Privacy Policy

Platformance MENA Marketing Management L.L.C

FastAds Platform

Last Updated: February 11, 2026

Effective Date: February 11, 2026

1. INTRODUCTION AND SCOPE

1.1 Overview.

Platformance MENA Marketing Management L.L.C, a limited liability company duly incorporated and registered under the laws of the United Arab Emirates with its registered office at 202, Emmay Towers, Al Sufouh 2, Dubai, United Arab Emirates (hereinafter referred to as "Company," "we," "us," or "our"), operates the FastAds platform (the "Platform"), which provides digital advertising management and reseller services across multiple advertising platforms and channels to businesses and agencies worldwide.

1.2 Purpose of This Privacy Policy.

This Privacy Policy (the "Policy") describes and governs how we collect, use, process, store, disclose, transfer, and protect personal data and information obtained from or about users of the Platform and Services (as defined in our Terms and Conditions of Service). This Policy applies to all individuals who access or use the Platform, create an Account, or otherwise interact with our Services, including business representatives, authorized users, beneficial owners, directors, and any other persons whose personal data we process in connection with the provision of Services.

1.3 Acceptance of Privacy Policy.

By accessing, browsing, registering for, or using the Platform or Services in any manner, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy in its entirety. If you do not agree with any provision of this Policy, you must immediately cease all use of the Platform and Services. Your continued use of the Platform or Services following any modification to this Policy constitutes your acceptance of such modifications.

1.4 Relationship to Terms and Conditions.

This Privacy Policy forms an integral part of and should be read in conjunction with our Terms and Conditions of Service. In the event of any conflict or inconsistency between this Privacy Policy and the Terms and Conditions, the provisions of the Terms and Conditions shall prevail to the extent of such conflict or inconsistency.

1.5 Applicable Laws and Regulations.

Our processing of personal data is conducted in compliance with and governed by the following laws and regulations:

  1. UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE Data Protection Law");
  2. Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or "GDPR"), to the extent applicable to our processing of personal data of individuals located in the European Economic Area, the United Kingdom, and other jurisdictions where GDPR applies;
  3. UK Data Protection Act 2018 and UK GDPR, to the extent applicable to our processing of personal data of individuals located in the United Kingdom;
  4. California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act of 2020, to the extent applicable to our processing of personal data of California residents;
  5. Personal Information Protection and Electronic Documents Act (Canada) ("PIPEDA"), to the extent applicable;
  6. Any other applicable data protection, privacy, or information security laws, regulations, or requirements in jurisdictions where we operate or in jurisdictions where our users are located.

1.5.1 Global Service Availability.

The Platform and Services are available globally to businesses and agencies in compliance with applicable local laws and regulations. We are committed to expanding our services internationally while maintaining compliance with data protection regulations in all jurisdictions where we operate.

1.6 Data Controller.

For the purposes of applicable data protection laws, Platformance MENA Marketing Management L.L.C is the data controller responsible for the processing of your personal data as described in this Privacy Policy.

1.7 Changes to This Privacy Policy.

We reserve the right to modify, amend, revise, supplement, or update this Privacy Policy at any time and from time to time, in our sole and absolute discretion, without prior notice to you. Any modifications to this Policy will become effective immediately upon posting to the Platform or such other date as we may specify. We will update the "Last Updated" date at the top of this Policy to reflect the date of the most recent changes. It is your responsibility to review this Policy periodically. Your continued use of the Platform or Services following any modification constitutes your acceptance of the modified Policy.

2. INFORMATION WE COLLECT

We collect various categories of personal data and information from and about you when you access or use the Platform or Services. The types of information we collect include:

2.1 Information You Provide Directly to Us.

2.1.1 Account Registration Information.

When you create an Account on the Platform, we collect the following information:

  1. Personal Identification Information: Full legal name, email address, telephone number, and residential or business address of the individual creating the Account or authorized representatives of the business.
  2. Authentication Information: Username, password (encrypted and stored securely), authentication tokens, security questions and answers, multi-factor authentication settings, and account recovery information.
  3. Business Information: Legal business name (legal company name), trade name or doing-business-as name, business registration number, business type and structure, industry or sector, nature of business activities, business address, and business contact information including business telephone number and business email address.
  4. Tax and Registration Information: Tax identification number (Tax ID), Value Added Tax registration number, business registration number, and other tax-related documentation as required by applicable jurisdictions.
  5. Verification and Compliance Documentation:
    • Business Verification Documents: Business registration certificates and commercial licenses; Value Added Tax registration certificates or Tax Registration Numbers; Certificates of good standing; Memorandum of Association and Articles of Association; Any other business formation or incorporation documents
    • Identity Verification Documents: Government-issued identification documents (such as Emirates ID, passport, national ID card, or driver's license) for beneficial owners, directors, and authorized signatories; Proof of address documents (utility bills, bank statements, or government correspondence); Bank statements or financial documents as required for verification purposes
    • Website and Business Presence Review: Website URL and associated landing pages; Website content verification to assess business legitimacy; Verification of clear and accurate contact information on website; Review of website content to ensure absence of misleading, deceptive, or restricted content; Assessment of compliance with advertising standards and industry regulations; Verification that website accurately represents the business activities described in registration
    • Other Compliance Information: Background check information and sanctions screening results; Any other documentation required for identity verification, business verification, compliance checks, or Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures
  6. Beneficial Ownership Information: Names, dates of birth, nationalities, addresses, contact information, and identification documents of all beneficial owners, ultimate beneficial owners, directors, and authorized signatories of the business entity as required by applicable laws and regulations.

