Privacy Policy and GDPR Compliance

Effective Date: [01.07.2026]

1. Introduction

Adsy.com operates internationally and across numerous U.S. states, making privacy compliance a core part of our operations. This Privacy Policy explains how Adsy.com (together, "Adsy," "we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our website, app and services. This Policy applies to all users of Adsy, and provides a general overview of our privacy practices.

We process personal data in compliance with applicable global and domestic privacy regulations – including the General Data Protection Regulation (GDPR), India’s Digital Personal Data Protection Act (DPDP), China’s Personal Information Protection Law (PIPL), the California Consumer Privacy Act (CCPA/CPRA) and other evolving U.S. state laws. Specific regional supplements for the EU/EEA, United States, India, and China are linked below in i.17 of the document and form part of this Policy.

2. Who We Are (Data Controller)

Adsy is operated by Invise Inc., a company incorporated in the State of Delaware, USA, with international operations. We act as the data controller for your personal information under applicable laws such as the GDPR, DPDP, and relevant U.S. state laws.

Legal Address: 16192 Coastal Highway, Lewes, Delaware, 19958, USA.

Email: contact@adsy.com

Where required by law (e.g., Article 27 of the GDPR or Article 53 of China’s PIPL), we may appoint a local representative or authorized agent and make their contact details available upon request.

3. Scope and Applicability

This Policy applies globally to all Adsy.com users.

If you reside in the EU/EEA, USA, India, or China, please refer to the relevant Privacy Notice supplement:

4. Types of Data We Collect

Below is a breakdown of the personal information we collect from Users, how and when it is collected, and why we collect it:

Type of Data	How It's Collected	When It's Collected	What This Includes	Why We Collect It
Account & Profile Information	Provided by user	During account registration and profile setup	Full name, email, country, phone (optional), Skype ID, language, login credentials, user role, notification preferences, billing address	To register your account, personalize settings, and enable secure access
Order & Project Information	Provided by user	When placing orders or managing campaigns	Content-related project inputs such as article text, images, publishing instructions, final destination URL for promotion, and filter settings used to match campaign requirements.	To define task scope and track project activity
Payment & Transaction Data	Provided by user / from payment provider	When funding an account or confirming an order	Limited payment metadata (e.g., method, country, transaction type) as returned by third-party payment processors for reconciliation purposes. (See regional privacy notices for jurisdiction-specific requirements.)	To record transaction status and support payout reconciliation using limited metadata returned from third-party payment processors. We do not collect or store full payment credentials.
Technical & Device Information	Collected automatically	Each time the user accesses the platform	IP address, device/browser type, OS, login timestamps, cookies	To maintain platform integrity and improve user experience
Communication & Support Activity	Provided by user	When messaging or contacting support	User inquiries, ticket logs, in-app notes	To manage support workflows and ensure quality of service

We do not intentionally collect sensitive personal data (such as health, religious, or biometric data - note: we currently do not collect such data). Some information may be jurisdiction-specific or required only under applicable law. Refer to our regional privacy notices for more detail.

5. Legal Basis and Purpose of Processing

We process your personal data in accordance with applicable global and U.S. state-specific privacy regulations, including:

The European Union General Data Protection Regulation (GDPR);
The California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA);
Other U.S. state privacy laws, such as the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Utah Consumer Privacy Act (UCPA), Texas Data Privacy and Security Act (TDPSA), and others;
The India Digital Personal Data Protection Act (DPDP);
The China Personal Information Protection Law (PIPL).

Where required, we apply the highest standard of protection applicable under local law.

We rely on the following legal bases when processing your personal data, depending on the nature of the data and the services provided:

To register and manage your account, we rely on the performance of a contract or your consent.
To provide access to platform features, we process your data based on the performance of a contract.
To personalize your experience, including language, content suggestions, or saved settings, we rely on our legitimate interests or your consent (for example, where cookies or similar technologies are involved).
To support payment transactions and issue payouts, we rely on the performance of a contract and applicable legal obligations. While Adsy does not directly process payments, we use third-party payment processors and collect limited billing and tax-related information (e.g., for U.S. payees) to meet financial reporting and anti-fraud compliance requirements.
To comply with financial, tax, and anti-money laundering (AML) regulations, we process data on the basis of legal obligations under applicable laws, particularly in the United States and India.
To collect tax documentation (such as W-8BEN/W-8BEN-E forms), we process data to fulfill legal obligations.
To provide customer support and respond to technical issues, we process personal information under the performance of a contract and our legitimate interests.
To ensure platform integrity, prevent abuse, and detect fraud, we rely on legitimate interests or legal obligations depending on the context.
To send marketing or promotional communications, we rely on your prior consent where required by law (e.g., EU and certain U.S. states).
depending on local requirements.
To comply with local data storage, residency, or content compliance requirements, we rely on legal obligations (e.g., in India, China, and certain U.S. states).

Where we rely on consent, you have the right to withdraw it at any time. Where we rely on legitimate interest, we ensure that such interests are balanced with your fundamental rights and freedoms. Some jurisdictions, including several U.S. states, also provide you with rights to opt out of certain types of processing, including targeted advertising or profiling.

6. How We Share Your Information

We do not sell your personal information for monetary value. However, under the California Privacy Rights Act (CPRA) and other U.S. states, certain types of disclosures – such as the use of third-party cookies for personalized advertising – may qualify as “sharing” for cross-context behavioral advertising or “targeted advertising”. Where applicable, you can opt out of such uses via the “Do Not Sell or Share My Personal Information” link in our website footer or by enabling Global Privacy Control (GPC) in your browser.

We may share your information with the following categories of recipients:

Payment Processors:
To facilitate secure transactions, we use third-party payment providers such as PayPal. We do not collect or store full payment credentials (e.g., full card numbers). Instead, we may receive limited payment metadata from these processors – such as payment method, country, amount, and transaction type – to reconcile payouts and monitor transaction status.
Tax and Regulatory Authorities:
Where legally required, we may disclose relevant user or financial data to tax offices or other government bodies (e.g., for FATCA, AML compliance, or W-8/W-9 reporting).
Affiliate Platforms and Referral Partners:
When a user joins Adsy via a referral or affiliate link (e.g., from GainRock), limited technical identifiers (such as referral source or campaign tag) may be recorded to enable attribution. Adsy does not manage affiliate registration or referral tracking – this is handled independently by GainRock under their own privacy and platform terms.
Service Providers:
We use trusted third-party vendors to support hosting, analytics, marketing, payments, communication, and customer service. These include: Google (Analytics and embedded YouTube content), Cloudflare (security and performance), Meta (Facebook), Twitter (X), and LinkedIn (advertising and campaign analytics), Microsoft Clarity and ActiveCampaign (user behavior analytics), Calendly (scheduling), PayPal (limited payment metadata such as method, country, and transaction status), and Zendesk (customer support). These vendors only access personal data as needed to provide their services under contractual obligations. Google API transfers comply with the Google API Services User Data Policy, including the Limited Use terms.
Research and Business Intelligence

We may use aggregated, non-identifiable data internally to improve platform functionality, monitor usage trends, and plan future features.

Legal Authorities and Law Enforcement:
We may disclose your personal data when legally compelled to do so, including responding to subpoenas, court orders, or lawful investigative demands.
Corporate Transactions:
If Adsy undergoes a merger, acquisition, restructuring, or sale, your personal data may be transferred as part of that transaction, subject to standard confidentiality protections.
Events and Webinars:

If you register for a webinar or live event hosted or co-hosted by Adsy, we may share your registration data (e.g., name, email) with guest speakers, co-organizers, or partners involved in the event. We aim to label such data-sharing clearly during event registration. If you do not agree to share this data, please avoid registering for such events.

We always assess whether a third-party recipient provides adequate data protection before sharing information. Where legally required (e.g., under GDPR or PIPL), we enter into data processing or cross-border transfer agreements.

Trusted partners

In addition to the service providers listed above, we may also share data with trusted partners who help us deliver services, provide analytics, or enable integrations. These partners process data only under contractual obligations and in compliance with applicable privacy laws.

Our trusted partners include (non-exhaustive list):

Google LLC. Privacy Policy: https://policies.google.com/privacy
Meta Platforms, Inc. (Facebook). Privacy Policy: https://www.facebook.com/policy.php
Twitter, Inc. (X). Privacy Policy: https://twitter.com/en/privacy

We may update the list of trusted partners from time to time. The latest version can be requested from us at any time.

7. Cookies and Similar Technologies

We use cookies and similar technologies (such as pixels, scripts, and local storage) to improve your experience on Adsy, deliver our services, analyze usage, and support marketing efforts.

Cookies are small text files placed on your device when you visit our website. These technologies help us:

Keep you logged in and remember your preferences
Understand how visitors interact with our site
Measure the effectiveness of campaigns and offers
Provide personalized content and recommendations

We categorize cookies as follows:

Essential Cookies (do not require consent)

These cookies are essential for the basic operation of the platform. They enable functions such as session management, navigation, authentication, and security. While you can disable them via your browser settings, doing so may prevent the platform from functioning properly.

Non-Essential Cookies (require your consent)

We use these only with your consent where required by applicable law (e.g., GDPR, CCPA, ePrivacy Directive).

Analytics Cookies: Help us understand how users interact with the platform (e.g., session duration, page visits, bounce rate) so we can improve functionality and user experience.
Marketing Cookies: Used to deliver relevant ads, retarget users, track performance of referral campaigns and measure attribution across websites (cross-context behavioral advertising).
Preference Cookies (optional): Store your selected settings, such as language or location, to personalize your experience.

When required by applicable law (e.g., GDPR, ePrivacy Directive, CCPA), we request your consent before placing any non-essential cookies on your device. You can manage or withdraw your consent at any time using the cookie banner displayed on your first visit or by adjusting your browser settings. For more information, please refer to our Cookie Policy.

Cookie Retention

The retention period for cookies and similar technologies depends on their type and purpose. Session cookies expire when you close your browser, while persistent cookies may remain on your device for varying durations. For details on specific cookies and their expiration times, please refer to our Cookie Policy.

8. International Data Transfers

As Adsy operates globally, your personal data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your own, and in some cases may not offer the same level of protection.

For example, we may store or process your data on servers located in the United States, the European Union, or other jurisdictions where our technical infrastructure, service providers, or support teams are located.

Where required by applicable data protection laws, we implement safeguards to ensure such transfers are lawful and secure. These safeguards may include:

Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers from the EEA
Cross-border data transfer agreements under China’s Personal Information Protection Law (PIPL)
Contractual and technical safeguards to ensure a comparable level of data protection
Your explicit consent, where no other legal mechanism applies

We also assess whether third-party data recipients maintain adequate privacy and security protections and require them to contractually commit to data protection standards aligned with our obligations.

By using our services, you acknowledge that your personal data may be transferred to and processed in countries outside of your jurisdiction, including the United States and the European Union.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including for the purposes of providing our services, complying with legal obligations, resolving disputes, and enforcing our agreements.

Retention periods may vary depending on:

The type of data collected
The reason it was collected
Legal, tax, regulatory, or accounting requirements
Your interactions with us (e.g., whether your account remains active)

Specifically:

Account and profile information is retained as long as your account is active, and for a limited period after account closure in case of disputes or legal requirements.
Transaction and financial data is typically retained for a minimum of 6 years, or longer where required by law (e.g., for tax reporting or AML compliance).
Communication and support records are retained for up to 3 years to help resolve user issues and ensure service quality.
Technical and analytics data may be stored in anonymized or aggregated form for longer periods for system integrity and service improvement purposes.

Once data is no longer needed for any lawful purpose, it is securely deleted or anonymized in accordance with our data disposal procedures.

You may request deletion of your personal data at any time, subject to limitations under applicable laws (e.g., accounting or fraud prevention obligations).

Account Suspension and Data Deletion

If your account is suspended or blocked due to a policy violation, fraud prevention trigger, or other compliance-related reason, you will lose access to the platform. However, your personal data may be temporarily retained as necessary to fulfill legal obligations (such as anti-money laundering, fraud monitoring, or regulatory reporting).

You may still submit a data deletion request by contacting us. Upon verification and where permitted by law, we will either delete or anonymize your personal data in accordance with applicable data protection regulations.

10. Your Privacy Rights

Depending on your country or state of residence, you may have certain rights regarding your personal data under applicable privacy laws.

The table below summarizes the core rights available to most users:

Right	Description
Access	Request access to your personal data and obtain a copy.
Rectification	Request correction of inaccurate or incomplete information.
Deletion	Request erasure of your personal data, subject to lawful limitations. You can request account deletion even if your account is inactive or restricted.
Portability	Receive your data in a structured, machine-readable format.
Restriction / Objection	Object to or request restriction of certain types of processing.
Withdraw Consent	Withdraw consent where processing is based on your prior agreement.
Lodge Complaint	File a complaint with a data protection authority.
Opt-Out of Targeted Advertising / Profiling / Sale	Opt out of data uses related to targeted advertising, profiling, or sales, as defined by applicable U.S. state law
Appeal a Denied Request	If your privacy request is denied, you may submit an appeal by contacting us via the same method used for your original request.

Additional or jurisdiction-specific rights (such as the right to opt out of targeted advertising or automated decision-making) may apply under certain laws, including GDPR, CCPA/CPRA, DPDP, and PIPL. Please refer to the [Jurisdictional Privacy Notices] for more details.

How to Exercise Your Rights

You may request access to your personal data, correction, deletion, restriction of processing, or data portability, depending on your jurisdiction.To make a request, please contact us at contact@adsy.com. You may also request deletion of your account and associated data by using the “Delete” function in your Adsy profile settings (where available).

Banned accounts are inaccessible. Personal data may be retained temporarily for fraud or legal compliance purposes, after which it may be deleted or anonymized. Users may still request data deletion via email.

