DirectAI Privacy Policy

Effective date: 2026-04-29

This privacy policy describes how DirectAI ("we", "the platform") collects, processes, and stores data accessed through Meta's Marketing API and related sources.

1. Scope and ownership

DirectAI is an internal automation tool operated by Silvio Junior on behalf of advertisers managing their own Meta ad accounts. The platform is not offered as a product to third parties. Each operator is the data controller for their own ad accounts.

2. Data we access

• Meta Ads metadata: ad accounts, campaigns, ad sets, ads, creatives, targeting specs, and hourly performance insights (spend, impressions, clicks, conversions, video metrics).
• Attribution data from RedTrack (clicks and conversions linked to ads).
• No personally identifiable information of end users. Pixel data is aggregated by Meta before reaching us.

3. How we use the data

• Generate aggregated performance reports for the operator.
• Run AI-assisted analysis to identify optimization opportunities.
• Compute reconciled ROAS, CPA, and unit-economics per ad and per funnel.
• Apply operator-approved optimizations (pause ads, adjust budgets) back to Meta.

4. Storage and retention

• Data is stored on infrastructure controlled by the operator (a private VPS on DigitalOcean).
• Backups are stored encrypted in DigitalOcean Spaces.
• Retention policy: 24 months rolling. Older data is aggregated; detail rows are removed.

5. Third-party processors

• Meta Marketing API (data source).
• RedTrack (attribution data source).
• Anthropic Claude (AI analysis; only system prompts and aggregated metrics; no raw user data).
• OpenAI (text embeddings of internal documentation).
• DigitalOcean (infrastructure host and backup storage).

We do not sell, share, or otherwise distribute Meta Ads data with parties outside this list.

6. Data deletion and access requests

Operators may request deletion of all stored data by contacting contato@alojavirtual.fun. We will delete the data within 7 business days of a verified request.

7. Security

• All API tokens are stored encrypted in environment variables on the server, never in source control.
• Database access is restricted to localhost and authorized service accounts.
• All HTTP traffic is encrypted via TLS (Let's Encrypt).
• Source code is hosted in a private GitHub repository.

8. Compliance with Meta Platform Terms

DirectAI processes Meta data in accordance with the Meta Platform Terms, Developer Policies, and applicable data protection regulations.

9. Updates to this policy

This policy may be updated periodically. Material changes will be communicated to operators by email.

10. Contact

Operator: Silvio Junior
Email: contato@alojavirtual.fun