2.1.2 Advertising Platform Authorization Information.

When you authorize access to your advertising accounts on third-party advertising platforms (including but not limited to TikTok, Meta/Facebook, Google Ads, LinkedIn, Twitter/X, Snapchat, and other supported platforms), we collect:

  1. Platform account username, user ID, or account identifier;
  2. Business Center, Business Manager, Ad Account, or equivalent organizational unit identifiers;
  3. Access tokens, refresh tokens, and API keys provided by the advertising platform's authorization process;
  4. Permissions and authorizations granted by you for account management, campaign creation, and advertising operations;
  5. Information retrieved from your advertising accounts through the platform's Application Programming Interface (API), including account details, Ad Account information, campaign data, advertising performance metrics, spending data, audience insights, and billing information.

2.1.3 Payment and Transaction Information.

When you fund your Wallet or make payments through the Platform, we collect:

  1. Transaction amount, currency, date, and time;
  2. Payment method selected (credit card, debit card, digital wallet, bank transfer, etc.);
  3. Billing address and contact information;
  4. Transaction identifiers and reference numbers;
  5. Payment status and confirmation details.

IMPORTANT NOTE:

We do not collect, store, or process credit card numbers, debit card numbers, card verification values (CVV), card expiration dates, bank account numbers, or any other sensitive financial or payment credentials. All payment processing is handled securely by our third-party Payment Processors (including Stripe and other payment service providers), and payment credentials are transmitted directly to and stored solely by these Payment Processors in accordance with Payment Card Industry Data Security Standard (PCI DSS) requirements. We only receive and retain limited payment information such as the last four digits of card numbers, card brand (Visa, Mastercard, etc.), cardholder name, and transaction confirmation details for record-keeping and customer service purposes.

2.1.4 Communications and Correspondence.

When you communicate with us, we collect:

  1. Email messages, including sender and recipient email addresses, subject lines, message content, attachments, and metadata;
  2. Chat messages, support tickets, and customer service inquiries, including message content, timestamps, and user identifiers;
  3. Telephone call recordings or transcripts (where permitted by law and with appropriate notice);
  4. Feedback, suggestions, comments, reviews, testimonials, and survey responses;
  5. Any other information you voluntarily provide in communications with us.

2.1.5 Advertising Content and Campaign Information.

When you create advertising campaigns through the Platform, we may collect:

  1. Advertising creative assets, including images, videos, audio files, text copy, and other content;
  2. Campaign parameters, including targeting criteria, budget allocations, scheduling information, and bidding strategies;
  3. Ad Account settings, preferences, and configuration information;
  4. Campaign performance data, metrics, and analytics.

2.1.6 Agency and Advertiser Information.

If you operate as an Agency managing Ad Accounts on behalf of Advertisers, we collect:

  1. Information about your Advertiser clients, including business names, contact information, and business relationships;
  2. Authorization documentation demonstrating your authority to act on behalf of Advertisers;
  3. Information necessary to facilitate the Agency-Advertiser relationship through the Platform.

2.2 Information We Collect Automatically.

2.2.1 Device and Technical Information.

When you access the Platform, we automatically collect:

  1. Device Information: Device type, model, manufacturer, operating system type and version, mobile network information, device identifiers (such as device ID, advertising ID, or unique device tokens), screen resolution, and hardware specifications.
  2. Browser and Application Information: Browser type and version, browser language settings, browser plugins and extensions, time zone settings, and application version information.
  3. Network and Connection Information: Internet Protocol (IP) address, Internet Service Provider (ISP), connection type, network status, and proxy server information.

2.2.2 Usage and Activity Information.

We collect information about how you interact with the Platform, including:

  1. Pages visited, features accessed, and content viewed;
  2. Date and time of access, duration of visits, and frequency of use;
  3. Click-stream data, including the sequence of pages or screens viewed;
  4. Search queries entered on the Platform;
  5. Actions taken, including button clicks, form submissions, and file uploads;
  6. Errors encountered, error messages, and system logs;
  7. Performance metrics, including page load times and response times.

2.2.3 Location Information.

We collect information about your geographic location, which may include:

  1. Country, region, city, and postal code derived from your IP address (approximate location);
  2. Time zone information;
  3. Language and regional preferences.

We do not collect precise geolocation data (such as GPS coordinates) unless you explicitly grant permission through your device settings for specific features that require such information.

2.2.4 Cookies and Similar Technologies.

We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect information about your use of the Platform. For detailed information about our use of cookies and your choices regarding cookies, please see Section 8 (Cookies and Tracking Technologies) below.

2.3 Information We Receive from Third Parties.

2.3.1 Advertising Platform Information.

We receive information from advertising platforms (including TikTok, Meta/Facebook, Google Ads, LinkedIn, Twitter/X, Snapchat, and others) when you authorize access to your advertising accounts, including:

  1. Business Center, Business Manager, or equivalent organizational account details, settings, and configuration information;
  2. Ad Account information, including account identifiers, balances, spending data, and account status;
  3. Campaign information, including campaign details, performance metrics, impressions, clicks, conversions, and other advertising analytics;
  4. User information associated with your advertising platform account as permitted by the platform's API and your authorization;
  5. Any other information made available through the advertising platform's API in accordance with the platform's terms and policies.

