Privacy Policy

• Service name: Marty
• Service URL: https://marty.staff-ai.jp
• Contact: mail@marketing-diy-lab.com

2-1. Information you provide

• Email address and password (at sign-up)
• Chat messages and instructions you enter
• Images you attach for creative generation

2-2. Information from Meta (Facebook)

• Meta Ad Account ID, name, currency
• Campaigns / ad sets / ads structure (name, status, budget, targeting, creative)
• Ad performance data (impressions, clicks, spend, conversions, etc.)
• OAuth access token (stored encrypted, auto-refreshed every 60 days)

We do NOT collect personal profile information, friend lists, or post content. Only information necessary for ad management is retrieved.

• ads_read: To fetch ad performance metrics (impressions, conversions, ROAS, etc.) for the user's ad account and display them in the KPI dashboard and daily AI report.
• ads_management: To execute actions approved by the user in the Marty UI (pause/resume campaigns, change daily budget, create new ads). We never modify ads without explicit user approval(with the exception of user-configured automation rules with conditions the user has set).
• business_management: To list the ad accounts under the user's Meta Business Manager so the user can choose which account to connect to Marty.
• email, public_profile: For identity verification at connection time and display of the user's name.

• Analyze and visualize ad performance (KPI dashboard)
• Generate AI-powered operational suggestions and improvement advice
• Execute ad operations approved by the user (pause/resume/budget/create)
• Send the daily AI report by email
• Send alert emails when thresholds are exceeded
• Implicitly learn the user's decision patterns from operation logs to improve the precision of future suggestions (personalization)

• Meta Marketing API (Meta Platforms, Inc.): Ad data retrieval and operations
• Anthropic Claude API (Anthropic, PBC): AI analysis and text generation
• Supabase (Supabase, Inc.): Authentication, database, file storage
• Stability AI (Stability AI Ltd.): Creative image generation and editing
• Resend (Resend, Inc.): Email delivery
• Vercel (Vercel, Inc.) / Fly.io (Fly.io, Inc.): Hosting

Each provider handles data according to their own privacy policy.

• All communication is encrypted via TLS (HTTPS).
• Meta OAuth access tokens are encrypted at rest.
• The database uses Row Level Security (RLS) to fully isolate users from each other.
• Passwords are stored as bcrypt hashes by Supabase Auth, never in plaintext.

• Ad performance data: Retained while the account is connected (for historical analysis)
• Chat history: Retained while the account is connected
• Operation logs (for personalization): Last 30 days used for aggregation; older entries may be pruned
• After account deletion: all data is deleted within 30 days (including backups)

• Right of access: Request disclosure of your stored data
• Right of rectification: Request correction of inaccurate data
• Right of erasure: Request deletion of your data (see Data Deletion Instructions )
• Right to revoke OAuth: Disconnect Meta OAuth at any time via Facebook Settings → Business Integrations → Remove Marty
• Reset of learned data: One-click deletion of operation logs and behavior profile via the Personalization section in Settings

Requests should be sent to mail@marketing-diy-lab.com. We will respond within 7 business days.