Privacy Policy

Introduction

Panoverse Inc. (the "Company," "we," "us," or "our") operates KolectAI, an AI-powered influencer marketing platform. This Privacy Policy describes how we collect, use, and safeguard information through Kolect Ads (the "Service"), which enables users to connect and manage their Google Ads accounts.

By accessing or using the Service, you accept this Privacy Policy and our Terms of Service, and you consent to our collection, storage, use, and disclosure of your information as described herein.

I. Information We Collect

1. Information You Provide

To use the Service, you provide:

• Account Information: Name, email address, and authentication credentials
• Profile Information: Company information and contact details
• Communication Data: Messages, feedback, and support requests

2. Information Collected Automatically

When you use the Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: Browser type and version, operating system, IP address, device identifiers
• Technical Logs: Error reports, diagnostic data, and performance metrics

We use cookies and similar technologies to collect this information. You can manage cookie preferences through your browser settings, though disabling cookies may affect Service functionality.

II. Google Ads Integration

OAuth Permissions and Scopes

When you connect your Google Ads account, we request the following OAuth scopes:

• https://www.googleapis.com/auth/adwords - Full access to manage Google Ads campaigns

This scope is required to read your campaign data, performance metrics, and make changes to campaigns on your behalf. We only request the minimum permissions necessary to provide our service. You can revoke this access at any time through your Google Account settings or through the Kolect Ads dashboard.

What Google Ads Data We Access

When you connect your Google Ads account to the Service, we access and display the following information from your Google Ads account:

• Account Structure: Customer ID, account name, account status, currency, and timezone
• Campaign Data: Campaign names, status, type, budget, bidding strategy, and settings
• Ad Group Information: Ad group names, status, and targeting criteria
• Keyword Data: Keywords, match types, and bid amounts
• Performance Metrics: Impressions, clicks, conversions, cost, click-through rate (CTR), conversion rate, cost-per-click (CPC), and return on ad spend (ROAS)
• Ad Creative: Ad headlines, descriptions, and display URLs
• Audience Data: Demographic insights and audience segment performance (aggregated)

Data Minimization: We only access and store the data necessary to provide the Service's functionality. We do not access or collect any data beyond what is explicitly listed above.

How We Use Google Ads Data

We use the information from your Google Ads account exclusively to provide you with the following user-facing features:

• Display your advertising performance and metrics within our dashboard
• Provide analytics, insights, and recommendations to optimize your ad campaigns
• Generate reports comparing performance across time periods and campaigns
• Enable you to manage and monitor your advertising efforts in one centralized platform
• Identify trends and patterns in your advertising data to inform marketing decisions
• Execute campaign management operations (create, update, pause campaigns) as instructed by you

What We Do NOT Do With Your Data

To ensure your privacy and comply with Google's policies, we commit that we do NOT:

• Use your Google Ads data to serve advertisements to you or others
• Sell, rent, or trade your Google Ads data to any third parties
• Share your data with other users, advertisers, or competitors
• Use your data to train artificial intelligence or machine learning models (except for your direct benefit within the Service)
• Allow human review of your data except:
  • With your explicit consent for support purposes
  • For security and abuse prevention investigations
  • When required by law
  • For aggregated, anonymized analytics that cannot identify you
• Transfer your data to third parties except as explicitly disclosed in this policy
• Retain your data longer than necessary to provide the Service

Data Storage and Security

• Google Ads data is encrypted both in transit (using TLS 1.2+) and at rest (AES-256 encryption)
• We cache certain performance metrics temporarily (typically 15-60 minutes) to improve dashboard load times
• All data is stored on secure servers with restricted access controls
• We do not share your Google Ads data with other users, advertisers, or third parties except as necessary to provide the Service (e.g., cloud hosting providers bound by data processing agreements)
• Access to your data is logged and monitored for security purposes

Revoking Access and Data Deletion

You maintain full control over your data and can revoke our access at any time:

• Through Kolect Ads: Disconnect your Google Ads account anytime via your account settings dashboard
• Through Google: Revoke access via your Google Account Permissions page
• Data Deletion: Upon disconnection or account deletion, we delete your Google Ads data within 30 days, except as required by law, to resolve disputes, or for legitimate security purposes
• Complete Account Deletion: You can request complete account deletion by contacting hello@kolect.ai. We will process your request within 30 days.