2.3.2 Payment Processor Information.

We receive limited information from Payment Processors (such as Stripe and other payment service providers) regarding transactions processed through the Platform, including:

  1. Transaction confirmation and settlement information;
  2. Payment status updates (successful, failed, pending, refunded);
  3. Last four digits of payment card numbers and card brand;
  4. Cardholder name and billing address;
  5. Fraud prevention and risk assessment information;
  6. Chargeback and dispute information.

2.3.3 Identity Verification and Compliance Service Providers.

We may receive information from third-party identity verification, background check, sanctions screening, and compliance service providers, including:

  1. Identity verification results and risk scores;
  2. Sanctions list screening results;
  3. Politically Exposed Persons (PEP) screening results;
  4. Adverse media screening results;
  5. Credit checks or business background checks (where permitted by applicable law);
  6. Information used to verify the authenticity of submitted documents.

2.3.4 Business Data Providers.

We may obtain business information from commercial data providers, business registries, and public sources to verify business details, including:

  1. Business registration status and good standing;
  2. Business ownership and corporate structure information;
  3. Publicly available business contact information;
  4. Industry classification and business activity information.

2.3.5 Analytics and Advertising Service Providers.

We may receive aggregated or de-identified usage statistics and analytics data from third-party analytics service providers that help us understand how users interact with the Platform.

2.4 Information from Public Sources.

We may collect information about you or your business from publicly available sources, including:

  1. Government business registries and corporate databases;
  2. Public records and official registries;
  3. Professional networking platforms and business directories;
  4. Publicly available social media profiles and content;
  5. News articles, press releases, and media reports.

2.5 We Do Not Sell Your Personal Data.

We do not sell, rent, lease, or trade your personal data to third parties for monetary or other valuable consideration. All personal data collected through the Platform is used solely for the purposes of providing our Services, complying with legal obligations, and operating our business as described in this Privacy Policy. Your information is never sold to data brokers, marketing companies, or any other third parties for their independent use.

3. HOW WE USE YOUR INFORMATION

We use the personal data and information we collect for the following purposes:

3.1 To Provide and Operate the Platform and Services.

  1. To create, maintain, and manage your Account;
  2. To authenticate your identity and verify your login credentials securely;
  3. To facilitate your authorization and connection to advertising platforms (including TikTok, Meta/Facebook, Google Ads, LinkedIn, and other supported platforms);
  4. To create, provision, and manage advertising accounts on your behalf across multiple advertising platforms;
  5. To process Wallet deposits and fund transfers to advertising accounts;
  6. To retrieve and display advertising account balances and transaction histories;
  7. To enable you to create, manage, and monitor advertising campaigns across supported platforms;
  8. To facilitate communication between the Platform and advertising platforms' APIs;
  9. To provide customer support, technical support, and account assistance;
  10. To process and respond to your inquiries, requests, and communications.

3.2 To Process Payments and Transactions.

  1. To process payments for Wallet deposits through Payment Processors;
  2. To calculate and apply applicable fees, charges, and taxes;
  3. To facilitate currency conversion for multi-currency transactions;
  4. To maintain transaction records and generate invoices or receipts;
  5. To detect, prevent, and investigate fraudulent transactions or payment abuse;
  6. To comply with financial regulations and payment processing requirements.

3.3 For Compliance, Verification, and Security.

  1. To verify your identity and the identity of beneficial owners, directors, and authorized representatives;
  2. To verify business registration, licenses, and good standing status;
  3. To review and assess your business website and landing pages for legitimacy and compliance;
  4. To verify that your website contains clear and accurate contact information;
  5. To review website content to ensure absence of misleading, deceptive, fraudulent, or restricted content;
  6. To assess compliance with advertising standards, platform policies, and industry regulations;
  7. To conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures;
  8. To comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) obligations;
  9. To screen against sanctions lists, politically exposed persons (PEP) databases, and adverse media;
  10. To conduct ongoing compliance monitoring and periodic re-verification;
  11. To detect, prevent, investigate, and respond to fraud, unauthorized access, security incidents, and violations of our Terms and Conditions;
  12. To protect the security and integrity of the Platform, our systems, and our users;
  13. To comply with legal obligations, court orders, legal processes, and regulatory requirements;
  14. To respond to lawful requests from law enforcement, governmental authorities, and regulatory agencies.

3.4 To Improve and Optimize the Platform.

  1. To analyze usage patterns, user behavior, and feature utilization;
  2. To identify and diagnose technical issues, bugs, and errors;
  3. To conduct testing, research, and analysis to improve Platform functionality;
  4. To develop new features, products, and services;
  5. To optimize Platform performance, speed, and user experience;
  6. To conduct data analytics and generate aggregated usage statistics.

3.5 For Communication and Customer Relationship Management.

  1. To send transactional communications, including account notifications, payment confirmations, and service updates;
  2. To provide customer support and respond to inquiries;
  3. To send administrative messages regarding changes to our Terms, Privacy Policy, or other policies;
  4. To notify you of important Platform updates, maintenance, or security alerts;
  5. To request feedback, reviews, or participate in surveys (with your consent where required).

3.6 For Marketing and Promotional Purposes (With Your Consent Where Required).

  1. To send promotional emails, newsletters, or marketing communications about our Services, features, or offerings;
  2. To inform you about special offers, promotions, or new features;
  3. To conduct marketing campaigns and analyze their effectiveness;
  4. To display targeted advertising or personalized content (where permitted by law and with appropriate consent).

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or by contacting us using the information in Section 12 below.

3.7 For Business Operations and Legal Purposes.

  1. To manage our business operations and internal administration;
  2. To maintain business records and documentation;
  3. To conduct financial reporting, accounting, and auditing;
  4. To manage risk, prevent loss, and protect our legal rights;
  5. To enforce our Terms and Conditions and other agreements;
  6. To defend against legal claims, disputes, or litigation;
  7. To comply with tax obligations and financial reporting requirements;
  8. To facilitate corporate transactions, such as mergers, acquisitions, or asset sales.

3.8 For Other Purposes with Your Consent.

We may use your information for other purposes with your explicit consent, where such consent is required by applicable law. We will clearly communicate the purpose for which we seek your consent and will only use your information for that stated purpose.

3.9 Legal Basis for Processing (For EEA and UK Users).

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data include:

  1. Contractual Necessity: Processing is necessary to perform our contract with you (i.e., to provide the Platform and Services);
  2. Legal Obligation: Processing is necessary to comply with legal obligations, such as AML/KYC requirements, tax obligations, or responding to legal processes;
  3. Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, security, improving our services, or internal administration, provided such interests are not overridden by your rights and interests;
  4. Consent: You have provided explicit consent for specific processing activities, such as marketing communications or certain cookies.

You have the right to object to processing based on legitimate interests. Please see Section 10 (Your Privacy Rights) for more information.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. However, we share your information with third parties in the following circumstances:

4.1 Third-Party Service Providers.

We share your information with trusted third-party service providers who perform services on our behalf and under our instructions, including:

  1. Payment Processors: Stripe and other payment service providers to process payments, deposits, and transactions;
  2. Advertising Platform Providers: TikTok, Meta/Facebook, Google, LinkedIn, Twitter/X, Snapchat, and other advertising platforms to facilitate account connections, Ad Account provisioning, campaign management, and retrieval of advertising data through their respective APIs;
  3. Cloud Hosting and Infrastructure Providers: To host and store data on secure servers and cloud infrastructure;
  4. Identity Verification and Compliance Providers: To conduct identity verification, KYC/AML checks, sanctions screening, PEP screening, document verification, and website content review;
  5. Customer Support Tools: To provide customer support services, help desk functionality, and live chat features;
  6. Email Service Providers: To send transactional emails, account notifications, and marketing communications (where consented);
  7. Analytics Service Providers: To analyze usage patterns, generate reports, and improve the Platform;
  8. Security and Fraud Prevention Services: To detect, prevent, and investigate fraud, security incidents, and abuse;
  9. Professional Services: Legal advisors, accountants, auditors, and other professional service providers as necessary for business operations.

These service providers are contractually obligated to process your information only for the purposes we specify, to implement appropriate security measures, and to comply with applicable data protection laws. They are prohibited from using your information for their own purposes.

4.2 Business Transfers and Corporate Transactions.

In the event of a merger, acquisition, consolidation, reorganization, asset sale, bankruptcy, or other corporate transaction, we may transfer or disclose your information to the acquiring or successor entity, potential buyers, or other parties involved in such transaction. You acknowledge and agree that such transfers may occur, and that any acquirer or successor entity may continue to use your information as set forth in this Privacy Policy. We will provide notice of such transfers where required by applicable law.

4.3 Legal Obligations and Protection of Rights.

We may disclose your information to governmental authorities, law enforcement agencies, regulatory bodies, courts, or other third parties when we believe in good faith that disclosure is necessary or appropriate to:

  1. Comply with applicable laws, regulations, legal processes, or governmental requests;
  2. Respond to subpoenas, court orders, warrants, or other legal processes;
  3. Enforce our Terms and Conditions, Privacy Policy, or other agreements;
  4. Protect the rights, property, safety, or security of the Company, our users, or the public;
  5. Detect, prevent, investigate, or address fraud, security incidents, technical issues, or illegal activities;
  6. Defend against legal claims or disputes;
  7. Comply with AML/CTF obligations or financial regulations.

4.4 Aggregated and De-Identified Data.

We may share aggregated, anonymized, or de-identified information that does not identify you personally with third parties for research, analytics, marketing, or other purposes. Such data cannot reasonably be used to identify you and is not considered personal data under applicable laws.

4.5 With Your Consent.

We may share your information with third parties when you provide explicit consent or instruct us to do so. For example, if you request that we share information with a specific third party or integrate with a third-party service, we will do so in accordance with your instructions.

4.6 Advertiser Information (For Agency Users).

If you operate as an Agency managing Ad Accounts on behalf of Advertisers, you acknowledge and agree that we may share information about your Advertiser clients with relevant advertising platforms (including TikTok, Meta/Facebook, Google, LinkedIn, and others) to the extent necessary to provision and manage Ad Accounts on their behalf.

5. INTERNATIONAL DATA TRANSFERS

5.1 Cross-Border Transfers.

The Platform is operated from the United Arab Emirates, and your personal data may be transferred to, processed, and stored in the UAE and other countries where we or our service providers operate. These countries may have data protection laws that differ from the laws of your country of residence.

5.2 Transfers Outside the EEA/UK.

If you are located in the European Economic Area or the United Kingdom, please note that your personal data may be transferred to countries outside the EEA/UK, including the United Arab Emirates, which may not provide an equivalent level of data protection as recognized by the European Commission or UK Information Commissioner's Office.

5.3 Safeguards for International Transfers.

When we transfer personal data internationally, we implement appropriate safeguards to protect your data, which may include:

  1. Standard Contractual Clauses approved by the European Commission or UK Information Commissioner's Office;
  2. Adequacy decisions issued by the European Commission or UK Information Commissioner's Office recognizing certain countries as providing adequate data protection;
  3. Binding Corporate Rules or other approved transfer mechanisms;
  4. Your explicit consent for the transfer (where permitted by law);
  5. Necessity for the performance of our contract with you or for the provision of Services;
  6. Contractual protections with service providers requiring them to implement appropriate security measures.

5.4 Service Provider Transfers.

Please note that our service providers, including advertising platforms (TikTok, Meta/Facebook, Google, LinkedIn, and others) and Payment Processors (such as Stripe), are independent data controllers and may transfer your data internationally in accordance with their own privacy policies and data protection practices. We recommend reviewing each service provider's privacy policy for information about their international data transfers and data protection practices.

6. DATA RETENTION

6.1 Retention Principles.

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, to enforce our agreements, and to protect our legal rights. The specific retention period depends on the nature of the information and the purposes for which it is used.

6.2 Retention Periods by Category.

  1. Account Information: We retain Account information, including business details and registration information, for the duration of your Account's active status and for a period of seven (7) years following Account closure or termination, or such longer period as required by applicable laws (including UAE commercial law, tax law, and AML regulations).
  2. Transaction Records: We retain payment and transaction records, including Wallet deposits, fund transfers, invoices, and receipts, for a period of seven (7) years from the date of the transaction, or such longer period as required by applicable tax, financial, or AML regulations.
  3. Compliance and Verification Records: We retain identity verification documents, KYC/AML records, sanctions screening results, and compliance documentation for a period of seven (7) years following Account closure or the completion of the business relationship, or such longer period as required by applicable AML/CTF laws and regulations.
  4. Communications Records: We retain customer service communications, support tickets, emails, and chat transcripts for a period of three (3) years from the date of the communication, unless longer retention is necessary for legal, dispute resolution, or compliance purposes.
  5. Usage and Technical Data: We retain usage logs, technical data, and analytics information for a period of up to two (2) years, after which such data is aggregated, anonymized, or deleted.
  6. Marketing Communications: If you have opted in to receive marketing communications, we retain your marketing preferences and consent records until you withdraw consent or unsubscribe, and for a reasonable period thereafter to honor your preferences and comply with applicable marketing laws.

6.3 Extended Retention for Legal Purposes.

Notwithstanding the above retention periods, we may retain personal data for longer periods when necessary to:

  1. Comply with legal obligations, including tax, accounting, auditing, or regulatory requirements;
  2. Preserve evidence relevant to actual or anticipated litigation, disputes, investigations, or legal proceedings;
  3. Exercise or defend legal claims;
  4. Comply with court orders, legal holds, or requests from law enforcement or regulatory authorities.

6.4 Deletion and Anonymization.

At the end of the applicable retention period, we will securely delete or anonymize your personal data in accordance with industry best practices and applicable data protection laws, unless longer retention is required by law. Anonymized data that cannot be used to identify you may be retained indefinitely for analytics, research, and business purposes.

6.5 Backup Copies.

Please note that personal data may persist in backup copies or archives for a limited period following deletion from active systems. We maintain secure backup systems to protect against data loss, and such backups are subject to the same security measures as active data. Backup copies are periodically purged in accordance with our data retention and backup policies.

7. DATA SECURITY

7.1 Commitment to Security.

We take the security of your personal data seriously and implement appropriate technical, physical, and organizational security measures designed to protect your information from unauthorized access, disclosure, alteration, destruction, loss, or misuse.

7.2 Technical Security Measures.

Our technical security measures include, but are not limited to:

  1. Encryption: We encrypt personal data in transit using Transport Layer Security (TLS) protocols with strong encryption algorithms. Sensitive data at rest is encrypted using industry-standard encryption methods.
  2. Authentication Security: User authentication credentials are protected using industry-standard security practices including secure password hashing, encrypted credential storage, secure session management, and multi-factor authentication capabilities. Authentication credentials are never stored in plain text and are protected by robust security infrastructure.
  3. Access Controls: We implement role-based access controls to ensure that only authorized personnel with a legitimate business need can access personal data. Access is granted on a least-privilege basis.
  4. Authentication: We require strong authentication mechanisms, including secure passwords and multi-factor authentication where appropriate, to protect access to systems and data.
  5. Network Security: We employ firewalls, intrusion detection systems, intrusion prevention systems, and other network security measures to protect our infrastructure from external threats.
  6. Vulnerability Management: We conduct regular vulnerability assessments, security testing, and penetration testing to identify and remediate security vulnerabilities.
  7. Security Monitoring: We implement continuous security monitoring, logging, and alerting to detect and respond to suspicious activities or security incidents.
  8. Secure Development: We follow secure software development practices, including security code reviews, security testing, and adherence to industry security standards.

