Privacy Policy

This Privacy Policy (the "Policy") describes what data AdMetric LLC ("Operator", "we") processes, for what purposes, how we protect it, and what rights you have. The Policy is drafted in compliance with Russian Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006.

1. Definitions

• Operator — ООО «Адметрик», ИНН 9726112159.
• User — an individual using the website https://admetric.pro and/or the platform https://app.admetric.pro.
• Customer — a legal entity or sole proprietor that has entered into an agreement to use the Platform.
• Platform — the AdMetric marketing automation service.
• Personal data — any information relating to a directly or indirectly identified or identifiable individual.
• Processing — any actions with personal data including collection, recording, storage, use, transfer, deletion.
• Cookies — small files placed in the User's browser.

2. Categories of data processed

2.1. When you use the admetric.pro website

• IP address, country and region (resolved from IP via MaxMind GeoLite2 database hosted in the United States);
• browser data: User-Agent, screen resolution, language;
• cookies (see Section 5);
• navigation events: pages viewed, transitions, traffic source (UTM tags).

2.2. When you register on the Platform

• email and name;
• password (stored as a bcrypt hash, not accessible to us in plain text);
• for Customers: company / sole proprietor details (name, tax ID, address, contact person);
• account login records (IP, User-Agent, date) — for security purposes.

2.3. When the tracker is installed on the Customer's website

If a Customer installs the AdMetric tracker script on their website, we collect data about visitors to that site (this is third-party personal data processed on behalf of the Customer):

• admetric_vid — visitor ID in a cookie (lifetime 2 years, HttpOnly, SameSite=None);
• fingerprint — composite hash of device characteristics;
• IP address and geolocation derived from IP;
• email and phone — if the Customer passed them via the identify() method on their site (e.g., after visitor registration);
• site events: clicks, page views, form submissions, conversions.

2.4. When connecting integrations with ad platforms and CRMs

The Platform connects to 48+ external services via OAuth 2.0 or API key (Yandex Direct, Google Ads, Meta Ads, TikTok Ads, VK, amoCRM, Bitrix24, HubSpot, Salesforce, etc.). From these services we receive:

• access tokens (refresh / access tokens) — stored encrypted (AES-256);
• ad campaign statistics (budgets, clicks, impressions, conversions);
• lead data (name, email, phone) — for conversion attribution;
• deal data from the Customer's CRM (not shared with third parties, used solely for analytics).

2.5. When paying for a subscription

Payments are processed by payment providers (T-Bank Cassa for Russia, PayPal/Stripe for other regions). We receive only the payment ID, masked card number (last 4 digits), and expiration date. Full card details are never stored by AdMetric.

3. Purposes of processing

• providing access to the Platform and rendering services;
• concluding, performing and terminating the contract;
• ensuring security (protection against breaches, audit logging);
• conversion attribution: linking click → visit → lead → deal;
• AI content generation (ad copy, posts, articles) — data is transmitted to Anthropic Claude API (USA) for this purpose;
• analytics and Platform improvement (aggregated, anonymized data);
• informing Users about campaign status, errors, news;
• compliance with legal requirements (accounting, tax reporting).

4. Legal basis for processing

• User's consent (Art. 6.1.1 of 152-FZ);
• performance of a contract to which the data subject is a party (Art. 6.1.5);
• pursuit of legitimate interests of the operator (Art. 6.1.7) — for analytics, security, audit logging;
• compliance with legal obligations (Art. 6.1.2) — tax and accounting reporting.

5. Cookies and similar technologies

We use the following technical cookies on admetric.pro and within the Platform:

You may disable cookies in your browser settings. Some features (such as logging into the Platform) will become unavailable.

6. Retention periods

• Account and associated personal data — until the User deletes the account or upon request;
• Tracker and analytics events — up to 24 months, then aggregated;
• Integration OAuth tokens — until the integration is disconnected;
• Security audit log (logins, password changes, etc.) — 12 months;
• Contract and payment documents — 5 years after contract termination (Russian Tax Code Art. 23, Federal Accounting Law 402-FZ);
• Upon withdrawal of consent — data is deleted within 30 days, except where retention is required by law.

7. Sharing data with third parties

We share data with the following categories of recipients (subprocessors):

• Anthropic, Inc. (США) — content processing via Claude API for AI generation;
• Cloudflare, Inc. (США) — DDoS protection, CDN;
• MaxMind, Inc. (США) — IP-based geolocation;
• Payment providers: T-Bank Cassa (Russia), PayPal (USA), Stripe (USA);
• Ad platforms and CRMs: we transmit data that the Customer has explicitly configured for transfer (e.g., conversion events to Yandex.Metrica or Meta CAPI);
• Government authorities — upon lawful request (court, investigative authorities, tax authorities, regulators).

8. Cross-border data transfers

Some of our subprocessors are located outside Russia (United States). Transfers to the US are performed based on your consent (Art. 12 of 152-FZ). The US is not on the list of countries providing adequate protection, so we enter into agreements with such recipients obligating them to ensure protection at a level no lower than 152-FZ requirements.

For EU/UK users, Standard Contractual Clauses (SCC) as adopted by the European Commission additionally apply.

9. Your rights

You have the right to:

• obtain confirmation of processing and information about the categories of data processed (Art. 14 of 152-FZ);
• request rectification, blocking, or deletion of inaccurate, incomplete, or unlawfully obtained personal data;
• withdraw consent to processing at any time by written notice to legal@admetric.pro — we will delete the data within 30 days;
• obtain a copy of your personal data in a structured format;
• lodge a complaint against the Operator with Roskomnadzor (https://rkn.gov.ru) or in court.

For EU/UK residents: you additionally have the rights to data portability (Art. 20 GDPR), to object to processing based on legitimate interest (Art. 21), to restrict processing (Art. 18), and not to be subject to solely automated decision-making (Art. 22). Contact dpo@admetric.pro to exercise these rights.

For California residents: under CCPA/CPRA you have the right to know, the right to delete, the right to correct, the right to opt-out of the sale or sharing of personal information (we do not sell personal information), the right to limit use of sensitive personal information, and the right to non-discrimination.

10. Security

Our security measures are disclosed on the /security page: TLS 1.3 encryption (traffic) and AES-256 (OAuth tokens), 2FA, action audit log, workspace-level data isolation, protection against brute-force and DDoS.

11. Age

The Platform is intended for users aged 16 and older (for EEA/UK) or 13 and older (for the US with parental consent), or 18+ (for Russia). If we learn that we have processed a minor's data without parental or guardian consent, we will delete that data.

12. Changes to this Policy

We may update this Policy. Material changes will be communicated by email and/or by a banner in the Platform at least 14 days before they take effect.

13. Contacts