Google's Privacy Policies

Your use of Google Ads and the data accessible through Google APIs is also governed by Google's policies. For more information about how Google handles your data, please review:

• Google Privacy Policy
• Google Ads Data Protection Terms
• Google API Services User Data Policy

III. How We Use Information

We use the information we collect for the following purposes:

• Provide the Service: Enable core functionality, display data, and deliver features
• Improve the Service: Analyze usage patterns, fix bugs, and develop new features
• Communication: Respond to inquiries, provide support, and send Service-related notifications
• Security: Detect and prevent fraud, abuse, and security threats
• Compliance: Meet legal obligations and enforce our Terms of Service
• Analytics: Understand how users interact with the Service to improve user experience

IV. Google Limited Use Requirements

This means we commit to the following principles regarding data received from Google APIs:

• We only use Google user data to provide or improve user-facing features in the Service
• We do not transfer Google user data to third parties except:
  • As necessary to provide or improve user-facing features (e.g., cloud hosting)
  • For security purposes (e.g., investigating abuse)
  • To comply with applicable laws
  • As part of a merger, acquisition, or sale of assets (with notice to users)
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless:
  • We have your explicit consent
  • It is necessary for security purposes (investigating abuse or violations)
  • Required to comply with applicable laws
  • The data has been aggregated and anonymized

V. How We Share Information

Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Infrastructure: Google Cloud Platform for hosting and data storage
• Authentication: Authentication providers for secure login
• Analytics: Analytics services to understand Service usage
• Communications: Email service providers for transactional emails

These providers are contractually obligated to protect your information and use it only as directed by us.

Legal Requirements

We may disclose information if required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal obligations or respond to lawful requests
• Enforce our Terms of Service or investigate violations
• Protect the rights, property, or safety of Panoverse Inc., our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice and obtain consent as required by law.

What We Don't Do

• We do not sell your personal information to third parties
• We do not share your Google Ads data with competitors or other advertisers
• We do not use your data for advertising purposes outside of providing the Service

VI. Data Retention

We retain information only as long as necessary to fulfill the purposes described in this Policy or as required by law, in accordance with data minimization principles.

• Account Data: Retained while your account is active and for a reasonable period after deletion (typically 30-90 days) to allow for account recovery and resolve disputes
• Google Ads Data: Deleted within 30 days of disconnecting your Google Ads account or deleting your account
• Usage Logs: Retained for up to 12 months for security, debugging, and analytics purposes
• Legal Requirements: Some data may be retained longer to comply with legal, accounting, or regulatory requirements

We review our data retention practices regularly and securely delete or anonymize data when it is no longer needed.

VII. Security

We implement administrative, technical, and organizational security measures designed to protect your information:

• Encryption: Data encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Access Controls: Role-based access controls and principle of least privilege
• Authentication: Secure authentication mechanisms and password requirements
• Monitoring: Continuous monitoring for suspicious activity and security threats
• Regular Audits: Periodic security assessments and vulnerability testing

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Security Breach Notification: In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

VIII. Your Rights and Choices

General Rights

You have the following rights regarding your information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Opt-Out: Opt out of marketing communications (you will still receive Service-related messages)
• Disconnect: Disconnect your Google Ads account at any time through account settings

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, disclose, or sell
• Right to request deletion of personal information
• Right to opt out of the sale or sharing of personal information (we do not sell personal data)
• Right to correct inaccurate personal information
• Right to non-discrimination for exercising these rights

To exercise your CCPA rights, contact us at hello@kolect.ai or through your account settings.

European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation, including:

• Right of access, rectification, erasure, and restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

IX. Third-Party Services

The Service integrates with third-party services, including Google Ads. These services have their own privacy policies governing their collection and use of your information:

• Google Privacy Policy
• Google Cloud Data Processing Addendum

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before connecting your accounts.

X. International Data Transfers

Panoverse Inc. is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries.

We ensure that international data transfers are protected by appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by relevant data protection authorities
• Other legally recognized transfer mechanisms

XI. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18 without parental consent, we will delete that information promptly.

If you believe we have collected information from a child under 18, please contact us at hello@kolect.ai.

XII. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last updated" date at the top of this Policy
• For material changes, we will provide prominent notice (such as email notification or a notice on our Service)
• Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy

We encourage you to review this Policy periodically to stay informed about how we protect your information.

XIII. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your information, please contact us: