Privacy Policy

Effective date: 1 July 2026

1. About this policy

This Privacy Policy explains how Marketing Systems AU Pty Ltd (“Marketing Systems AU”, “we”, “us” or “our”), the operator of Advec (the “Service”), handles personal information when you visit our website at getadvec.com or use the Service.

Marketing Systems AU is an Australian company and is bound by the Privacy Act 1988 (Cth) (the “Privacy Act”) and the Australian Privacy Principles (“APPs”). This policy describes what personal information we collect, how we use and disclose it, how we keep it secure, and how you can access or correct it.

2. What Advec does

Advec is a change-tracking tool for digital marketers, operated by Marketing Systems AU Pty Ltd. With your permission we connect to your Meta Ads and Google Ads accounts and to landing pages you nominate, and we record what changes over time so you can review and report on those changes.

3. Personal information we collect

The personal information we collect includes:

  • Account information — your name, email address and hashed password when you register, or your Google profile information (name, email, Google account ID) if you sign in with Google.
  • Authentication tokens — OAuth access and refresh tokens that you authorise us to hold in order to connect your Meta Ads and Google Ads accounts. These tokens are encrypted at rest.
  • Advertising account data — information we retrieve from your connected ad accounts, such as campaign names, budgets, statuses, targeting settings, schedules and ad creative content. This data may include names, images or copy chosen by you or your team.
  • Website monitoring data — the URLs you ask us to monitor, screenshots of those pages, content hashes and change diffs.
  • Product usage data — projects you create, notes you add to changes, notification preferences and in-app activity.
  • Technical information — your IP address, device and browser type, operating system, referring pages, log data and cookies (see Section 10).
  • Correspondence — messages you send us for support or enquiries.

We do not intentionally collect sensitive information (as defined in the Privacy Act) and ask that you do not submit it to us.

4. How we collect personal information

We collect personal information:

  • directly from you when you register, sign in, connect an ad account, add a website to monitor, or contact us;
  • automatically when you use the Service, through cookies, log files and similar technologies; and
  • from third parties you authorise, including Meta and Google, when you complete their OAuth consent flow to connect an account.

Where it is reasonable and practicable, we collect personal information directly from you.

5. Why we collect and use personal information

We use personal information to:

  • provide, operate, maintain and improve the Service;
  • authenticate you, secure your account and prevent fraud or misuse of the Service;
  • connect to your Meta Ads and Google Ads accounts and poll them for changes on your behalf;
  • capture screenshots and content hashes of the landing pages you nominate and compute change diffs;
  • display change history, dashboards and reports, and send notifications and email digests you have configured;
  • respond to your enquiries and provide customer support;
  • comply with our legal obligations and enforce our terms of service.

If we cannot collect the personal information we need, we may not be able to provide the Service or the feature you are trying to use.

6. How we disclose personal information

We do not sell your personal information. We may disclose it to:

  • Service providers we use to run Advec, including:
    • Railway (application and database hosting — United States);
    • Vercel (frontend hosting and edge network — United States);
    • Cloudflare (object storage for screenshots, via R2 — United States / global network);
    • Google Ireland Limited / Google LLC (Google sign-in and Google Ads API access — Ireland and United States);
    • Meta Platforms Ireland Limited / Meta Platforms, Inc. (Meta Marketing API access — Ireland and United States);
    • Resend (transactional email delivery, including account emails and change digests — United States);
    • error monitoring and analytics providers used to operate the Service.
  • Professional advisers such as lawyers, accountants or auditors, where reasonably required;
  • Government agencies, regulators or law enforcement where we are required or authorised by law to do so, or where we reasonably believe it is necessary to protect our rights, safety or property, or those of any other person;
  • Successors in connection with a sale, merger, restructure or acquisition of our business, in which case we will take reasonable steps to ensure the recipient is bound by privacy protections at least as strong as those in this policy.

7. Overseas disclosure

Several of the service providers listed above are located outside Australia, principally in the United States and the European Union (Ireland). By using the Service you acknowledge that your personal information may be stored on, or accessed from, servers located in these jurisdictions.

Before disclosing personal information overseas we take reasonable steps to ensure the recipient handles it consistently with the APPs, including through contractual protections with our providers.

8. Security of your personal information

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • encryption of OAuth tokens at rest and encryption of data in transit (TLS);
  • hashing of passwords using an industry-standard algorithm (we never store your password in plain text);
  • access controls so that each user can only access their own projects and data;
  • logging and monitoring, and use of reputable hosting and infrastructure providers.

No online service is completely secure. If you believe your account has been compromised, please contact us immediately at dinesh@marketingsystems.com.au.

9. Data retention

We keep personal information only for as long as we need it for the purposes described in this policy, or for as long as we are required to keep it by law. In particular:

  • Account information is kept while your account is active. When you delete your account we delete or de-identify your personal information within a reasonable period, except where we are required to retain it (for example, for tax, accounting or legal purposes).
  • Website screenshots are retained for 365 days from capture so we can show you before-and-after comparisons, and are then deleted. Change history metadata (what changed and when) may be retained for the life of your account so we can continue to show longer-term audit logs.
  • OAuth tokens are deleted when you disconnect the relevant ad account or delete your Advec account.
  • Logs and backups may be retained for a short additional period for security, troubleshooting and disaster recovery.

10. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember your preferences and understand how the Service is used. You can control cookies through your browser settings, but disabling them may affect functionality (for example, you may not be able to stay signed in).

11. Accessing and correcting your personal information

Under APP 12 and APP 13 you have the right to request access to the personal information we hold about you and to ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant or misleading.

You can update most of your account information directly in the Advec settings page. For anything else, contact us at dinesh@marketingsystems.com.au and we will respond within a reasonable period (usually within 30 days). We may need to verify your identity before actioning your request.

You may also ask us to delete your account. We will do so unless we are required by law to retain some information.

12. Complaints

If you believe we have breached the APPs or mishandled your personal information, please contact us first at dinesh@marketingsystems.com.au with details of your complaint. We will investigate and respond, generally within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

13. Notifiable data breaches

If a data breach occurs that is likely to result in serious harm to individuals whose personal information is involved, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

14. Children

The Service is intended for use by professionals in a business context and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

15. Third-party platforms

When you connect your Meta Ads or Google Ads accounts, your use of those platforms remains subject to their own terms and privacy policies. We access only the data needed to detect changes to your ad accounts and act on your behalf, and we do so under the scopes you approve during the OAuth consent flow.

16. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. The date at the top of this page tells you when it was last updated. Your continued use of the Service after any change indicates your acceptance of the updated policy.

17. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us: