Privacy Policy

enso media, LLC (“enso media,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the enso media platform, website, APIs, and related services (collectively, the “Service”).

Please read this policy carefully. By using the Service, you agree to the practices described herein. If you do not agree, please do not use the Service.

2.1 Information You Provide Directly

• Account information: Name, email address, password, and organization details when you register.
• Client and campaign data: Campaign briefs, budgets, targeting parameters, creative assets, and other information you input into the Service.
• Communications: Messages you send us via email or contact forms, including early access requests.
• Billing information: Payment details processed through our payment processors. enso media does not store full payment card numbers.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken within the Service, session duration, and click patterns.
• Device and log data: IP address, browser type and version, operating system, referring URLs, and error logs.
• Cookies and similar technologies: We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze Service performance. You may control cookie settings through your browser.

2.3 Information from Third-Party Platforms

When you authorize the Service to connect to third-party advertising platforms (such as Google Ads, Meta Ads, or TikTok Ads), we receive data from those platforms as described in Section 3 and 4 below.

The Service integrates with the Google Ads API to provide campaign management, planning, buying, monitoring, and auditing features. When you authorize this integration via OAuth 2.0, enso media accesses and processes data from your Google Ads account as follows:

3.1 Data We Access

• Campaign structure, settings, status, and configuration (ad groups, ads, keywords, targeting, bidding strategies).
• Campaign performance metrics including impressions, clicks, conversions, cost, cost-per-click, conversion rates, and return on ad spend.
• Budget utilization and spend data at the campaign, ad group, and account level.
• Ad creative content and asset details.
• Audience lists, remarketing configurations, and targeting parameters.
• Account-level settings, billing thresholds, and policy status.
• Historical performance data used for benchmarking, forecasting, and audit reporting.

3.2 How We Use Google User Data

Data accessed from your Google Ads account is used exclusively to:

• Execute the campaign management actions you authorize through the Service, including creating, modifying, pausing, or activating campaigns.
• Generate performance reports, audit findings, and media plan recommendations on your behalf.
• Train and operate the Service's AI agents to analyze and act on your campaign data.
• Identify anomalies, discrepancies, or compliance issues within your campaigns.
• Store historical data to enable trend analysis, benchmarking, and post-flight reconciliation.

3.3 Limited Use Policy — Google API Services

enso media's use of information received from Google APIs, including the Google Ads API, adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide or improve the features of the Service that are visible to and directly requested by you.
• We do not use Google user data to serve advertisements to you or your users.
• We do not allow humans to read your Google user data except: (a) with your explicit consent; (b) for security purposes such as investigating abuse; (c) to comply with applicable law; or (d) as aggregated, anonymized data used for internal service improvement.
• We do not sell, transfer, or disclose Google user data to third parties except as necessary to provide the Service or as required by law.
• We do not use or transfer Google user data for the purposes of determining creditworthiness or for lending purposes.

3.4 Data Retention — Google User Data

Data retrieved from your Google Ads account is retained for as long as your account is active or as needed to provide the Service, including maintaining historical records for audit and reporting purposes. You may request deletion of your Google Ads data at any time by contacting us at corbin@ensomedia.io. Upon account termination, we will delete or anonymize Google user data within 90 days, except where retention is required by applicable law.

To connect your Google Ads and other advertising platform accounts, enso media uses the OAuth 2.0 authorization protocol. This means:

• We never store your Google account password or any other platform password.
• Authorization is granted through the official Google consent screen, where you review and approve the specific permissions being requested before any access is granted.
• We store OAuth access tokens and refresh tokens, encrypted at rest, solely to authenticate API requests on your behalf.
• Refresh tokens are used to maintain your authorization without requiring you to re-authenticate frequently. They are stored with industry-standard encryption and are never shared with third parties.
• You may revoke our access at any time via your Google Account security settings at myaccount.google.com/permissions, or through the Service's account settings. Revocation immediately prevents the Service from making further requests to your Google Ads account.
• Upon revocation or account termination, OAuth tokens are deleted from our systems promptly.

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Execute AI-driven campaign management tasks on your behalf.
• Generate media plans, performance reports, and audit documents.
• Authenticate your identity and manage your account.
• Send transactional communications, including account confirmations, security alerts, and service updates.
• Respond to your support requests and inquiries.
• Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
• Comply with applicable legal obligations.
• Conduct aggregated analysis to improve our AI models and Service quality, using anonymized data that cannot identify you.

We do not sell your personal information to third parties. We do not use your personal information for behavioral advertising or data brokerage.

We may share your information in the following circumstances:

• Service providers: We share information with trusted vendors who process data on our behalf, including cloud hosting (Supabase/PostgreSQL), email delivery (Resend), AI inference (Anthropic), and payment processing. These vendors are contractually obligated to use data only to provide services to us and in accordance with applicable law.
• Third-party platforms: Data is transmitted to advertising platforms (Google Ads, Meta Ads, TikTok Ads) as necessary to execute the actions you authorize.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
• With your consent: We may share information with third parties when you give us explicit consent to do so.

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption of data at rest and in transit (TLS 1.2+).
• Encrypted storage of all OAuth tokens and sensitive credentials.
• Role-based access controls limiting employee access to personal data.
• Row-level security policies enforced at the database layer.
• Regular security reviews of our infrastructure and code.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

We retain your personal information for as long as your account is active or as necessary to provide the Service. We retain campaign and performance data for at least 36 months to support historical analysis and audit functions, unless you request earlier deletion. Anonymized or aggregated data may be retained indefinitely for analytical and service improvement purposes.

When you close your account, we will delete or anonymize your personal information within 90 days, except where retention is required by applicable law, legitimate business necessity (such as fraud prevention), or dispute resolution.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to applicable legal requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing of your personal information.
• Revoke consent: Withdraw any consent you have previously given, including revoking OAuth access to connected platforms.

To exercise any of these rights, contact us at corbin@ensomedia.io. We will respond within 30 days. We may need to verify your identity before processing your request.

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how you use the Service. We use:

• Essential cookies: Required for the Service to function, including authentication session cookies.
• Analytics cookies: Help us understand how users interact with the Service to improve functionality and user experience.
• Preference cookies: Remember your settings and choices.

You can control cookies through your browser settings. Disabling essential cookies may impair the Service's functionality.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a person under 18, we will delete it promptly. If you believe we have inadvertently collected such information, please contact us at corbin@ensomedia.io.

enso media is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer. We take steps to ensure that transferred data is handled in accordance with this policy and applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

To submit a CCPA/CPRA request, contact us at corbin@ensomedia.io.

We may update this Privacy Policy from time to time. We will post the updated policy with a revised effective date. For material changes, we will provide additional notice, such as by email to the address associated with your account. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

enso media, LLC
Email: corbin@ensomedia.io