Skip to content
NOVASTORMAI

Privacy Policy

Last updated: April 29, 2026

1. Introduction

NovaStorm AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered Meta advertising automation platform.

Please read this policy carefully. By using NovaStorm AI, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, and password when you register
  • Business Information: Website URL, business description, target audience details, and marketing goals
  • Payment Information: Billing address and payment method details (processed securely by our payment providers)
  • Communications: Messages you send to us through support channels

2.2 Information from Meta Integration

When you connect your Meta Business account, we access:

  • Ad account information and settings
  • Campaign performance data and analytics
  • Audience insights and demographic data
  • Creative assets used in your campaigns
  • Billing and spend information from Meta

2.3 Automatically Collected Information

  • Usage Data: How you interact with our platform, features used, and actions taken
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Cookies: Session and preference cookies to enhance your experience

3. How We Use Your Information

We use your information to:

  • Provide and operate our AI advertising automation services
  • Analyze your business and create optimized advertising campaigns
  • Train and improve our AI algorithms for better campaign performance
  • Process payments and manage your subscription
  • Send service updates, alerts, and campaign notifications
  • Provide customer support and respond to inquiries
  • Detect and prevent fraud, abuse, or security threats
  • Comply with legal obligations

4. AI and Machine Learning

NovaStorm AI uses artificial intelligence and machine learning to optimize your advertising campaigns. This includes:

  • Analyzing your business data to identify target audiences
  • Predicting campaign performance and optimal budget allocation
  • Automatically adjusting campaigns based on real-time performance
  • Learning from aggregated, anonymized data across our platform to improve predictions

Your individual business data is never shared with other users. Aggregated insights used for AI training are anonymized and cannot identify your specific business.

5. Information Sharing

We may share your information with:

5.1 Service Providers

Third-party vendors who assist us in operating our platform, processing payments, and providing customer support. These providers are bound by confidentiality agreements.

5.2 Meta Platforms

Information necessary to create and manage your advertising campaigns on Meta platforms (Facebook, Instagram).

5.3 Legal Requirements

When required by law, legal process, or to protect our rights, safety, or property.

5.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.5 Government and Law Enforcement Requests

We treat any request from a government, regulator, or law enforcement authority for personal data as exceptional and respond only after a formal legal review. When we receive such a request, we:

  • Review the request for legal validity. We disclose data only when the request is properly authorised under applicable law (for example, a valid court order, search warrant, or statutory production notice). Informal or voluntary requests without a legal basis are refused.
  • Apply data minimisation. Where disclosure is required, we disclose only the specific data items the request actually compels — never more — and we object to overbroad requests.
  • Challenge unlawful or disproportionate requests. Where a request appears to lack a valid legal basis, exceeds its lawful scope, or conflicts with applicable data protection law (including the GDPR), we will challenge it through available legal channels before disclosing any data.
  • Document each request. We keep an internal record of every request we receive — date, requesting authority, legal basis, the data disclosed (if any), our response, and the legal reasoning behind that response — for audit and accountability purposes.

Where we are not legally prohibited from doing so, we will notify the affected user before disclosing their personal data, so they have an opportunity to seek their own legal remedy.

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee training on data protection practices
  • Incident response procedures for potential breaches

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention and Account Deletion

We retain your information for as long as your account is active or as needed to provide our services.

7.1 How to Delete Your Account

You can request deletion of your account at any time from Settings → Danger Zone → Delete Account. To confirm the request, you will be asked to type your account email address.

7.2 14-Day Grace Period

After you request deletion, your account enters a 14-day grace period. During this period:

  • Your account is marked for deletion and you cannot make changes to your data
  • All active sessions are invalidated and you are signed out from every device
  • You will receive a confirmation email with a direct link to restore your account
  • You can cancel the deletion at any time by logging back in and clicking Restore Account on the banner shown at the top of the page

Once the 14-day grace period expires, your personal data is permanently and irreversibly deleted from our systems. You will receive a final email confirming that deletion is complete.

7.3 What Is Permanently Deleted

After the grace period, the following data is permanently erased:

  • Your profile, email, password, and authentication credentials (including OAuth connections to Google, Apple, Facebook, etc.)
  • Business information, onboarding data, and brand assets
  • Connected social media accounts (Facebook, Instagram, Twitter) and their access tokens
  • Meta Ad accounts, campaigns, ad sets, creatives, and their performance data
  • AI-generated content (blog posts, images, videos) and chat history
  • Marketing automation records, notifications, and scheduled jobs
  • Files you uploaded to our content delivery network

7.4 What We Retain and Why

Some records are retained after account deletion because we are legally required to keep them. In these cases, personally identifying information is anonymized or replaced with placeholder values, so the remaining record cannot be used to identify you:

  • Financial records (invoices, payments, subscription history) are retained for up to 7 years to comply with tax, accounting, and audit obligations. Your name and email are anonymized.
  • Account deletion audit log (date of request, IP address, user agent) is retained indefinitely for security auditing and fraud prevention. Your identity is already severed at this point.
  • Aggregated, anonymized platform analytics — statistics that do not identify any individual user may be retained for product improvement.

This retention is based on GDPR Article 17(3)(b) and Article 6(1)(c) — legal obligation — and similar provisions under other applicable data protection laws.

7.5 Backup Purge

Encrypted backup copies of our databases are purged within 90 days. If your deletion request coincides with a backup window, your personal data may persist in backups for up to 90 days after your hard-delete date, but it is not accessible in any production system.

7.6 Active Subscription

If you have an active paid subscription at the time of deletion, you will be asked to cancel it first. This is to avoid unexpected charges after your account is gone. You can cancel your subscription from Settings → Premium Plan.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data (see Section 7 for how to delete your account and what happens during the 14-day grace period)
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at the email address below. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality and security
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with all service providers
  • Compliance with applicable data protection laws

11. Children's Privacy

NovaStorm AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Support: [email protected]

For data protection inquiries in the EU, you may also contact our Data Protection Officer at [email protected]