Privacy Policy

Last updated: March 5, 2026

Adalot ("Adalot," "we," "us," or "our") operates the Adalot platform available at adalot.app and any related applications, dashboards, features, and services we provide (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal information when you visit the Service, create an account, connect third-party services, upload content, purchase a subscription, or otherwise use Adalot.

For personal information related to your account, subscription, billing, and direct use of the Service, Adalot generally acts as the data controller under applicable law. For data you instruct us to process through the Service on your behalf, Adalot may act as a data processor or service provider, depending on the context and applicable law.

By using the Service, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to personal information we collect when you:

visit or use adalot.app;
create, access, or manage an Adalot account;
sign in using Google;
connect your LinkedIn account;
upload spreadsheets, images, or other campaign-related content;
purchase or manage a paid subscription; or
contact us for support, security, or privacy matters.

This Privacy Policy does not apply to websites, applications, or services we do not own or control, including LinkedIn, Google, Stripe, and Resend. Those services are governed by their own privacy policies and terms.

2. Information We Collect

We collect the following categories of information.

a. Account Information

When you create an account, we collect your email address and account-related information needed to create, authenticate, and manage your account.

If you sign in using Google, we receive your Google account identifier and the information needed to support that authentication method, such as your email address. We do not store your Google password.

b. LinkedIn Connection and Marketing Data

When you connect your LinkedIn account, we store encrypted OAuth access tokens and refresh tokens so that we can interact with the LinkedIn Marketing API on your behalf.

Depending on the permissions granted and the features you use, we may access and process information related to your LinkedIn advertising activity, including:

ad accounts,
campaigns,
ads,
lead gen forms,
saved audiences, and
related account data needed to provide the Service.

We do not store your LinkedIn password.

c. Uploaded Content

We collect and store the content you upload or submit through the Service, including:

spreadsheets,
image files,
campaign configuration data, and
other materials used for campaign creation, editing, or management.

Uploaded content is stored securely and associated with your account.

d. Payment and Subscription Information

We use Stripe to process payments. We store billing-related identifiers and subscription information needed to manage your account and subscription, such as:

your Stripe customer ID,
subscription ID,
plan information, and
limited billing or subscription status information.

We do not store your full credit card number, CVV, or full payment credentials. Payment information is processed by Stripe in accordance with Stripe's own privacy and security practices.

e. Usage and Operational Data

We collect limited usage and operational data needed to operate, secure, and administer the Service, including:

the number of rows processed during a billing period for plan enforcement,
records of campaign-related operations,
audit logs, and
related account activity needed for troubleshooting, security, and recordkeeping.

f. Communications

If you contact us, including by email or in connection with a support or privacy request, we may collect:

the contents of your message,
your contact details, and
any other information you choose to provide.

g. Cookies and Session Data

We use a single strictly necessary session cookie called adalot_session to authenticate requests and keep you signed in.

We do not use analytics cookies, advertising cookies, tracking cookies, or cross-site behavioral advertising technologies.

3. Information You Provide About Other People

The Service may allow you to upload or process content that includes information about other individuals, such as campaign-related or lead-related data.

You are responsible for ensuring that you have the necessary rights, permissions, notices, and legal basis to provide that information and instruct us to process it. We process that information only as needed to provide the Service, perform your instructions, and comply with our legal obligations.

4. How We Use Your Information

We use personal information for the following purposes:

to provide, operate, maintain, and improve the Service;
to create, authenticate, and manage your account;
to connect to LinkedIn and perform actions you request through the LinkedIn Marketing API;
to store and process uploaded spreadsheets, images, and campaign-related files;
to create, edit, manage, and maintain records of LinkedIn advertising campaigns on your behalf;
to process billing, manage subscriptions, and enforce plan limits;
to send transactional and service-related communications, including password resets, billing notices, security notices, and important service updates;
to respond to support and privacy inquiries;
to monitor usage, detect misuse, maintain audit logs, troubleshoot issues, and protect the security and integrity of the Service; and
to comply with legal obligations and enforce our terms, policies, and agreements.

5. Legal Bases for Processing

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing personal information generally include:

Performance of a contract: where processing is necessary to provide the Service you requested.
Legitimate interests: such as operating and securing the Service, preventing abuse, enforcing plan limits, maintaining records, troubleshooting issues, and improving the Service.
Consent: where required by law or where you choose to authorize optional processing or integrations.
Legal obligation: where we must retain, use, or disclose information to comply with applicable law.

Where we rely on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.

