👋 Need help? Chat with us!

GDPR Compliance

Name: AdsMAA
Rating: 4.8 (2847 reviews)
Author: Zusta Autonetic Private Limited

How AdsMAA complies with the General Data Protection Regulation and protects the rights of EU/EEA residents.

Last Updated: December 28, 2025

Quick Navigation

Key Principles Legal Basis Your Rights DPA Data Transfers Sub-processors Breach Notice Retention

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. AdsMAA is fully committed to GDPR compliance and has implemented robust measures to protect the personal data of EU/EEA residents. We act as both a data controller (for our own operations) and a data processor (when handling your customers' data on your behalf).

GDPR Key Principles We Follow

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly inform you about how we use your data.

Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not process it further in incompatible ways.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for our purposes.

Accuracy

We keep personal data accurate and up to date, and provide mechanisms for you to correct inaccuracies.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorized processing and accidental loss.

Legal Basis for Processing

We process your personal data under the following legal bases:

Legal Basis	Processing Activities
Contract Performance	Account creation, service delivery, payment processing, customer support
Legitimate Interest	Platform security, fraud prevention, service improvement, analytics
Legal Obligation	Tax records, regulatory compliance, legal proceedings
Consent	Marketing communications, optional analytics cookies, product surveys

Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten") under certain circumstances.

Right to Restrict Processing

Request that we limit how we use your data while issues are resolved.

Right to Data Portability

Receive your data in a structured, machine-readable format for transfer to another service.

Right to Object

Object to processing based on legitimate interests, including profiling and direct marketing.

Rights Related to Automated Decisions

Right not to be subject to solely automated decisions that significantly affect you.

Right to Withdraw Consent

Withdraw consent at any time where we rely on consent for processing.

To exercise any of these rights, please email [email protected] or [email protected]. We will respond within 30 days. There is no fee for reasonable requests, but we may charge for excessive or unfounded requests.

Data Processing Agreement (DPA)

When you use AdsMAA to track conversions on your website, we process personal data of your customers on your behalf. This makes you the data controller and us the data processor.

Our DPA Includes:

Standard Contractual Clauses (SCCs) for international transfers

Technical and organizational security measures

Sub-processor list and notification of changes

Data breach notification procedures

Assistance with data subject rights requests

Audit rights and compliance certifications

Enterprise customers can request a signed DPA. Contact [email protected]

International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

We use EU Commission-approved SCCs for transfers to third countries without adequacy decisions.

Adequacy Decisions

When available, we rely on EU adequacy decisions for countries deemed to have adequate data protection.

Supplementary Measures

We implement additional technical and organizational measures including encryption and access controls.

Sub-processors

We use the following sub-processors to provide our services:

Sub-processor	Purpose	Location
Amazon Web Services	Cloud infrastructure hosting	EU (Frankfurt) / US
Stripe	Payment processing	US (SCCs)
Razorpay	Payment processing (India)	India
SendGrid	Email delivery	US (SCCs)
Intercom	Customer support	US (SCCs)

We will notify you of any changes to our sub-processor list at least 30 days in advance.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

1We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

2If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

3For data we process on your behalf, we will notify you within 24 hours so you can fulfill your obligations.

Data Retention Periods

Data Category	Retention Period	Basis
Account Data	Active account + 30 days	Contract
Conversion/Tracking Data	25 months (configurable)	Contract
Billing Records	7 years	Legal obligation
Support Tickets	3 years	Legitimate interest
Security Logs	90 days	Legitimate interest

Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your rights:

Data Protection Officer

[email protected]

Privacy Team

[email protected]

Address: Zusta Autonetic Private Limited, 2/164A VC, Kolkata - 700047, India

GDPR Compliance

How AdsMAA complies with the General Data Protection Regulation and protects the rights of EU/EEA residents.

Last Updated: December 28, 2025

Quick Navigation

Key Principles Legal Basis Your Rights DPA Data Transfers Sub-processors Breach Notice Retention

Our Commitment to GDPR

GDPR Key Principles We Follow

Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and in a transparent manner. We clearly inform you about how we use your data.

Purpose Limitation

We collect data only for specified, explicit, and legitimate purposes and do not process it further in incompatible ways.

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for our purposes.

Accuracy

We keep personal data accurate and up to date, and provide mechanisms for you to correct inaccuracies.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorized processing and accidental loss.

Legal Basis for Processing

We process your personal data under the following legal bases:

Legal Basis	Processing Activities
Contract Performance	Account creation, service delivery, payment processing, customer support
Legitimate Interest	Platform security, fraud prevention, service improvement, analytics
Legal Obligation	Tax records, regulatory compliance, legal proceedings
Consent	Marketing communications, optional analytics cookies, product surveys

Your Rights Under GDPR

As an EU/EEA resident, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you. We will provide this within 30 days.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten") under certain circumstances.

Right to Restrict Processing

Request that we limit how we use your data while issues are resolved.

Right to Data Portability

Receive your data in a structured, machine-readable format for transfer to another service.

Right to Object

Object to processing based on legitimate interests, including profiling and direct marketing.

Rights Related to Automated Decisions

Right not to be subject to solely automated decisions that significantly affect you.

Right to Withdraw Consent

Withdraw consent at any time where we rely on consent for processing.

Data Processing Agreement (DPA)

When you use AdsMAA to track conversions on your website, we process personal data of your customers on your behalf. This makes you the data controller and us the data processor.

Our DPA Includes:

Standard Contractual Clauses (SCCs) for international transfers

Technical and organizational security measures

Sub-processor list and notification of changes

Data breach notification procedures

Assistance with data subject rights requests

Audit rights and compliance certifications

Enterprise customers can request a signed DPA. Contact [email protected]

International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

We use EU Commission-approved SCCs for transfers to third countries without adequacy decisions.

Adequacy Decisions

When available, we rely on EU adequacy decisions for countries deemed to have adequate data protection.

Supplementary Measures

We implement additional technical and organizational measures including encryption and access controls.

Sub-processors

We use the following sub-processors to provide our services:

Sub-processor	Purpose	Location
Amazon Web Services	Cloud infrastructure hosting	EU (Frankfurt) / US
Stripe	Payment processing	US (SCCs)
Razorpay	Payment processing (India)	India
SendGrid	Email delivery	US (SCCs)
Intercom	Customer support	US (SCCs)

We will notify you of any changes to our sub-processor list at least 30 days in advance.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

1We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

2If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

3For data we process on your behalf, we will notify you within 24 hours so you can fulfill your obligations.

Data Retention Periods

Data Category	Retention Period	Basis
Account Data	Active account + 30 days	Contract
Conversion/Tracking Data	25 months (configurable)	Contract
Billing Records	7 years	Legal obligation
Support Tickets	3 years	Legitimate interest
Security Logs	90 days	Legitimate interest

Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your rights:

Data Protection Officer

[email protected]

Privacy Team

[email protected]

Address: Zusta Autonetic Private Limited, 2/164A VC, Kolkata - 700047, India