ROAS Shield

Legal

Privacy Policy

Last updated: 2026-05-09

This policy explains what data ROAS Shield collects, why, and how we delete it on request.

Introduction

ROAS Shield ("we", "us", "our") is a comment-moderation service for Facebook and Instagram ads. We are a UK organisation, and we process personal data in line with the UK GDPR and the EU GDPR where it applies. This policy describes the data we hold about you, why we hold it, and the choices you have.

By creating an account or connecting your Meta account, you agree to the practices described here. If you do not agree, please do not connect your account.

What we collect

We collect four categories of data.

Account data

  • Your email address, name, and the workspace name you choose at sign-up.
  • Your authentication password hash (we never store your password in plain text), or a federated-login identifier if you sign in via a supported provider.
  • Your subscription tier, billing status, and the last four digits of your payment card (held by Stripe, not by us).

Meta connection data

  • Your Meta user ID and the access tokens we receive when you connect Meta. Tokens are encrypted at rest using AES-GCM with a versioned key envelope.
  • The list of Facebook Pages, Instagram Business accounts, and ad accounts you have authorised us to access.
  • Page metadata such as Page ID, Page name, and (for Instagram) the linked Instagram Business account ID.

Comment content

  • Public comments left on your Meta ads, including the comment text, the commenter's display name, and the commenter's Meta user ID (stored as a salted hash, never in plain text).
  • Moderation actions we take on your behalf (hide, unhide, reply, draft) and the rule that triggered each action.
  • Any reply text our AI agent drafts or sends.

Usage and analytics

  • Server logs (request paths, timestamps, response codes) retained for 30 days for debugging.
  • Webhook delivery records (event type, signature verification result, dedup hash) retained for 30 days.
  • Anonymised product analytics (which features you use, broad funnel events). We do not use cross-site tracking, and we do not sell or share this data with advertisers.

Why we collect it

We use your data only for the purposes set out below.

  • To provide the service. Reading comments, classifying them, and applying moderation actions on your behalf is the core of what we do. Without your Meta connection data and comment content we cannot operate.
  • To bill you. Subscription tier, usage counts, and payment metadata are needed for invoicing and Stripe integration.
  • To support you. Account data lets us reach you with operational notices and respond to support requests.
  • To improve the service. Aggregated, anonymised usage patterns help us prioritise features and fix bugs. We do not train AI models on your comment content.
  • To meet legal obligations. We retain limited audit logs for compliance and to demonstrate that we acted on lawful instructions.

We will never use your data for any purpose not listed here without first asking you.

Third parties

We share data with the third parties below, each one performing a specific function on our behalf. All are bound by data-processing agreements that limit them to the purposes we specify.

  • Meta Platforms, Inc.: we read comments and apply moderation actions through Meta's Graph API. Our use of the Graph API is governed by the Meta Platform Terms and Developer Policies.
  • Stripe, Inc.: payment processing, billing, and tax. Stripe receives the minimum payment data needed to charge your card.
  • Resend, Inc.: transactional email (welcome emails, billing receipts, security alerts).
  • Sentry (Functional Software, Inc.): error monitoring. We strip personally identifiable information from error reports before they leave our servers.
  • OpenAI, Inc.: primary AI provider for comment classification and reply drafting. We send the comment text plus a small set of context fields (Page name, ad campaign name where available). We do not include your account data.
  • Anthropic, PBC: fallback AI provider used when OpenAI is unavailable. Same data scope.
  • Google LLC (Gemini API): fallback AI provider used when both OpenAI and Anthropic are unavailable. Same data scope.
  • DigitalOcean, LLC: our hosting provider. They store the database and run our application servers.

We do not sell your data, and we do not share it with advertising networks.

Where data is stored

Data is stored in DigitalOcean managed databases located in EU and US regions. Your workspace's data lives in a single primary region; we do not replicate workspace data across regions without your consent. Backups are retained for 14 days inside the same region.

If you require a specific region for compliance reasons, please contact us before signing up.

Retention period

  • Active workspace data is kept for as long as your account is active.
  • After you close your account (or after we receive a deletion request from Meta on your behalf), we delete everything within 30 days, except as noted below.
  • Audit logs are retained for 90 days after deletion to demonstrate that the deletion was carried out, and are then permanently removed.
  • Financial records (Stripe invoices, VAT records) are retained for 6 years where UK HMRC rules require it. These records contain billing data only, never comment content.

If you ask us to delete your data, see the data-deletion page for the two paths and the timeline.

Your rights

Under UK GDPR and EU GDPR you have the right to:

  • access the personal data we hold about you,
  • correct inaccurate data,
  • request deletion of your data (the "right to be forgotten"),
  • restrict or object to certain types of processing,
  • request a copy of your data in a portable format,
  • withdraw consent for any processing based on consent,
  • lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, email [email protected]. We respond within 5 business days and complete most requests within 30 days.

How to delete your data

You can delete your data in two ways. Both result in full deletion within 30 days. See /legal/data-deletion for the full process.

  1. From your Meta account. Go to Meta's Settings, Apps and Websites, and remove ROAS Shield. Meta sends us a deletion callback, and we delete everything tied to your Meta user ID.
  2. By email. Send a deletion request to [email protected] from the email address on your account.

Contact

For privacy questions, data subject requests, or to report a concern, contact us at [email protected].

Our postal address and Data Protection Officer details are available on request.

Changes to this policy

We may update this policy when we add features or our practices change. Material changes are announced by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.