6. How We Share Your Information

We disclose personal information only as reasonably necessary to operate the Service, fulfill your requests, or comply with law.

a. Third-Party Services You Choose to Use

We may share information with third parties you choose to use through the Service, including:

LinkedIn Marketing API, to read and write advertising data on your behalf;
Google, if you choose Google-based authentication;
Stripe, for payment processing and subscription management; and
Resend, for transactional emails such as password resets and account-related notices.

b. Service Providers

We may share information with vendors and service providers that help us host, secure, deliver, maintain, and support the Service. These providers may process information on our behalf only as necessary to provide services to us or as otherwise required by law.

c. Legal and Compliance Disclosures

We may disclose information if we believe doing so is necessary to:

comply with applicable law, regulation, legal process, or governmental request;
enforce our terms or other agreements;
detect, investigate, or prevent fraud, security issues, or other illegal activity; or
protect the rights, property, and safety of Adalot, our users, or others.

d. Business Transactions

We may disclose information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction, subject to customary confidentiality and legal safeguards.

e. With Your Direction or Consent

We may share information when you instruct us to do so or otherwise consent to the sharing.

We do not sell your personal information.

We do not share personal information for cross-context behavioral advertising.

7. Third-Party Accounts and Platform Integrations

When you sign in with Google or connect LinkedIn, you authorize us to access and use information from those services consistent with the permissions you grant and the features you choose to use.

You can revoke access at any time by:

disconnecting the linked account within the Service, or
using the privacy or connected-app settings made available by the relevant third-party provider.

If you disconnect your LinkedIn account, we will stop future LinkedIn API access through the Service and invalidate stored LinkedIn tokens as part of the disconnection process.

Disconnecting a third-party account does not automatically delete information already created, retrieved, or stored in your Adalot account unless you also delete that content or request account deletion.

8. Cookies and Similar Technologies

Adalot uses a single cookie, adalot_session, that is strictly necessary for authentication and core Service functionality.

Because this cookie is essential to the operation of the Service, disabling it may prevent you from logging in or using the platform properly.

We do not use:

analytics cookies,
advertising cookies,
social media tracking pixels, or
other technologies for behavioral advertising.

9. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

In general:

Account data is retained for as long as your account remains active.
Uploaded content and audit logs are retained for the duration of your account unless deleted earlier or retained for legal, security, or dispute-resolution reasons.
Stripe-related identifiers and billing records are retained as needed to manage your subscription and comply with tax, accounting, and legal obligations.
LinkedIn OAuth tokens are retained until you disconnect your LinkedIn account, the tokens expire or are revoked, or they are otherwise no longer needed to provide the Service.

If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required or permitted to retain certain information:

by law,
for legitimate security or fraud-prevention purposes,
to resolve disputes,
to enforce our agreements, or
as part of routine backup and disaster recovery processes for a limited period.

10. Data Security

We implement reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

These measures include:

encryption at rest for LinkedIn OAuth tokens;
hashing of passwords using industry-standard methods;
HTTPS encryption for data in transit; and
secure, HTTP-only storage of session tokens in cookies.

No method of transmission over the internet or method of electronic storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.

11. International Data Transfers

Adalot and the third-party providers we use may process personal information in countries other than the country where you live. As a result, your information may be transferred to and processed in jurisdictions that may have data protection laws different from those in your jurisdiction.

Where required by applicable law, we will use appropriate safeguards for international transfers of personal information, which may include contractual protections or other lawful transfer mechanisms.

You may contact us using the details below for more information about applicable transfer safeguards.

12. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

access the personal information we hold about you;
request correction of inaccurate or incomplete information;
request deletion of your personal information;
object to or request restriction of certain processing;
request a portable copy of certain personal information;
withdraw consent where our processing is based on consent; and
lodge a complaint with the data protection authority or regulator in your jurisdiction.

You may also:

disconnect your LinkedIn account,
manage your account settings, or
request deletion of your account by contacting us.

To exercise privacy rights, contact us at privacy@adalot.app.

We may need to verify your identity before fulfilling a request. In some cases, we may deny or limit a request where permitted by law. If applicable law provides a right to appeal our decision on a privacy request, you may do so by replying to our response or contacting us again at the same email address.

If your request relates to data primarily controlled by a third party, such as LinkedIn or Stripe, we may direct you to that provider for the portions of data it controls independently.

13. Children's Privacy

The Service is not intended for anyone under the age of 18, and we do not knowingly collect personal information from anyone under 18.

If we learn that we have collected personal information from a child without appropriate authorization, we will take steps to delete that information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page and update the "Last updated" date at the top of the Policy.

If we make material changes, we may also provide additional notice, such as by email or through the Service, where required by law.

Your continued use of the Service after the updated Privacy Policy becomes effective means that you acknowledge the revised Policy.

15. Contact Us

If you have questions about this Privacy Policy or would like to exercise your rights, you can contact us at privacy@adalot.app.