We will respond to your request within the timeframes required by applicable law:

Within 30 days under the GDPR, PIPL (China), and DPDP (India)
Within 45 days under the CCPA/CPRA and other applicable U.S. state laws (typically 45 days, except Iowa – 90 days)

We may require you to verify your identity before processing any rights request.

Please note: In some cases, we may retain certain data if required by law (e.g., for tax reporting, fraud prevention, or legal compliance) even after an account is deleted.

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals sent by browsers and browser extensions as a valid request to opt out of the “sale” or “sharing” of personal data as defined by applicable U.S. state privacy laws, including the CPRA. If your browser sends a GPC signal, we will treat it as a request to opt out of cross-context behavioral advertising, where applicable.

11. Security Measures

We implement a range of technical and organizational safeguards to protect your personal data from unauthorized access, loss, misuse, alteration, or disclosure.

These measures include, but are not limited to:

Secure data transmission using HTTPS with TLS (Transport Layer Security) or SSL (Secure Socket Layer), which encrypts data in transit between your browser and our servers.
Hashing and encryption of sensitive data fields such as passwords. Payment-related information is handled securely by third-party payment processors in accordance with their own encryption and compliance standards.
Access controls, including role-based permissions and multi-factor authentication for internal systems.
Monitoring and alerting, including access logs and automated detection of suspicious activity.
Routine data backups and disaster recovery planning.
Regular updates, vulnerability scanning, and infrastructure hardening.

We limit access to personal data to authorized employees, contractors, and approved service providers who need that information to perform their duties and who are contractually bound by confidentiality and security obligations.

Please note: While we take strong measures to secure your data, no method of transmission or storage is entirely secure. We encourage you to use strong passwords and enable two-factor authentication (if available).

If we become aware of a data breach that may affect your personal data, we will notify you promptly, in accordance with applicable laws and regulations.

If you suspect a security issue or believe your account has been compromised, please contact us immediately at contact@adsy.com.

Social Media Features and Widgets

Our platform may include embedded social media features and widgets (such as “Like” or “Share” buttons) from third-party platforms, including but not limited to Meta (Facebook), X (formerly Twitter), and YouTube. These features may collect information such as your IP address or page visits and may set cookies to ensure functionality.

These features are either hosted by a third party or directly integrated into our platform. Your interactions with them are governed by the privacy policies of the respective social media platforms, not by this Privacy Policy. We encourage you to review their policies to understand how your data may be processed.

Publicly Shared Information

If you post information in any publicly visible or interactive part of the platform (such as support tickets, profiles, comments, or other areas not explicitly marked as private), please be aware that this information may be visible to others.

We advise you not to disclose any personal, sensitive, or confidential data in these areas. Such disclosures are voluntary and at your own risk, and we cannot guarantee their protection beyond our direct system controls.

12. Children's Privacy

Adsy is not intended for individuals under the age of 18, and we do not knowingly collect personal data from persons under this age in line with applicable laws including COPPA in the United States.

We do not allow users under 18 to register, create an account, or use our services. If we learn that we have inadvertently collected personal data from a minor without verified parental or legal guardian consent, we will take prompt steps to delete such information.

If you believe that someone under the age of 18 has submitted personal data to us, please contact us at:
Email: contact@adsy.com

Parents or legal guardians may also request access to, correction of, or deletion of their child’s data if it was collected in error.

13. Links to Other Websites

Our website and platform may contain links to third-party websites or services that are not owned or controlled by Adsy. These may include payment processors, partner marketplaces, advertising networks, or content platforms.

Please note that this Privacy Policy does not apply to any personal information you provide to those third parties. We are not responsible for the privacy practices, content, or terms of those external sites.

We encourage you to review the privacy policies of any third-party websites you visit before sharing your information with them.

Your interactions with those third-party services are governed solely by their own privacy and data protection policies.

For example, if you join our platform via an affiliate or referral link from a partner such as GainRock, please note that your interactions with their services and any personal data collected there are governed by their own privacy policy. Adsy does not control or manage user accounts, tracking mechanisms, or affiliate program operations on third-party platforms.

14. No Error-Free Performance

While we strive to apply the highest standards of data protection and privacy, we do not guarantee error-free performance under this Privacy Policy. Despite our best efforts, we may not always identify or address unintended privacy issues.

We welcome your feedback regarding any concerns or suggestions for improving this Policy. We will take reasonable steps to investigate and resolve any compliance failures brought to our attention.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technologies. When we make material changes, we will:

Post the updated version on this page with a new “Effective Date.”
Provide notice through the platform or by email (where required by law)
Highlight significant changes at the top of the Policy or via a notification banner

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your data.

The current version supersedes any prior versions and is effective as of the date indicated above.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

Controller: Invise, Inc.
Email: contact@adsy.com
Address: 16192 Coastal Highway, Lewes, Delaware, 19958, USA