Privacy Policy

Last Updated: December 2025

At Beelog Digital Marketing Agency ("Beelog," "we," "us," or "our"), we protect your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Fill out contact forms or request a consultation
  • Subscribe to our newsletter or resources
  • Engage with our services as a client
  • Communicate with us via email, phone, or WhatsApp

This may include: name, email address, phone number, company name, website URL, ad spend data, and other business-related information.

1.2 Authentication Cookies

We use essential authentication cookies to manage user sessions when you log in to our platform:

  • Session tokens: Required for secure authentication and session management
  • Security cookies: Protect against unauthorized access

These cookies are strictly necessary for the operation of our services and do not track your browsing behavior. See our Cookie Policy for details.

1.3 Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: When you voluntarily provide information
  • Contract Performance: To provide services you've requested
  • Legal Obligations: To comply with applicable laws and regulations
  • Legitimate Business Interests: To improve our services and communicate with you

1.4 Data Retention

We keep your data only as long as needed:

  • Client Data: 10 years for accounting and tax compliance purposes (as required by IRS regulations and Delaware corporate law)
  • Marketing Data: 3 years or until you opt-out
  • Contact Forms: 2 years or until request completion
  • Authentication Sessions: Active sessions expire after 30 days of inactivity

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve our digital marketing services
  • Respond to inquiries and communicate with prospects and clients
  • Send newsletters, updates, and marketing communications (with your consent)
  • Manage user authentication and secure access to our platform
  • Comply with legal obligations and protect our rights
  • Conduct advertising campaigns on behalf of our clients

3. Information Sharing

We don't sell your personal information. We may share it with:

  • Service Providers: Third-party vendors who assist with website hosting, email delivery, analytics, and payment processing
  • Advertising Platforms: Facebook, Google, and other platforms where we manage campaigns on behalf of clients
  • Legal Compliance: When required by law, regulation, or legal process
  • Business Transfers: In the event of a merger, acquisition, or sale of assets

4. Data Security

We implement comprehensive security measures to protect your personal information:

  • Encryption: All data in transit is protected using TLS 1.3 encryption
  • Database Security: Data at rest is encrypted using AES-256 encryption
  • Access Controls: Role-based access controls (RBAC) limit data access to authorized personnel only
  • Authentication: Multi-factor authentication (MFA) available for sensitive accounts
  • Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance
  • Monitoring: 24/7 security monitoring and automated threat detection
  • Regular Audits: Periodic security assessments and vulnerability testing

While we implement industry-leading security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using all reasonable safeguards.

5. Your Rights and Choices

5.1 General Rights

You may have these rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request corrections to inaccurate or incomplete data
  • Deletion: Request deletion of your personal information, subject to legal obligations
  • Opt-Out: Unsubscribe from marketing emails at any time
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object to Processing: Object to certain processing of your personal data

5.2 GDPR Rights (European Union)

EU residents have these additional rights:

  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Automated Decision-Making: We don't use automated decision-making or profiling that produces legal effects
  • Lodge a Complaint: Contact your local data protection authority if you believe we've violated your rights

5.3 CCPA/CPRA Rights (California Residents)

California residents have these rights under CCPA/CPRA:

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information (see our Do Not Sell My Personal Information page)
  • Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: Request limitation of sensitive personal information use

5.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Response Timeline:

  • GDPR Requests (EU): We'll respond within 30 days (may be extended by 2 months for complex requests)
  • CCPA Requests (California): We'll respond within 45 days (may be extended by an additional 45 days if needed)
  • US Privacy Requests: We'll respond within 30 days

We may need to verify your identity before processing your request to protect your privacy and security.

6. Third-Party Links

Our website may link to third-party sites. We're not responsible for their privacy practices. Review their policies before sharing information.

7. International Data Transfers

We are a Delaware LLC and process data using cloud infrastructure that may be located in various jurisdictions. Please be aware that your personal information may be transferred to, stored, and processed in:

  • Countries within the European Economic Area (EEA)
  • United States
  • Singapore
  • Other countries where our service providers operate

For data transfers from the EU/EEA: We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): EU Commission-approved contracts that provide legal protection
  • Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
  • Vendor Compliance: Our infrastructure providers maintain GDPR compliance certifications

By using our services, you acknowledge and consent to these international data transfers under the safeguards described above. You have the right to obtain information about the safeguards we use by contacting us at privacy@beelog.agency.

8. Children's Privacy

Our services aren't for people under 18. We don't knowingly collect data from children. If we discover we have it, we'll delete it.

9. Changes to This Policy

We may update this policy. We'll communicate major changes through:

  • An updated "Last Updated" date at the top of this page
  • Email notification to registered users (for significant changes)
  • Prominent notice on our website

Review this policy regularly. Continued use after changes means you accept the updates.