7.3 Physical Security Measures.

Our physical security measures include:

  1. Secure data centers with physical access controls, surveillance systems, and environmental controls;
  2. Background checks for personnel with physical access to data center facilities;
  3. Secure disposal procedures for hardware and physical media containing personal data.

7.4 Organizational Security Measures.

Our organizational security measures include:

  1. Employee Training: We provide regular security awareness training and data protection training to all employees with access to personal data.
  2. Confidentiality Obligations: All employees, contractors, and service providers with access to personal data are subject to strict confidentiality obligations through contracts and agreements.
  3. Security Policies and Procedures: We maintain comprehensive security policies, procedures, and incident response plans.
  4. Vendor Management: We carefully select service providers and require them to implement appropriate security measures through contractual obligations.
  5. Incident Response: We maintain an incident response plan to detect, investigate, contain, and remediate security incidents and data breaches.

7.5 Payment Security.

We do not collect, store, or process credit card numbers, debit card numbers, CVV codes, or other sensitive payment credentials. All payment processing is handled by PCI DSS-compliant Payment Processors (such as Stripe) that specialize in secure payment processing. Payment credentials are transmitted directly to and stored solely by these Payment Processors through secure, encrypted connections.

7.6 Limitations of Security.

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge and accept the inherent risks of transmitting information over the Internet and agree that we are not liable for any unauthorized access to or use of your personal data that occurs despite our reasonable security measures, except to the extent caused by our gross negligence or willful misconduct.

7.7 Account Security Responsibilities.

You are responsible for maintaining the confidentiality of your Account login credentials and for all activities that occur under your Account. You agree to:

  1. Choose a strong, unique password and keep it confidential;
  2. Enable multi-factor authentication if available;
  3. Not share your login credentials with others;
  4. Notify us immediately of any unauthorized access or security breach;
  5. Take appropriate security measures on your own devices and networks.

7.8 Data Breach Notification.

In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable data protection laws. We will provide information about the nature of the breach, the categories of data affected, and the measures we are taking to address the breach.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Use of Cookies.

The Platform uses cookies, web beacons, pixel tags, local storage, and similar tracking technologies (collectively, "Cookies") to enhance your experience, analyze usage patterns, and provide certain functionality. Cookies are small text files stored on your device that allow us to recognize your device and remember information about your visit.

8.2 Types of Cookies We Use.

8.2.1 Essential Cookies.

These Cookies are strictly necessary for the operation of the Platform and cannot be disabled. They enable core functionality such as:

  1. Authentication and login session management;
  2. Security features and fraud prevention;
  3. Load balancing and system performance;
  4. Remembering your preferences and settings.

8.2.2 Functional Cookies.

These Cookies enhance functionality and personalization, such as:

  1. Remembering your language preferences;
  2. Remembering form inputs and selections;
  3. Providing enhanced features and user experience improvements.

8.2.3 Analytics and Performance Cookies.

These Cookies help us understand how users interact with the Platform by collecting aggregated usage statistics, including:

  1. Pages visited and features used;
  2. Time spent on pages and bounce rates;
  3. Traffic sources and referral information;
  4. Device and browser information;
  5. Errors encountered and performance metrics.

We may use third-party analytics services, such as Google Analytics, to collect and analyze this information. These services may use their own Cookies and are subject to their own privacy policies.

8.2.4 Advertising and Marketing Cookies.

These Cookies are used to deliver relevant advertisements and marketing content, measure the effectiveness of advertising campaigns, and limit the number of times you see an advertisement. They may be set by us or by third-party advertising partners.

8.3 Cookie Management and Your Choices.

8.3.1 Browser Settings.

Most web browsers allow you to control Cookies through browser settings. You can typically:

  1. View and delete Cookies stored on your device;
  2. Block all Cookies or only third-party Cookies;
  3. Clear Cookies when you close your browser;
  4. Receive notifications when Cookies are set.

Please refer to your browser's help documentation for specific instructions on managing Cookies.

8.3.2 Opt-Out Mechanisms.

You may opt out of certain Cookies by:

  1. Adjusting your browser settings as described above;
  2. Using cookie preference centers or consent management tools provided on the Platform (where available);
  3. Opting out of interest-based advertising through industry opt-out tools such as the Digital Advertising Alliance's opt-out page (http://optout.aboutads.info/) or the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org/);
  4. Opting out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout).

8.3.3 Consequences of Disabling Cookies.

Please note that disabling or blocking essential Cookies may affect the functionality of the Platform and may prevent you from using certain features. Analytics, functional, and advertising Cookies are generally optional, and disabling them will not prevent you from accessing the Platform.

8.4 Do Not Track Signals.

Some browsers transmit "Do Not Track" (DNT) signals to websites. Currently, there is no industry standard for responding to DNT signals, and the Platform does not currently respond to DNT signals. We will continue to monitor developments in this area.

