Privacy Policy for Brokoli
Last Updated: 16 April 2025
Brokoli Digital Sdn Bhd (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal and business data you share with us. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and application (“Platform”), including any data we access through third-party platforms such as Meta (Facebook and Instagram).
By using our Platform, you consent to the practices described in this policy.
1. Information We Collect
a. Information You Provide
Name, email address, and business details during account creation or onboarding.
Campaign goals, budget, and business type provided through onboarding forms.
b. Data from Third-Party Integration
When you choose to connect third-party accounts (e.g. Meta, Google Ads, Shopify), we may collect the following through the platform’s official OAuth mechanism:
Your Meta Ads account ID
Your ad campaigns, ad sets, and ad creatives
Performance insights (spend, impressions, clicks, CTR, conversions, etc.)
Page metadata or business manager info (only if granted)
We never collect passwords or credentials for these platforms.
2. How We Use Your Information
We use the data we collect to:
Generate personalized campaign strategy recommendations
Analyze your ad performance to surface insights
Display historical campaign metrics
Cache prompt outputs for optimization
Improve our models and platform based on anonymized usage patterns
We do not sell or share your personal or business data to third parties for marketing purposes.
3. Use of Meta (Facebook & Instagram) Data
If you choose to connect your Meta (Facebook) account, we may access your advertising and business data through the Meta API. This access is governed by Meta’s Platform Terms and Developer Policies.
We access and use Meta data for the following purposes:
To allow you to view and select which ad account(s) you want to sync
To fetch performance data such as campaign spend, impressions, CTR, CPC, and results
To generate personalized campaign insights and benchmark reports using OpenAI
We only access the ad accounts and data you explicitly authorize during the OAuth permission step.
You can revoke our access at any time via your Meta Business Integrations settings:
https://www.facebook.com/settings?tab=business_tools
4. Data Storage and Security
All personal and campaign data is stored securely in our database (hosted on Supabase), and access is limited to authorized personnel only.
We use:
TLS encryption for data in transit
Database-level encryption for sensitive fields
Role-based access control (RBAC)
All Meta access tokens are securely encrypted and stored for continued authorized access, and never exposed to the frontend.
5. Your Rights and Choices
You have the right to:
Access the data we have on you
Request deletion of your data
Disconnect any third-party account you’ve linked
Revoke previously granted OAuth permissions
To request access, correction, or deletion, please contact us at: [your email]
6. Data Retention
We retain your data only for as long as necessary to provide our services, or as required by law. If your account is inactive for more than 12 months, we may delete your stored Meta and campaign data for security and privacy reasons.
7. International Transfers
If you are located outside of our primary hosting region, please note your data may be transferred to and processed in that region (e.g., the United States or Singapore). We ensure all data transfers are compliant with local laws.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes via email or app notification.
9. Contact Us
If you have any questions about this Privacy Policy or your data, please contact:
Brokoli App Support
Email: ryan.teh@brokoli.asia
Company: Brokoli Digital Sdn Bhd
Address: PJ Damansara
Let me know if you’d like a version for Terms of Service, or one tailored to comply with GDPR/PDPA or include Google/TikTok API-specific terms next.