Privacy Policy
Gccfy (“we”, “us”, “our”) provides tools that surface and organize public advertising information sourced from the Facebook Ad Library and other publicly available sources. We are not affiliated with Meta Platforms, Inc. This Privacy Policy explains what we collect, why we collect it, and how we handle your data.
1. Who we are
Gccfy is a SaaS product. Contact: [email protected].
2. What we collect
- Account data: email, display name, password hash, plan, signup and activity timestamps.
- Billing data: handled by our payment processor (e.g., PayPal/Paddle/Stripe). We do not store full card numbers. We may keep transaction IDs, plan, amount, currency, and invoice metadata.
- Usage data: saved ads, followed pages, search queries, daily request counters, logs for debugging (timestamps, endpoint path, response codes, basic request metadata).
- Device & technical data: IP address, user agent, language, cookies/identifiers (e.g., session ID, CSRF token), approximate location derived from IP.
- Support communications: emails or messages you send us and their metadata.
3. Data sources
We collect and process data from:
- You (account creation, app interactions).
- Payment processors (limited billing metadata).
- Public sources including the Facebook Ad Library. We access and organize public information; we do not bypass access controls.
4. Why we process your data (legal bases)
- Contract – to provide the service, authenticate sessions, enforce usage limits, and deliver features of your plan.
- Legitimate interests – to maintain security (fraud/abuse prevention), improve reliability, and understand aggregate usage.
- Consent – for optional features (e.g., marketing emails) when applicable.
- Legal obligations – bookkeeping, compliance, responding to lawful requests.
5. How we use data
- Operate the app: authentication, sessions, limits, personalization.
- Customer support and incident response.
- Security: detecting abuse, rate-limiting, preventing unauthorized access.
- Analytics on aggregated/anonymous metrics to improve performance and features.
- Billing and plan management via our payment provider.
6. Sharing
- Service providers under contract (hosting, storage, email, analytics, payments). They only process data on our instructions.
- Legal when required by law or to protect our rights or the safety of users.
- Business transfers (merger, acquisition) where your data may be part of transferred assets.
7. Cookies
We use strictly necessary cookies (session, CSRF) and functional cookies. See our Cookie Policy for details and controls.
8. Security
We apply standard safeguards (HTTPS, access controls, encryption at rest where supported, audit logs). No system is perfect; keep your credentials secure and use unique passwords.
9. Retention
We keep personal data for as long as you have an account and as required for legal/accounting purposes. You can request deletion; some records may be retained where legally necessary.
10. International transfers
Your data may be processed in other countries by our infrastructure and providers. Where relevant, we rely on appropriate safeguards (e.g., SCCs) with processors.
11. Your rights
Depending on your location, you may have rights to access, correct, delete, port, or object/restrict processing. To exercise rights, email [email protected]. We will verify your request and respond within a reasonable time.
12. Children
Our service is not for children under 16. We do not knowingly collect data from children.
13. Third-party services & public sources
We are not affiliated with Meta. Facebook® and other marks belong to their owners. We present data obtained from public sources (e.g., Facebook Ad Library). Use of such data must follow the third party’s terms and laws.
14. Changes
We’ll post updates here and adjust the “Effective date”. Material changes may be announced in-app or by email.