Sections 3, 5, 6, 7) to describe the new integration and any platform-specific terms that apply.
  • Where the new platform imposes its own developer or data-use policies on us, we will describe and comply with those policies in the same way we do for Google, Meta, and TikTok.

9. Data Storage and Retention

Your data is securely stored using industry-standard practices:

  • We use Google Cloud Platform (GCP) and Supabase as our backend infrastructure providers, covering our database, file storage, authentication, and related services; both providers offer secure cloud infrastructure with encryption at rest and in transit
  • Ad performance data and brand assets are stored under your account for ongoing use within the Service
  • We use AI services (such as Anthropic’s Claude API) to generate ad creatives; these services process data temporarily and do not retain your data

Data Retention:

  • Data is retained for as long as your account is active
  • If you revoke access to a Connected Platform (e.g., Meta, Google, or TikTok), data obtained from that platform will be deleted within 30 days
  • Upon account deletion request, all your data will be removed within 30 days

10. Third-Party Services

We integrate with the following third-party services:

  • Meta (Facebook/Instagram): For authorized ad account access, ad publishing, and performance data via Meta’s Marketing APIs
  • Google: For authorized Google Ads access, ad publishing, and performance data via Google Ads APIs
  • TikTok: For authorized ad account access, ad publishing, and performance data via TikTok’s advertising APIs
  • Google Cloud Platform (GCP): For database, cloud infrastructure, and secure data storage
  • Supabase: For authentication, file storage, and related backend services
  • AI Services (e.g., Anthropic Claude): For generating AI-powered ad creatives
  • Stripe: For secure payment processing

Additional Connected Platforms and sub-processors may be added as the Service evolves; Section 8 describes how we handle such additions.

11. Cookies and Tracking

We use essential cookies required for the Service to function properly (e.g., authentication, session management). We may use analytics tools to understand how users interact with our Service. We do not use cookies for behavioral advertising or personalized ad targeting of our users.

12. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time
  • Revoke any Connected Platform integration via your account settings or via the respective platform’s permissions or business integrations page (for example, Meta Business Integrations, your Google Account permissions page, or your TikTok account settings)

To exercise any of these rights, contact us at support@plentylabs.com using the email address associated with your account.

13. Account and Data Deletion

You may request deletion of your PlentyLabs account and associated data at any time by emailing support@plentylabs.com from the email address registered to your account, or via your account settings where available. Upon a verified deletion request, we will remove your personal data, uploaded Content, and data obtained from Connected Platforms within 30 days, except where retention is required by law or for legitimate business reasons (e.g., tax records, dispute resolution, fraud prevention).

Users whose data has been accessed via an administrator’s connection to a Connected Platform (for example, a Meta, Google, or TikTok account connected by a team admin) may request deletion directly at support@plentylabs.com .

14. Legal Basis for Processing

We process your data based on:

  • Consent: When you voluntarily create an account, connect a Connected Platform account, or provide information
  • Contract Performance: To provide the services you have requested
  • Legitimate Interest: To improve our services and communicate with you

We comply with the General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

15. International Data Transfers

PlentyLabs is based in Sweden (European Union). Where data is transferred outside the European Economic Area — for example to sub-processors that provide AI inference or payment processing — we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

16. Policy Updates

We may update this Policy as our features evolve — including when we add new Connected Platforms — or as required by law. Material changes will be communicated via email or in-Service notification. The most current version is always available at:

https://plentylabs.com/privacy

17. Contact Information

VXA AB
Org.nr: 559454-1855
Västgötagatan 2
118 27 Stockholm, Sweden

Email: support@plentylabs.com
Website: https://plentylabs.com