Privacy Policy

Last updated: April 7, 2026

1. Introduction

Nina Technologies LLC (“Company,” “we,” “us,” or “our”) operates Nina Technologies, an automated Facebook advertising management platform. This Privacy Policy describes how we collect, use, and protect information when you use our Service.

2. Information We Collect

Account Information

When you register, we collect your email address and a hashed version of your password. We never store passwords in plain text.

Meta Ad Account Data

When you connect your Meta ad account, we access campaign performance metrics (spend, impressions, clicks, conversions), campaign structure data, and your Meta access token (stored encrypted). We use this data solely to operate the optimization service on your behalf.

Conversion Tracking Data

Our tracking script and conversion API collect attribution data including click identifiers (fbclid), UTM parameters, IP addresses, and user agent strings. When conversion events include personally identifiable information (PII) such as email addresses, phone numbers, or names, we immediately hash this data using SHA-256 before storage. We never store raw PII. Hashed data is forwarded to Meta via the Conversions API (CAPI) for ad attribution purposes.

Cookies

Our tracking script sets a first-party cookie (acs_uid) to maintain visitor session continuity for conversion attribution. This cookie contains a randomly generated identifier and does not store any personal information.

3. How We Use Information

We use the information we collect to:

  • Operate and maintain the Service
  • Execute automated campaign optimization (pausing, scaling, and budget adjustments)
  • Forward conversion data to Meta for ad attribution and optimization
  • Generate performance reports and decision audit logs
  • Authenticate your identity and secure your account
  • Communicate with you about service-related matters

4. Data Sharing

We do not sell your data. We share data only in the following circumstances:

  • Meta (Facebook): Hashed conversion data is forwarded to Meta via CAPI as required for ad attribution and optimization. This is a core function of the Service that you authorize by connecting your ad account.
  • Service providers: We may use third-party infrastructure providers (hosting, databases) that process data on our behalf under strict confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Password hashing with bcrypt
  • JWT-based authentication with token expiration
  • Immediate SHA-256 hashing of all PII
  • SSRF protection on URL-fetching endpoints
  • CORS restrictions and ownership checks on all API endpoints

While we strive to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active. Campaign performance data and decision logs are retained to provide historical reporting and audit trails. Conversion event data (containing only hashed PII) is retained for attribution purposes. You may request deletion of your account and associated data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability

To exercise these rights, please contact us at the address below.

8. Your End Users

If you use our conversion tracking features, you are responsible for providing appropriate privacy notices to your own end users and obtaining any required consents for data collection and sharing with Meta. We act as a data processor on your behalf for end-user conversion data.

9. Children’s Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy, please contact us at cyrus@ninatechllc.com.

Nina Technologies LLC

© 2026 Nina Technologies LLC. All rights reserved.