PRIVACY POLICY

Last Updated: 12/06/25

This “Privacy Policy” describes the privacy practices of DPA+ and our subsidiaries and affiliates (collectively, “DPA+”, “we”, “us”, or “our”) and how we handle personal information that we collect through our website and software platform (collectively, the “Service”).

This Privacy Policy is intended for businesses and their representatives ("Clients"). We do not offer products or services for use by individuals for their personal, family, or household purposes.

Important Note Regarding Client Data: In the course of using our Service, Clients may upload data regarding their own customers or audiences ("Client Data"). DPA+ processes Client Data strictly as a service provider (or "data processor") on behalf of our Clients. The management of Client Data is governed by our Terms of Service and any applicable Data Processing Addendum, not solely by this Privacy Policy.

Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
Your Choices
Security Practices
International Data Transfers
Children
Changes to this Privacy Policy
How to Contact Us

Personal Information We Collect

Information you provide to us. We may collect the following personal information from you through or in connection with the Service:

Business Contact Information: Name, email, phone number, professional title, and company name.
Account Information: Email address, password, and account preferences.
Payment Information: Billing address and credit card details. Note: We do not store sensitive cardholder data on our servers. Payment transactions are processed by third-party secure processors (e.g., Stripe or PayPal).
Content Uploads: Ad creatives, product catalogs, images, and text you upload to the Service to generate assets, along with associated metadata.
Usage & Support: Information provided when you contact support, request demos, or interact with our sales team.

Information we obtain from social media platforms. If you choose to login to the Service via a third-party platform (e.g., "Log in with Facebook" or "Sign in with Google"), or connect your ad accounts to our Service, we may collect information accessible via that platform's permissions.

Basic Profile: This typically includes your name, email address, and profile picture.
Ad Account Data: If you connect ad accounts (e.g., Meta Ads Manager), we collect the data required to perform the Service, such as ad account IDs and campaign performance data, in accordance with the platform’s API terms.

We do not collect or scrape your personal friend lists or personal social connections.

Automatic data collection. When you use our Service, we and our service providers may automatically log:

Device Data: Operating system, browser type, IP address, screen resolution, and device type.
Online Activity Data: Pages viewed, duration of access, and navigation paths.
Location Data: We may derive general location (city/country) from your IP address to determine currency and tax settings.

Cookies and similar technologies. We use cookies (text files stored on your browser) and pixel tags to:

Maintain your login session and security.
Remember your preferences.
Analyze how our Service is used (Analytics).
Facilitate online advertising.

How We Use Your Personal Information

We use your personal information for the following business purposes:

Service Delivery

To operate the DPA+ platform and generate creative assets.
To facilitate logins via third-party providers (Google/Meta).
To process payments and manage subscriptions.
To provide customer support and troubleshooting.

Research and Development

To analyze usage trends and improve the Service.
To create aggregated, de-identified data (which is not personal information) for benchmarking and marketing.

Marketing

To send you updates about DPA+ products, webinars, and events.
To display interest-based advertising on other platforms (e.g., retargeting).

Compliance and Protection

To comply with legal obligations and prevent fraud or abuse of the Service.

How We Share Your Personal Information

We do not sell your personal contact information to data brokers. We share information only as follows:

Service Providers: With third-party vendors who help us operate (e.g., cloud hosting like AWS, customer support tools, email delivery systems, and analytics providers such as Google Analytics).
Payment Processors: With secure processors (e.g., Stripe) to handle billing.
Ad Platforms: If you utilize our integration features, data is shared with the respective ad platform (e.g., Meta, Google, TikTok) at your direction to publish ads.
Legal Requirements: If required by subpoena, law enforcement, or to protect the rights and safety of DPA+ and our users.
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

Your Choices

Access/Update: You can review and update your profile information by logging into your account.
Marketing Opt-Out: You may unsubscribe from marketing emails via the link in the footer of our emails. System/transactional emails (e.g., password resets) cannot be opted out of.
Cookies: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly without cookies.
Do Not Track / Global Privacy Control: Some browsers transmit "Do Not Track" signals. We honor valid Global Privacy Control (GPC) signals where required by applicable law (such as the CPRA in California).

Security Practices

We employ industry-standard organizational, technical, and physical safeguards designed to protect the personal information we collect (e.g., encryption in transit and at rest). However, no internet transmission is completely secure, and we cannot guarantee absolute security.

International Data Transfers

DPA+ is headquartered in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. By using the Service, you consent to this transfer. We rely on standard data protection frameworks for such transfers.

Children

Our Service is a B2B tool and is not intended for children under 16. We do not knowingly collect personal information from children.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy. Material changes will be communicated via email or a prominent notice on the Service.

How to Contact Us

DPA+ Email: hello@dpaplus.com

DPA+ is a DBA for GetDibs LLC, a Delaware limited liability company.