8.5 Third-Party Cookies.

Third-party service providers, such as analytics providers, advertising networks, and social media platforms, may set their own Cookies on your device when you visit the Platform. We do not control these third-party Cookies and recommend reviewing the privacy policies of these third parties to understand their data collection and use practices.

9. THIRD-PARTY LINKS AND SERVICES

9.1 Links to Third-Party Websites.

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy applies only to our Platform and Services and does not apply to third-party websites or services.

9.2 No Responsibility for Third Parties.

We are not responsible for the privacy practices, content, terms, or policies of third-party websites or services. We do not endorse or make any representations about third-party websites or services. Your interactions with third-party websites or services are governed by the privacy policies and terms of those third parties.

9.3 Advertising Platforms.

When you connect your advertising accounts to the Platform, you are subject to the respective platform's Terms of Service and Privacy Policy. We recommend reviewing the privacy policies of all advertising platforms you connect, including:

These policies govern how each advertising platform collects, uses, and protects your information.

9.4 Payment Processors.

When you make payments through the Platform, you are redirected to Payment Processors (such as Stripe) that handle payment processing. Your payment information is subject to the Payment Processor's privacy policy and terms of service. We recommend reviewing Stripe's privacy policy at https://stripe.com/privacy and the privacy policies of any other payment service providers you use.

9.5 Review Third-Party Policies.

We encourage you to review the privacy policies and terms of service of any third-party websites, applications, or services that you access through or in connection with the Platform. By using such third-party services, you acknowledge and agree that we are not responsible for their privacy practices or data handling.

10. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal data under applicable data protection laws. This section describes the rights that may be available to you.

10.1 Rights Under UAE Data Protection Law.

If you are located in the United Arab Emirates, you have the following rights under UAE Federal Decree-Law No. 45 of 2021:

  1. Right to Access: The right to request access to your personal data and obtain information about how we process it;
  2. Right to Rectification: The right to request correction of inaccurate or incomplete personal data;
  3. Right to Erasure: The right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent (where applicable);
  4. Right to Restriction of Processing: The right to request that we restrict the processing of your personal data in certain circumstances;
  5. Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller;
  6. Right to Object: The right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes;
  7. Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10.2 Rights Under GDPR (For EEA and UK Users).

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR and UK GDPR:

  1. Right of Access (Article 15): The right to obtain confirmation as to whether your personal data is being processed and, if so, to request access to your personal data and information about the processing;
  2. Right to Rectification (Article 16): The right to request correction of inaccurate personal data and completion of incomplete personal data;
  3. Right to Erasure / Right to be Forgotten (Article 17): The right to request deletion of your personal data in certain circumstances, such as when: The data is no longer necessary for the purposes for which it was collected; You withdraw consent (where processing is based on consent); You object to processing and there are no overriding legitimate grounds; The data has been unlawfully processed; Erasure is required to comply with a legal obligation.
  4. Right to Restriction of Processing (Article 18): The right to request that we restrict the processing of your personal data in certain circumstances, such as when: You contest the accuracy of the data; The processing is unlawful but you oppose erasure; We no longer need the data but you need it for legal claims; You have objected to processing pending verification of legitimate grounds.
  5. Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where processing is based on consent or contract and is carried out by automated means;
  6. Right to Object (Article 21): The right to object to processing of your personal data based on legitimate interests or for direct marketing purposes;
  7. Right Not to be Subject to Automated Decision-Making (Article 22): The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you;
  8. Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority (such as the UK Information Commissioner's Office or your local data protection authority in the EEA) if you believe we have violated your data protection rights.

10.3 Rights Under CCPA (For California Residents).

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  1. Right to Know: The right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your information;
  2. Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions;
  3. Right to Opt-Out: The right to opt-out of the "sale" of your personal information. Note: We do not sell personal information as defined by the CCPA;
  4. Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your CCPA rights.

10.4 How to Exercise Your Rights.

To exercise any of the above rights, please contact us using the contact information provided in Section 12 below. When submitting a request, please provide:

  1. Your full name and contact information;
  2. A description of the specific right you wish to exercise;
  3. Sufficient information to allow us to verify your identity (such as Account information or identification documents);
  4. Any additional information necessary to process your request.

10.5 Verification of Identity.

To protect your privacy and security, we will verify your identity before processing requests to exercise your privacy rights. We may request additional information or documentation to confirm your identity, particularly for requests involving access to or deletion of personal data.

10.6 Response Timeline.

We will respond to your request within the timeframes required by applicable law:

  1. UAE Data Protection Law: Within 30 days of receipt of your request, with the possibility of an extension of 30 days in complex cases;
  2. GDPR: Within one month of receipt of your request, with the possibility of an extension of two months in complex cases;
  3. CCPA: Within 45 days of receipt of your request, with the possibility of an extension of 45 days in certain circumstances.

We will notify you if we require additional time or if we are unable to fulfill your request, along with the reasons for any denial.

10.7 Limitations on Rights.

Please note that your privacy rights are not absolute and may be subject to limitations or exceptions under applicable law. For example, we may be unable to delete personal data if retention is required to comply with legal obligations, resolve disputes, enforce agreements, or for other legitimate purposes. We will explain any limitations or exceptions when responding to your request.

10.8 Authorized Agents.

If you wish to designate an authorized agent to exercise your privacy rights on your behalf, you may do so by providing written authorization signed by you. We may require verification of both your identity and the authorized agent's identity and authority.

11. CHILDREN'S PRIVACY

11.1 Age Restrictions.

The Platform and Services are not intended for, and we do not knowingly collect personal data from, children under the age of eighteen (18) years or the age of majority in their jurisdiction, whichever is greater. The Services are designed for businesses and professionals, and we require that all users be at least 18 years of age and have the legal capacity to enter into binding contracts.

11.2 Prohibition on Use by Minors.

If you are under the age of 18 or the age of majority in your jurisdiction, you are expressly prohibited from accessing or using the Platform or Services, creating an Account, or providing any personal data to us.

11.3 Parental Notification.

If we become aware that we have inadvertently collected personal data from a child under the age of 18 without proper parental consent, we will take prompt steps to delete such information from our systems. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us immediately using the contact information in Section 12 below, and we will delete the child's information from our records.

12. CONTACT INFORMATION

12.1 How to Reach Us.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, or if you wish to exercise your privacy rights, please contact us at:

Platformance MENA Marketing Management L.L.C
Attention: Privacy Officer
Address: 202, Emmay Towers, Al Sufouh 2, Dubai, United Arab Emirates
Email: privacy@getfastads.com
Legal Email: legal@getfastads.com
Support Email: support@getfastads.com

12.2 Data Protection Officer (For EEA/UK Users).

As we expand our services to the European Economic Area and United Kingdom, we will appoint a Data Protection Officer (DPO) as required under GDPR. Once appointed, the DPO's contact information will be provided here and users will be notified accordingly.

12.3 Response to Inquiries.

We will make reasonable efforts to respond to your inquiries, concerns, or requests in a timely manner and in accordance with applicable data protection laws.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Right to Modify.

We reserve the right to modify, amend, revise, or update this Privacy Policy at any time and from time to time, in our sole and absolute discretion, to reflect changes in our data processing practices, legal requirements, business operations, or for other reasons. Any modifications will become effective immediately upon posting to the Platform or such other date as we may specify.

13.2 Notice of Material Changes.

If we make material changes to this Privacy Policy that significantly affect your rights or how we process your personal data, we will provide notice of such changes by:

  1. Posting a prominent notice on the Platform;
  2. Updating the "Last Updated" date at the top of this Policy;
  3. Sending an email notification to the email address associated with your Account (where required by applicable law or where practicable);
  4. Requesting your consent to the changes (where required by applicable law).

13.3 Your Responsibility to Review.

It is your responsibility to review this Privacy Policy periodically to stay informed of any changes. Your continued use of the Platform or Services following any modification to this Policy constitutes your acceptance of such modified Policy. If you do not agree with any changes to this Privacy Policy, you must cease using the Platform and Services and may request deletion of your Account and personal data subject to our data retention obligations.

14. ADDITIONAL PROVISIONS

14.1 Governing Law.

This Privacy Policy and any disputes arising from or relating to this Policy or our data processing practices shall be governed by and construed in accordance with the laws of the Emirate of Dubai and the federal laws of the United Arab Emirates, without regard to conflict of law provisions.

14.2 Dispute Resolution.

Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, including any question regarding its existence, validity, interpretation, or breach, shall be resolved in accordance with the dispute resolution provisions set forth in our Terms and Conditions of Service, including arbitration before the Dubai International Arbitration Centre (DIAC).

14.3 Severability.

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable under applicable law, such provision shall be deemed severed from this Policy, and the remaining provisions shall continue in full force and effect.

14.4 Entire Agreement.

This Privacy Policy, together with our Terms and Conditions of Service, constitutes the entire agreement between you and the Company regarding the processing of your personal data and supersedes all prior or contemporaneous agreements, understandings, representations, or communications regarding such subject matter.

14.5 Language.

This Privacy Policy has been prepared in the English language, and the English-language version shall be the official, authoritative, and controlling version. Any translations are provided for convenience only, and in the event of any conflict or discrepancy, the English version shall prevail.

14.6 Waiver.

No failure or delay by the Company in exercising any right under this Privacy Policy shall constitute a waiver of that right. Any waiver must be in writing and signed by an authorized representative of the Company.

ACKNOWLEDGMENT AND CONSENT

BY ACCESSING, BROWSING, REGISTERING FOR, OR USING THE PLATFORM OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.

YOU SPECIFICALLY ACKNOWLEDGE AND CONSENT TO:

  • The collection, use, processing, storage, disclosure, and transfer of your personal data as described in this Privacy Policy;
  • The international transfer of your personal data to the United Arab Emirates and other countries where we or our service providers operate;
  • The sharing of your information with third-party service providers as described in Section 4;
  • The use of Cookies and tracking technologies as described in Section 8;
  • The retention of your personal data in accordance with the retention periods described in Section 6.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MUST NOT ACCESS OR USE THE PLATFORM OR SERVICES.

END OF PRIVACY POLICY

Document Version: 1.0

Last Updated: February 11, 2026

Effective Date: February 11, 2026

Governing Law: United Arab Emirates