PPC Designs LTD Privacy Policy

Effective Date: April 8, 2026

PPC Designs LTD (“we”, “our”, or “us”) is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect information when you visit our website [https://wp-staging.ppcdesigns.com], submit information through our forms, or use the PPC Designs platform at [https://app.ppcdesigns.com], including our Meta and Instagram comment-management tools.

1. Information We Collect
When you use our website, platform, or services, we may collect:

  • Personal Information: Name, email address, phone number, company name, and account password (stored hashed).
  • Business Information: Details about your current marketing efforts, goals, challenges, and related data you choose to share.
  • Usage Data: IP address, browser type, pages visited, timestamps, and error logs, collected automatically when you use the platform.
  • Advertising Account Data: When you authorize us to manage your advertising accounts, we access campaign data, ad performance metrics, audience information, and billing details through platform APIs (such as the Meta Marketing API).
  • Meta and Instagram Content Data: When you connect a Facebook Page, Instagram Business account, or Meta Ad Account to our platform, we access and store post and advertisement metadata, and public comments left on your Pages, posts, ads, and Instagram media — including the commenter’s public name, profile ID, comment text, timestamp, and any attachments.
  • Access Tokens: OAuth access tokens issued by Meta to your Page(s) and user account. All tokens are encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256) before being stored.

We do not access private messages (DMs), private user profiles, friend lists, payment data, or any data outside the Pages and accounts you explicitly connect.

2. How We Use Your Information
We use the information you provide to:

  • Review your marketing needs and offer tailored recommendations.
  • Communicate with you about your inquiry.
  • Create, manage, and optimize advertising campaigns on your behalf.
  • Display your Meta and Instagram comments in a unified inbox, and execute replies, hides, deletes, and other moderation actions on your explicit instruction.
  • Generate AI-suggested replies to comments (see Section 6).
  • Generate performance reports and analytics for your advertising accounts.
  • Authenticate you and keep your account secure.
  • Improve our services and website.
  • Comply with legal obligations.

We do not sell, rent, or trade your information to third parties.

3. How We Protect Your Information
We implement industry-standard technical and organizational security measures, including:

  • TLS 1.2+ encryption in transit.
  • Fernet (AES-128-CBC + HMAC-SHA256) encryption at rest for all Meta access tokens.
  • Passwords hashed with bcrypt.
  • PostgreSQL row-level security enforcing strict per-tenant isolation at the database layer, so no customer can ever access another customer’s data.
  • HTTP-only, Secure, SameSite session cookies.
  • Access controls, audit logging, and regular security reviews.

No system is 100% secure, but we work to protect your information using reasonable safeguards.

4. Sharing Information
We share information only with trusted service providers who assist in operating our website, running our business, or servicing you — under strict confidentiality agreements. Our current sub-processors are:

  • Meta Platforms Ireland Ltd. — when you post replies, hide, or delete comments via our platform, those actions are sent to the Meta Graph API and become subject to Meta’s own privacy policy.
  • Anthropic PBC — comment text, the related post/ad text, and your configured voice profile are sent to the Anthropic Claude API to generate suggested replies. Anthropic does not train its models on API inputs and retains inputs only for limited abuse monitoring. See https://www.anthropic.com/legal/privacy.
  • Hostinger International Ltd. — our hosting provider. Data is stored on servers located in the European Union.

We do not sell, license, or otherwise distribute your information or Meta Platform Data to any other third parties.

5. Meta Platform Data
Our application integrates with the Meta Graph API (including the Marketing API, Pages API, and Instagram Graph API) to manage advertising campaigns and public comment engagement on behalf of our clients. When you authorize our application:

  • We access your Meta ad account data, including campaigns, ad sets, ads, audiences, and performance metrics.
  • We access your connected Facebook Pages and linked Instagram Business accounts, including posts, advertisements, and public comments left by other users.
  • Data accessed through Meta’s API is used solely for advertising and comment management purposes on your behalf.
  • We do not sell, license, or otherwise distribute Meta Platform Data to third parties.
  • We do not use Meta Platform Data for purposes other than providing our advertising and comment management services to you.
  • All Meta Platform Data is handled in accordance with Meta’s Platform Terms and Developer Policies.
  • You may disconnect your Meta and Instagram accounts at any time from your account settings, which will immediately revoke our access tokens.
  • You may also revoke the PPC Designs application directly from Meta at https://www.facebook.com/settings?tab=business_tools.
  • Upon termination of our services, disconnection of your account, or upon your request, we will delete all Meta Platform Data in our possession within 30 days.

6. AI-Generated Reply Suggestions
For each new comment ingested from Meta or Instagram, our platform sends the comment text, related post or ad text, and your configured brand voice profile to Anthropic’s Claude API to generate a suggested reply. The suggested reply is shown only to you inside your account for approval, revision, or rejection. Nothing is posted back to Meta until you explicitly click Approve. You are solely responsible for reviewing each suggestion before approving it, and for any content ultimately posted under your name or your clients’ names. You can disable AI suggestions in your account settings at any time.

7. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies (such as Google Tag Manager) to analyze website traffic and improve user experience. These technologies may collect information such as your browser type, pages visited, and time spent on the site. You can control cookie settings through your browser preferences.

The PPC Designs platform at app.ppcdesigns.com uses a single HTTP-only session cookie (pp_session) strictly for authentication. It does not set third-party advertising or tracking cookies.

8. Data Retention

  • Account data: retained while your account is active and for up to 90 days after closure, then deleted or anonymized.
  • Comments and Meta metadata: retained while the connection is active. When you disconnect a Page or account, the associated comments and tokens are deleted within 30 days.
  • Backups: may retain deleted data for up to 35 days in rolling encrypted backups before they are overwritten.
  • Audit logs: retained for 12 months for security and compliance purposes.
  • Website lead data: retained for up to 12 months after our last contact, unless you request earlier deletion.

You may request deletion of your data at any time by contacting us at privacy@ppcdesigns.com.

9. Your Rights Under GDPR and CCPA
If you are located in the European Economic Area (EEA), the United Kingdom, or California, you have rights under the GDPR and CCPA, including:

  • The right to access, correct, or delete your personal information.
  • The right to object to or restrict how we use your information.
  • The right to data portability — to request a copy of the information we hold about you in a machine-readable format.
  • The right to withdraw consent at any time.
  • The right to opt out of the sale of your personal information (we do not sell your information).
  • The right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner’s Office — https://ico.org.uk).

To exercise any of these rights, please contact us at privacy@ppcdesigns.com. We will respond within 30 days.

10. International Transfers
Data is primarily stored on servers located in the European Union. Where data is transferred outside the EU/UK (for example to Anthropic in the United States), we rely on the European Commission’s Standard Contractual Clauses and the EU–US Data Privacy Framework where applicable.

11. Children
The platform is not directed at children under 13 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, email privacy@ppcdesigns.com and we will delete it.

12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via the platform and/or email at least 14 days before they take effect. The effective date at the top of this page always reflects the current version.

13. Contact Us
For privacy and data requests:
Email: privacy@ppcdesigns.com

For general enquiries:
Email: contact@ppcdesigns.com

PPC Designs LTD

New Home Page

Let’s Talk

Ready to stop wasting budget, and start scaling with confidence?

"*" indicates required fields