Privacy Policy

Last updated: May 06, 2026 · Version 1.0 · Versão em português

This Policy describes how Dash&Ponto collects, uses and protects your data when using our SaaS platform for paid media reporting (the "Service").

Summary: we only collect performance metrics from your Meta Ads campaigns to generate reports. We do not access personal data of end users who viewed the ads, nor do we sell data.

1. Data Controller

Dash&Ponto is the data controller under Brazilian LGPD (Law 13.709/2018) and GDPR principles.
Contact: contato@trackingdigital.com.br
Service URL: https://relatorios.trackingdigital.com.br

2. Data We Collect

2.1 Account and authentication

Email and password — for platform login (password stored as bcrypt hash, never plaintext).
Name — displayed in the interface.
Meta access token — 60-day OAuth token obtained via explicit authorization. Stored encrypted (AES-256-GCM).

2.2 Campaign data via Meta Ads API (`ads_read`)

Upon authorization, we read:

Performance metrics: impressions, clicks, reach, spend, CPM, CPC, CTR, ROAS, conversions and funnel metrics.
Identifiers and names of ad accounts, campaigns and creatives.

We do NOT access: personal data of users who viewed ads, messages, photos, personal profile, payment data or any permission beyond ads_read.

2.3 Technical data

Access logs — IP anonymized (last two octets removed), date/time and endpoint. Solely for security purposes.
Session cookie — HTTP-only, SameSite=Lax, valid for 7 days.

3. Purposes and Legal Basis

Purpose	Legal Basis
Authenticate user and maintain session	Contract performance
Query Meta Ads API and generate reports	Contract performance + consent
Process payments via Stripe	Contract performance
Security monitoring and logs	Legitimate interest
Compliance with legal obligations	Legal obligation

4. Sharing

We do not sell data. We share only with:

Meta Platforms — OAuth authentication and Ads API. See Meta's Privacy Policy.
Stripe — payment processing. We do not store card data. See Stripe's Policy.
Hosting infrastructure — servers with adequate protection levels.
Competent authorities — when required by law or court order.

5. International Transfers

The Meta Ads API operates on US servers. This transfer is necessary for Service delivery and is based on contract performance with the data subject.

6. Data Retention

Data	Retention Period
Meta access token	Until revocation or natural expiration (60 days)
Generated reports	Until deleted by user or account closure
Account data (email)	Until closure + 30-day backup window
Access logs (anonymized IP)	90 days
Financial and payment records	5 years (fiscal obligation)

7. Your Rights

You can request: access to your data · correction of incorrect data · deletion of unnecessary data · portability in structured format · information about sharing · objection to processing · consent revocation.

Send requests to contato@trackingdigital.com.br. We respond within 15 business days.

8. Data Deletion

Immediate account deletion: go to My Account → "Danger zone" → "Delete my account". All your data (reports, Meta tokens, settings and history) is wiped immediately.

Meta disconnection: in My Account → "Meta Ads Connection" → "Disconnect Meta", you revoke the stored token without deleting your account.

Via Facebook: revoke app access at Facebook Settings → Apps and Websites. Meta notifies us automatically and we revoke the token via callback /api/meta/deletion-callback.

Support: for deletion assistance, contact contato@trackingdigital.com.br.

9. Security

We adopt: AES-256-GCM encryption for tokens · TLS for all communications · bcrypt hashing for passwords · HTTP-only protected sessions · continuous monitoring of access logs.

10. Cookies

We use only the technical session cookie (connect.sid) needed for authentication. We do not use tracking, analytics or advertising cookies.

11. Minors

The Service is intended for professionals 18 years or older. We do not collect data from minors.

12. Changes

We will notify significant changes via email or in-platform notice. The "last updated" date indicates the current version.

13. Contact

Dash&Ponto
Email: contato@trackingdigital.com.br