Privacy Policy

Last updated: February 2026

Dubinga ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing intelligence platform at dubinga.com and any associated services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect information that identifies you, including:

  • Full name and email address
  • Password (stored in hashed form using bcrypt — we never store plaintext passwords)
  • Company or organization name
  • Billing address and payment information (processed and stored securely by Stripe)
  • Two-factor authentication settings (TOTP secret, stored encrypted)

1.2 Marketing Platform Data

When you connect your advertising accounts, we access and store marketing data from the platforms you authorize, including:

  • Campaign, ad set, and ad-level metadata (names, statuses, objectives, targeting)
  • Performance metrics (impressions, clicks, conversions, spend, CTR, CPC, ROAS)
  • Creative assets and ad copy
  • Audience segments and targeting configurations
  • Account-level settings and billing information from ad platforms

We access this data through official APIs provided by Meta (Facebook & Instagram Ads), Google Ads, TikTok Ads, LinkedIn Ads, and Microsoft Advertising (Bing). We only access data that you explicitly authorize through OAuth or API credential connections.

1.3 AI Analysis Data

When you run AI analyses, we generate and store:

  • Multi-agent discussion transcripts (the conversations between AI agents about your campaigns)
  • Generated recommendations and action plans
  • Analysis metadata (timestamps, agent configurations, discussion parameters)

1.4 Usage Data

We automatically collect certain information about your device and usage patterns:

  • IP address, browser type, operating system, and device information
  • Pages visited, features used, and time spent on the Service
  • Referring URL and exit pages
  • Error logs and performance data

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including running AI agent discussions and generating campaign recommendations
  • Process your subscription payments and manage your account
  • Sync and analyze your marketing data across connected platforms
  • Send transactional emails (account verification, password resets, billing receipts, analysis completion notifications)
  • Respond to your support requests and communicate about your account
  • Monitor and analyze usage trends to improve user experience and platform performance
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations and enforce our Terms of Service

We do not use your marketing data to train AI models. Your campaign data is used solely to generate analysis and recommendations for your account.

3. How We Share Your Information

We do not sell your personal information. We share data only with the following categories of third parties, and only to the extent necessary:

3.1 Payment Processing — Stripe

We use Stripe to process subscription payments. When you provide payment information, it is transmitted directly to Stripe and stored in their PCI-DSS compliant infrastructure. We do not store full credit card numbers on our servers. We receive only a tokenized reference and basic card metadata (last 4 digits, expiry, brand) from Stripe.

3.2 AI Processing — OpenRouter

To power our multi-agent AI discussions, we send campaign data to AI language models via OpenRouter. This data is transmitted over encrypted connections and is used solely to generate analysis for your request. We do not permit AI model providers to retain or use your data for training purposes.

3.3 Marketing Platforms

We communicate with Meta, Google, TikTok, LinkedIn, and Microsoft advertising APIs to read your campaign data. We send authentication credentials (OAuth tokens or API keys) to these platforms on your behalf. We do not share your Dubinga account information with these platforms beyond what is required for API authentication.

3.4 Legal Requirements

We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or to protect the rights, property, or safety of Dubinga, our users, or the public.

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption at rest: All sensitive data, including API credentials and TOTP secrets, is encrypted using AES-256 encryption before storage
  • Encryption in transit: All communications between your browser and our servers use TLS 1.3 encryption
  • Tenant isolation: Each organization's data is logically isolated. Users can only access data belonging to their own brands and organizations
  • Password security: Passwords are hashed using bcrypt with a cost factor that makes brute-force attacks computationally infeasible
  • Two-factor authentication: We support TOTP-based 2FA (compatible with Google Authenticator, Authy, and similar apps) for an additional layer of account security
  • Access controls: Role-based access control (RBAC) ensures team members only see data appropriate to their role (Owner, Admin, Member)

While we strive to use commercially acceptable means to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and update our security practices.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide you the Service. Specifically:

  • Account data: Retained until you delete your account
  • Marketing data: Synced data is retained while your platform connection is active. You can disconnect a platform at any time to stop data syncing
  • AI analysis history: Discussion transcripts and recommendations are retained for the life of your account to provide historical reference
  • Usage logs: Retained for up to 12 months for security and analytics purposes, then automatically purged

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal, tax, or audit purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request an export of your data in a machine-readable format
  • Restriction: Request restriction of processing of your personal data in certain circumstances
  • Objection: Object to processing of your personal data for direct marketing purposes
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@dubinga.com. We will respond to your request within 30 days.

7. Cookies

We use cookies and similar technologies to operate and improve the Service. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. We ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your data during international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service prior to the changes taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: