Privacy Policy
Last updated: April 19, 2026
This Privacy Policy describes how Promoto.io, a product of
Archieboy Holdings, LLC ("Promoto," "we," "us") collects, uses, and shares
information when you use our AI-managed paid advertising service at
promoto.io.
Promoto's parent organization, Archieboy Holdings, also publishes a
portfolio-wide privacy policy
covering shared topics (data deletion requests, GDPR, CCPA, business address,
cookies). That policy applies to Promoto in addition to the Promoto-specific
disclosures below — where the two conflict, this Promoto policy controls.
1. Information we collect
1.1 Information you provide
- Account data: name, email, password (hashed), profile preferences.
- Product profile: the website URL you ask us to advertise, plus
details we extract from that site (product name, pitch, target audience, key benefits, pricing, industry).
- Guardrails: daily spend cap, geographic targeting, goal type,
excluded keywords, excluded audiences.
- Payment information: billing details for your Promoto management
subscription. Card data is collected and stored by our payment processor (Stripe);
Promoto never sees raw card numbers.
1.2 Information we collect automatically
- Usage data: pages visited, features used, timestamps,
IP address, browser/device type. Used for product improvement and security.
- Acquisition data: UTM parameters and referrer URL on first visit,
stored to attribute signups to marketing channels.
- Cookies: session cookie for authentication, plus standard analytics cookies.
1.3 Information from connected ad-network accounts
When you authorize Promoto to manage your Google Ads, Meta (Facebook/Instagram),
or LinkedIn ad accounts via OAuth, we receive and store:
- OAuth refresh and access tokens (encrypted at rest), used to make API calls on your behalf
- The list of ad accounts you grant us access to, plus the customer-facing
label (account name, currency, timezone)
- Campaign performance data we read back: impressions, clicks, spend, conversions, per-creative breakdowns
- Search-term reports, keyword performance, and ad-creative performance (Google Ads only)
We do not collect:
- Your payment method on the ad network — that lives with the ad network and bills you directly
- Third-party member/user profile data from the ad networks (e.g. LinkedIn member profiles)
- Any data outside the scope of the OAuth scopes you explicitly approved
2. How we use your information
- To run the service: generate ad copy and creative images, launch
campaigns to your linked ad accounts, fetch performance metrics, run our nightly
AI optimizer within your guardrails.
- To send transactional emails: daily performance summaries, alerts
requiring your action (e.g. "your account needs a payment method"), receipts.
- To bill you: Promoto charges a monthly management fee via Stripe.
Ad spend itself is billed directly to you by each ad network using the payment
method you provided to that network — Promoto is not a billing intermediary for ad spend.
- To improve the service: aggregated, de-identified usage metrics
to understand which features work and which don't.
- To comply with law: respond to lawful requests, prevent fraud and abuse.
3. Third-party data processors
To deliver Promoto, we share specific information with the following processors.
Each entry lists what we share, why, and a link to that processor's privacy notice.
| Processor | Purpose | Data shared |
|---|
| Anthropic (Claude API) |
Generate ad plans, copy, and AI-driven optimizations |
Your product profile, scraped homepage text, performance metrics, search-term reports |
| OpenRouter (Gemini image gen) |
Generate ad creative images for Meta and LinkedIn campaigns |
Image-prompt text describing the desired ad creative |
| Google (Ads API) |
Manage your linked Google Ads campaigns; pull performance data |
Account-level OAuth tokens; campaign settings we create on your behalf |
| Meta (Marketing API) |
Manage your linked Meta Ads campaigns; pull performance data |
Account-level OAuth tokens; campaign settings; uploaded creative images |
| LinkedIn (Marketing API) |
Manage your linked LinkedIn Sponsored Content; pull performance data |
Account-level OAuth tokens; campaign settings; uploaded creative images |
| Stripe |
Process management-fee subscription payments |
Billing details and payment method (Promoto stores only a customer ID; card data lives with Stripe) |
These processors are bound by their own privacy policies and contractual obligations
to handle your data only for the purposes above. None of them are authorized to use
your data for cross-customer model training or unrelated purposes.
4. Data we never share
- We do not sell, rent, or trade your information to data brokers
- We do not share your performance data or targeting choices with other Promoto customers
- We do not use your campaign performance data to train AI models
5. Your rights and choices
- Access & export: view and download your account data from
your dashboard, or by emailing hello@promoto.io.
- Deletion: delete your account at any time. We delete your account
data within 30 days, except where retention is legally required (e.g. financial records).
- Revoke ad-network access: at any time via the Connections page,
or directly in each ad network's third-party-app settings. We immediately stop
pulling data and revoke our stored tokens.
- Email opt-out: daily performance reports and product updates can
be turned off in your account settings. Critical security/billing emails (e.g. "your
ad account needs a payment method") will continue.
- GDPR / CCPA: EU and California residents have additional rights
under their local laws. Contact us to exercise them.
6. Data security
We protect your data with industry-standard practices: TLS encryption in transit,
encrypted OAuth token storage, role-based access controls, and routine security audits.
No system is 100% secure; if a breach affects you we'll notify you within 72 hours.
7. Children
Promoto is for businesses and is not directed to children under 16. We do not
knowingly collect personal information from children.
8. Changes to this policy
We may update this policy. Material changes will be communicated by email and
a prominent notice in your dashboard at least 7 days before they take effect.
9. Contact
Questions or requests: hello@promoto.io
Mail: Archieboy Holdings, LLC, #1006, 771 Boston Post Rd STE 11, Marlborough, MA 01752
Read our Terms of Service →