SynapAds (“SynapAds,” “we,” “our,” or “us”) operates the SynapAds marketing automation platform available at synapads.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Service you agree to this Policy.
1. Who We Are
SynapAds provides an AI-driven marketing automation service designed for small and medium-sized businesses in Thailand. We help business owners plan campaigns, generate ad creative, publish content to Facebook Pages, manage Facebook and Google Ads campaigns, and analyze performance — all from a single interface. Our service is currently in pre-launch and is operated by the SynapAds team based in Thailand.
2. Information We Collect
We collect three categories of information.
2.1 Information You Provide
- Account information: your name, email address, and profile photo obtained from Google or Facebook when you sign in.
- Business profile: brand name, industry, target audience, products, budget, goals, and other details you enter to help the AI generate relevant content.
- Content and feedback: the briefs you submit, the edits you make to AI-generated content, your approve/reject decisions, the notes you leave when rejecting content, and any assets you upload (images, videos, brand reference material).
2.2 Information from Connected Platforms
When you choose to connect Facebook or Google Ads to SynapAds, we receive — strictly with your authorization through the platform's OAuth flow — the following from those platforms:
- From Facebook (Meta): the list of Pages you manage, the list of Ad Accounts and Business Manager accounts you have access to, page metadata (name, category), engagement data on Pages you choose to manage through SynapAds, ad-account-level performance metrics (spend, impressions, clicks, reach, conversions), and the OAuth access token needed to act on your behalf within the scope you granted.
- From Google Ads: the list of Google Ads Customer accounts you have access to, customer metadata (currency, time zone), campaign-level performance metrics (impressions, clicks, cost, conversions, search-term reports, quality scores, auction insights), and the OAuth refresh token needed to manage your campaigns.
You can revoke our access to either platform at any time through your Facebook or Google security settings, or by disconnecting the integration from within the SynapAds settings page.
2.3 Information We Collect Automatically
- Usage data: pages viewed, actions taken (approve, reject, edit), time spent on screens, and error logs.
- Device data: browser type, operating system, general location inferred from IP address, and device identifiers necessary to keep your session secure.
- Cookies and similar technologies: see Section 7.
3. How We Use Information
We use the information described above to:
- Provide the Service — generate ad copy and images, build campaign plans, schedule posts, fire ads, and report performance.
- Improve AI quality on a per-business basis. When you reject a piece of AI-generated content with a note, we feed that signal into your business's preference profile so future generations match your brand voice better. This learning is strictly scoped to your business — we do not pool feedback across customers.
- Detect anomalies, prevent abuse, and keep the Service secure.
- Communicate operational notices (approval requests, billing issues, security alerts) by email, in-app notifications, or LINE messaging if you have opted in.
- Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.
We do not sell your personal information. We do not use your data to train third-party AI models that serve other customers.
4. Third Parties We Share With
The Service requires sharing certain data with the following third-party processors, strictly to deliver the Service:
- Meta Platforms, Inc. (Facebook): ad copy, images, targeting parameters, and budget instructions you have approved are sent to the Meta Graph API to create and manage your Facebook campaigns.
- Google LLC (Google Ads): ad copy, keywords, extensions, targeting, and budget instructions you have approved are sent to the Google Ads API to create and manage your campaigns.
- Anthropic, PBC:the briefs you submit, your business profile, and your preference feedback are sent to Anthropic's Claude API for the AI generation step. Anthropic does not retain or train on data sent through their API by default.
- Google Cloud Vertex AI: image-generation prompts are sent to Vertex AI Imagen for visual creative.
- Hosting and infrastructure: Render (server hosting, Singapore region), Vercel (frontend hosting), Neon (managed Postgres database), Google Cloud Storage (media files).
- Communications: Resend (transactional email), LINE Messaging API (push notifications if you opt in).
We do not share your data with advertisers or data brokers. We may disclose information if required by law, to investigate fraud or abuse, or in connection with a merger or acquisition (in which case the new owner will be bound by this Policy).
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to retain certain records (billing logs, fraud-prevention logs, legal compliance) for a longer period required by law. You can request earlier deletion by contacting us — see Section 12.
6. Your Rights
You have the right to:
- Access the personal data we hold about you and export it in a machine-readable format.
- Correct inaccurate information in your profile.
- Delete your account and associated data.
- Withdraw consent to AI learning at any time by toggling “AI Learning Enabled” in your business profile. With learning off, your feedback will not be used to tune future generations.
- Object to processing or request restriction in circumstances permitted under applicable law (including Thailand's PDPA and, where relevant, the EU GDPR).
To exercise any of these rights, email us at the address in Section 12. We will respond within 30 days.
7. Cookies and Tracking
We use first-party cookies strictly to keep you signed in and remember your active business context. We do not use third-party advertising cookies on our site. You can disable cookies in your browser, but the Service will not function without session cookies.
8. Security
We protect your data using industry-standard practices: HTTPS for all traffic, AES-256-GCM encryption at rest for OAuth tokens, row- level access control by business, audit logging of administrative actions, and regular dependency updates. No system is perfectly secure — please use a strong password on your Google or Facebook account and enable two-factor authentication where possible.
9. Children
The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If we become aware that we have, we will delete it promptly.
10. International Transfers
Our infrastructure is primarily in Singapore (Render) and the United States (Vercel, Anthropic, Google Cloud). By using the Service you consent to your data being processed in these jurisdictions. We rely on standard contractual clauses with our processors where applicable.
11. Changes to This Policy
We may update this Policy as the Service evolves. The “Last updated” date at the top reflects the most recent revision. Material changes will be announced in-app and by email before they take effect.
12. Contact Us
Questions, requests, or complaints about privacy can be sent to privacy@synapads.com. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority — in Thailand, the Personal Data Protection Committee (PDPC).