10. US Privacy Law Compliance

As a Delaware LLC operating in the United States, we comply with applicable federal privacy laws including the Federal Trade Commission Act (FTC Act), CAN-SPAM Act, and Children's Online Privacy Protection Act (COPPA). We also comply with state privacy laws that apply to our operations, including but not limited to the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), and other state-specific privacy regulations where applicable.

Your Rights Under US Privacy Laws

Depending on your state of residence, you may have rights including: the right to know what personal information is collected, the right to access your data, the right to delete your data, the right to correct inaccuracies, the right to opt-out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights. To exercise these rights, please contact us using the information provided in Section 12.

11. Data Breaches

If a breach affects your data, we'll:

  • Notify affected individuals within 72 hours (where required by law)
  • Report the breach to relevant authorities as required by applicable law, including the Federal Trade Commission (FTC), state attorneys general where required, and EU supervisory authorities for GDPR compliance where applicable
  • Provide information about the nature of the breach and steps taken to mitigate harm
  • Offer guidance on protective measures you can take

12. Third-Party Platform API Integrations

As part of our digital marketing services, we access and utilize third-party advertising platform APIs to manage campaigns on your behalf. This section describes how we collect, use, and protect data through these integrations.

12.1 Meta (Facebook) Marketing API

We access Meta Ads accounts through the Meta Marketing API with your explicit authorization to provide advertising campaign management services.

Data Types Accessed:

  • Ad account IDs and account information
  • Campaign performance metrics (impressions, clicks, conversions, spend)
  • Audience insights and demographic data (aggregated)
  • Ad creative performance data
  • Conversion tracking and attribution data

Purpose of Access: We use this data solely to manage, optimize, and report on advertising campaigns on your behalf. This includes creating and editing campaigns, analyzing performance, optimizing targeting and budgets, and providing performance reports.

Data Retention: Campaign performance data is retained according to the retention schedules outlined in Section 1.4 of this Privacy Policy. We do not retain data longer than necessary for service delivery.

Your Rights: You can revoke our access to your Meta ad accounts at any time through your Meta Business Manager settings or by contacting us. Upon revocation or termination of services, we will delete your Meta data in accordance with Section 5.4.

Meta's Privacy Practices: Meta's handling of data is governed by their own policies. Please review:

12.2 Google Ads API

We access Google Ads accounts through the Google Ads API using OAuth 2.0 authorization, with your explicit consent, to manage advertising campaigns.

Data Types Accessed:

  • Google Ads account information and customer IDs
  • Campaign performance metrics (impressions, clicks, conversions, cost)
  • Keyword performance and search term data
  • Conversion tracking data and attribution metrics
  • Ad creative and extension performance
  • Audience and remarketing list data (aggregated)

Purpose of Access: We use this data exclusively to manage, optimize, and report on your Google Ads campaigns. This includes campaign creation and management, bid optimization, keyword research, conversion tracking, and performance reporting.

OAuth Token Storage: Access credentials (OAuth tokens) are encrypted using industry-standard AES-256 encryption and stored securely in our database. These tokens are used only to authenticate our access to your Google Ads account and are never shared with third parties.

Scope Limitation: We only request the minimum necessary permissions (google.ads scope) to manage your advertising campaigns. We do not request access to personal email, contacts, or other Google services.

Your Rights: You can revoke our access at any time through your Google Account Permissions page or by contacting us. You can also request deletion of your Google Ads data per Section 5.4.

Google's Privacy Practices: Google's data handling is governed by their own policies:

12.3 General API Data Practices

No Selling of Data: We never sell, rent, or lease data accessed through platform APIs to third parties. All data is used exclusively for providing contracted services to you.

Data Minimization: We only access and store the minimum data necessary to provide effective campaign management services.

Client Ownership: You retain full ownership and control of your advertising accounts and data. Our access is solely as a service provider acting on your behalf.

Secure Access: All API connections use secure, encrypted channels. Access tokens and credentials are encrypted at rest and in transit.

Compliance: Our use of these APIs complies with each platform's terms of service, API policies, and data protection requirements.

Revoking Access: You can revoke our API access at any time by contacting us at privacy@beelog.agency or through the respective platform's settings. We will promptly cease accessing your accounts and delete associated data per your instructions.

13. Contact Us

Questions? Contact us:

Beelog Digital Marketing Agency

c/o Legalinc Corporate Services, Inc.

651 N Broad St, Suite 201

Middletown, DE 19709

General Inquiries: hello@beelog.agency

Privacy Requests: privacy@beelog.agency

WhatsApp: +639952745596

Website: beelog.agency