Legal
Privacy Policy
Last updated: July 2, 2026
1. Who we are
Cesara (“Cesara,” “we,” “our,” or “us”) is an autonomous advertising optimization service. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to cesara.ai, the Cesara application at app.cesara.ai, and related services (together, the “Service”).
If you have questions, contact us at hello@cesara.ai.
2. Information we collect
Account information
When you sign up, we collect your name, email address, password credentials, and business details you provide. If you subscribe to a paid plan, our payment processor collects your billing information (we do not store full card numbers).
Advertising platform data
When you connect an ad account, we access and process advertising data from that platform on your behalf — including campaigns, ad sets, ads, budgets, bids, performance metrics, creative assets, and audience/targeting configurations. For product businesses that connect Shopify, we also process order and product data to measure return on ad spend.
Platform credentials
When you authorize a connection to Meta, Google, TikTok, or Shopify, we store the resulting access tokens so we can manage campaigns for you. These tokens are encrypted at rest using AES-256-GCM encryption and are never shared.
Usage data
We collect logs, audit records, device and browser information, IP address, and actions taken in the Service to operate it securely, troubleshoot, and improve it.
3. How we use information
- To provide, operate, and maintain the Service
- To connect to and optimize your advertising accounts within the limits you set
- To generate AI-assisted strategy, recommendations, and creative for your review
- To produce reports, analytics, and competitor insights
- To authenticate you, enforce access controls, and keep an audit trail
- To process payments and manage your subscription
- To detect, prevent, and address security incidents and abuse
- To communicate with you about the Service
We do not sell your personal information.
4. Advertising platform connections
The Service integrates with third-party advertising and commerce platforms. Your use of those connections is also governed by each platform’s own terms and policies. We use data from these platforms only to provide the Service to you.
Google user data
Cesara’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access Google advertising data solely to operate the optimization and reporting features you request, we do not use it for advertising, we do not sell it, and we do not allow humans to read it except with your consent, for security, to comply with law, or as required to operate the Service.
Meta (Facebook & Instagram) data
We access Meta advertising data through Meta’s official APIs in accordance with the Meta Platform Terms and Developer Policies. Platform Data is used only to provide and improve the features you use, is stored securely, and is deleted on request as described in our Data Deletion instructions. We also surface publicly available competitor ads from the Meta Ad Library and Google Ad Transparency Center as part of research.
5. How we share information
We share data only with service providers that help us run the Service:
- Advertising & commerce platforms — Meta, Google, TikTok, and Shopify receive the data necessary to manage your campaigns and measure results.
- AI provider — Anthropic (Claude) processes campaign data to generate recommendations and creative. This data is not used to train models.
- Infrastructure — Supabase (database), Vercel (hosting), and Sentry (error monitoring).
- Payments — Stripe processes subscription billing.
- Legal — we may disclose data if required by law or to protect rights, safety, and the integrity of the Service.
6. Data security
- AES-256-GCM encryption for stored platform tokens
- Row-Level Security enforcing isolation between accounts
- Role-based access control
- HTTPS/TLS for all data in transit
- An immutable audit trail of changes
7. Data retention
We retain account and advertising data for as long as your account is active. Campaign performance data is retained for up to 24 months. When you delete your account or request deletion, we delete or de-identify your personal data as described in our Data Deletion instructions, except where we must retain limited records to comply with law.
8. Your rights and choices
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data
- Export your data in a portable format
- Object to or restrict certain processing
- Disconnect any advertising platform at any time
To exercise these rights, email hello@cesara.ai or see our Data Deletion instructions.
9. Cookies
We use strictly necessary cookies for authentication and session management. These are required for the Service to function. We do not use advertising or cross-site tracking cookies.
10. Children
The Service is intended for businesses and is not directed to anyone under 18. We do not knowingly collect personal information from children.
11. International users
We operate from the United States. If you access the Service from elsewhere, you understand your information will be processed in the United States.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date. Material changes will be communicated through the Service.
13. Contact
Cesara
Privacy requests: hello@cesara.ai