Legal

Privacy Policy

Last updated: June 18, 2026  ·  Effective: January 1, 2024

Summary: BE IT Ads Command Center connects to your advertising accounts (Meta, Google, TikTok, Snapchat) via official OAuth APIs to retrieve campaign performance data only. We do not sell your data, do not run ads inside the platform, and store only what is needed to operate the service.

Contents
  1. Who we are
  2. What data we collect
  3. How we use your data
  4. Data sharing
  5. Platform-specific disclosures
  6. Data retention
  7. Security
  8. Your rights
  9. Cookies
  10. Children's privacy
  11. Changes to this policy
  12. Contact

1. Who We Are

BE IT Ads Command Center ("the Tool", "we", "us", "our") is a unified advertising analytics platform accessible at be-it.site and app.be-it.site. The service is operated by BE IT, a technology company providing software tools for digital marketers and advertising agencies.

Contact email: privacy@be-it.site

2. What Data We Collect

2.1 Account Registration Data

  • Full name and email address
  • Hashed password (bcrypt — we never store plaintext passwords)
  • Account creation timestamp and last login time

2.2 Advertising Platform Data (via OAuth)

When you connect an ad platform, we retrieve and store the following only for your authenticated workspace:

  • Meta Ads API: Campaign names, ad set names, ad names, spend, impressions, clicks, reach, conversions, purchase revenue, add-to-cart events, landing page views, video views. We use the ads_read and read_insights permissions only — we do not request permissions to create, edit, or delete your ads.
  • Google Ads API: Campaign performance metrics including spend, impressions, clicks, conversions, conversion value, CTR. Retrieved via read-only GAQL queries.
  • TikTok Marketing API: Campaign and ad group performance data including spend, impressions, clicks, conversions, video views, reach. We access only reporting endpoints.
  • Snapchat Marketing API: Campaign spend, impressions, swipe-ups, conversions, reach. Read-only access via snapchat-marketing-api scope.

2.3 OAuth Tokens

To maintain connections to advertising platforms, we store OAuth access tokens and refresh tokens. These tokens are encrypted at rest using AES-256 encryption before being stored in our database. Tokens are only used to make API calls on your behalf and are never shared with third parties.

2.4 Usage Data

  • Pages visited within the app, date ranges selected, reports generated
  • Browser type, operating system, IP address (for security purposes only)
  • Error logs to help diagnose technical issues

3. How We Use Your Data

  • To authenticate your account and maintain secure sessions
  • To retrieve advertising performance data from connected platforms on your behalf
  • To calculate and display KPIs (ROAS, CPA, CPM, CTR, CPC, etc.) in your dashboard
  • To sync historical campaign data on a scheduled basis (every 6 hours via cron)
  • To send transactional emails (email verification, password reset)
  • To diagnose bugs and improve the platform

We do not use your advertising data for training machine learning models, advertising or marketing to third parties, or selling, renting, or sharing with any third party for their own commercial purposes.

4. Data Sharing

We do not sell or rent your personal data. We may share data only in these limited circumstances:

  • Hosting infrastructure: Your data is stored on Hostinger servers. Hostinger processes data under their own privacy policy and data processing agreements.
  • Ad platform APIs: When syncing data, requests are made to Meta, Google, TikTok, and Snapchat APIs. These companies process API requests under their own terms of service.
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose information after verifying the request's legitimacy.

5. API Data Use — Platform-Specific Disclosures

5.1 Meta (Facebook & Instagram)

BE IT uses the Meta Marketing API with the minimum required permissions (ads_read, read_insights) to retrieve campaign performance data. We do not access personal user data, messages, or any data outside of advertising metrics. Our use of Meta data complies with Meta Platform Terms and Meta Advertising Policies.

If you connected via Facebook Login and wish to request deletion of Meta-related data, you may do so from your Facebook App Settings or via our Data Deletion page.

5.2 TikTok

BE IT uses the TikTok Marketing API as a Direct Advertiser application to access campaign reporting data. We request only reporting and analytics scopes. Our use complies with TikTok For Business Developer Terms. TikTok advertising data retrieved through the API is used exclusively to display performance metrics to the authenticated account owner.

5.3 Google

BE IT uses the Google Ads API to retrieve campaign performance data via read-only GAQL queries. Our use complies with Google APIs Terms of Service and the Google Ads API Terms.

5.4 Snapchat

BE IT uses the Snapchat Marketing API with the snapchat-marketing-api scope to retrieve advertising performance data. Our use complies with Snap Inc. Terms of Service and the Snap Ads API Terms.

6. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Advertising metrics: Retained for up to 2 years to support historical analysis. You may request deletion at any time.
  • OAuth tokens: Deleted immediately upon disconnecting a platform or deleting your account.
  • Server logs: Retained for 90 days for security and debugging purposes.

7. Security

  • AES-256 encryption for OAuth tokens at rest
  • bcrypt hashing for all passwords (never plaintext)
  • CSRF token protection on all forms
  • PDO prepared statements to prevent SQL injection
  • HTTPS enforced on all pages
  • X-Frame-Options and security headers enforced
  • Session-based authentication with secure cookie flags

8. Your Rights

You have the right to access, correct, delete, or export your data. To exercise any of these rights, email privacy@be-it.site. We will respond within 30 days. You may also revoke OAuth access to any platform at any time from the Connections page in the app. See our Data Deletion page for full deletion instructions.

9. Cookies

We use only strictly necessary cookies: a session cookie that maintains your authenticated session, and a CSRF token cookie that prevents cross-site request forgery attacks. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

BE IT Ads Command Center is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@be-it.site and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify registered users via email at least 7 days before changes take effect.

12. Contact Us

For privacy-related questions or requests: