Privacy Policy

This Privacy Policy ("Policy") describes how Y Corp ("Y Corp," "we," "us," or "our"), operator of the Betatron platform at https://www.betatron.ai, processes personal information when you visit our website, create an account, connect third-party platforms (including Google Ads and Google Tag Manager), use our autonomous advertising tools, or otherwise interact with our products and services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read this Policy. If you do not agree with our practices, do not use the Services. This Policy is incorporated into and should be read together with our Terms of Service.

Questions or requests regarding this Policy may be sent to support@betatron.ai. For general support, contact support@betatron.ai.

1. Scope and roles

This Policy applies to personal information we process as a controller (or equivalent under applicable law) in connection with the Services. When you connect advertising or analytics accounts, we may also process data on your behalf as a processor or service provider; in those cases, your instructions, our Terms, and any applicable data processing addendum govern processing in addition to this Policy.

The Services are intended for businesses and professionals. They are not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

2. Categories of information we collect

2.1 Information you provide directly

• Account and identity data: name, email address, authentication credentials, referral codes, billing contact details, and communications you send to us.
• Business and onboarding data: website URLs, business descriptions, campaign objectives, budget preferences, brand guidelines, negative keyword lists, geographic targets, and other strategic inputs you provide in chat or forms.
• Payment data: subscription plan selections and billing status. Payment card numbers and bank details are collected and processed by our payment processor (Stripe); we do not store full payment card numbers on our servers.
• Support and sales inquiries: messages, attachments, and metadata you submit through email, in-product chat, or contact forms.

2.2 Information collected automatically

• Device and usage data: IP address, browser type, operating system, device identifiers, pages viewed, referring URLs, session duration, feature interactions, crash reports, and diagnostic logs.
• Authentication and security logs: sign-in timestamps, magic-code verification events, OAuth authorization results, failed login attempts, and fraud-prevention signals.
• Cookies and similar technologies: as described in Section 9.

2.3 Information from third parties and integrations

• Google account data (sign-in): when you authenticate with Google, we receive your verified email address, name, and basic profile identifiers permitted by the OAuth scopes you approve.
• Google Ads data: upon authorization, we may access account metadata, campaign structures, keywords, ads, assets, bidding settings, budgets, performance metrics, conversion actions, and related advertising data via the Google Ads API.
• Google Tag Manager data: upon authorization, we may access container metadata, tags, triggers, variables, workspace versions, and publish status to audit, configure, or deploy tracking implementations.
• Website and public-source data: when you submit a URL, we may crawl publicly accessible pages, favicons, product imagery, and structured signals to build business context for campaign planning.
• Payment processor data: Stripe provides transaction confirmations, subscription status, invoice references, and dispute/chargeback notifications.
• AI and infrastructure providers: subprocessors may process limited technical or content data as necessary to host, secure, or operate the Services (see Section 7).

3. How we use personal information

We use personal information for the following purposes:

1. Provide, operate, maintain, and improve the Services, including autonomous campaign analysis, deployment, optimization, monitoring, reporting, and chat-based workflows.
2. Authenticate users, manage accounts, enforce referral and billing entitlements, and prevent fraud, abuse, and security incidents.
3. Process subscriptions, send transactional communications (verification codes, receipts, service notices), and provide customer support.
4. Generate AI-assisted recommendations, plans, ad copy, keyword structures, tracking configurations, and other outputs based on your inputs and connected account data.
5. Comply with law, respond to lawful requests, protect rights and safety, and enforce our Terms and policies.
6. Analyze aggregated or de-identified usage trends to improve reliability, performance, and product design.
7. Send marketing communications where permitted by law and your preferences; you may opt out of promotional emails at any time.

We do not sell personal information for money. We do not use Google OAuth data to serve unrelated third-party advertising. We do not permit human review of your connected Google Ads content except as needed for security, support you request, legal compliance, or with your direction.

4. Legal bases for processing (EEA/UK/Switzerland)

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:

• Contract: processing necessary to provide the Services you request.
• Legitimate interests: securing the Services, improving features, preventing abuse, and operating our business, balanced against your rights.
• Consent: where required for optional cookies, certain marketing, or specific integrations.
• Legal obligation: compliance with tax, accounting, anti-fraud, and regulatory requirements.

5. How we disclose information

We may disclose personal information to:

• Service providers and subprocessors that host infrastructure, send email, process payments, provide AI inference, monitor uptime, or otherwise support the Services under contractual confidentiality and security obligations.
• Integration partners you authorize (e.g., Google) when you connect accounts or approve OAuth scopes.
• Professional advisors (lawyers, accountants, insurers) under confidentiality duties.
• Authorities, courts, or parties when required by law, subpoena, or to protect rights, safety, and integrity of the Services.
• Successors in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy or notice as required by law.

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

6. AI and automated processing

Betatron uses machine learning and large language models to interpret business context, advertising data, and user instructions. Outputs may inform recommendations or automated changes you enable (including campaign mutations in Google Ads when autopilot or approved actions are active).

Automated processing is not solely used to make decisions producing legal or similarly significant effects about individuals without human involvement; the Services are designed for business advertising operations. You retain responsibility for reviewing material changes, budgets, and compliance with applicable advertising laws and platform policies.

Prompts, retrieved account context, and generated outputs may be logged temporarily for quality, safety, debugging, and abuse prevention. We apply access controls and retention limits to such logs.

7. Subprocessors and international transfers

We use cloud infrastructure and vendors that may process data in the United States and other countries. Current categories of subprocessors include hosting providers, database services, email delivery (e.g., Amazon SES), payment processing (Stripe), AI model providers, and analytics/monitoring tools.

When we transfer personal information internationally, we implement appropriate safeguards such as Standard Contractual Clauses, vendor security assessments, and encryption in transit and at rest where applicable.

8. Data retention

We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

• Account profile and business context: retained while your account exists and for a limited period after deletion for backup and legal holds.
• Advertising snapshots and audit logs: retained according to operational needs, typically between 30 days and 24 months unless longer retention is required for security, billing, or dispute resolution.
• Authentication logs and security events: typically 12–24 months.
• Billing records: retained as required by tax and accounting laws (often 7 years).

You may request deletion as described in Section 10. Deletion may be delayed where we must retain data by law or for legitimate business purposes (e.g., fraud prevention).

9. Cookies and tracking technologies

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure performance, and protect against abuse.

• Strictly necessary: session cookies and authentication tokens required for login and security.
• Functional: remembering UI state and onboarding progress.
• Analytics: understanding feature usage and reliability (where enabled).

You can control cookies through browser settings. Blocking certain cookies may impair sign-in and core functionality. Where required, we will present consent choices for non-essential cookies.

10. Your privacy rights and choices

Depending on your location, you may have the right to:

• Access and receive a copy of personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete personal information, subject to exceptions.
• Restrict or object to certain processing.
• Data portability for information you provided in a structured, commonly used format.
• Withdraw consent where processing is consent-based.
• Lodge a complaint with a supervisory authority.

California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of certain sharing. We do not sell personal information as defined by the CCPA. To exercise rights, email support@betatron.ai. We may verify your request by confirming control of your account email.

We will respond within the timeframe required by applicable law (e.g., 30–45 days). You may designate an authorized agent where permitted.

11. Security

We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (TLS), encrypted storage for sensitive tokens (such as OAuth refresh tokens), access controls, least-privilege practices, and monitoring for anomalous activity.

No method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and promptly notifying us of suspected unauthorized access.

12. Data breach notification

If we become aware of a security incident compromising personal information, we will investigate, mitigate harm, and notify affected users and regulators as required by applicable law.

13. Third-party websites and services

The Services may link to or integrate with third-party sites and platforms (including Google, Stripe, and your own websites). Their privacy practices are governed by their own policies. We encourage you to review Google’s Privacy Policy and API Services User Data Policy when connecting Google accounts.

14. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top indicates the latest revision. Material changes will be notified via the Services, email, or other reasonable means. Continued use after the effective date constitutes acceptance unless otherwise required by law.

15. Contact us

For privacy inquiries or to exercise your rights, contact us at support@betatron.ai or support@betatron.ai. Our mailing address is Y Corp, 3598 Yacht Club Dr., Miami, FL 33180.