Reference template — review with your lawyer and fill in your company details before publishing.
← Back to site
Privacy

Privacy Policy

Last updated: June 2026

This policy explains how Baton handles your personal data, in line with the GDPR, the UK GDPR, and the CCPA/CPRA. Baton is built to conduct ads without ever touching your media money, and we treat your data with the same care.

1Who the controller is

The controller of the data processed on this platform is Baton, Inc. For anything related to personal data, reach our Data Protection Officer (DPO) at hello@baton.ai.

2Data we collect

We collect only what we need to conduct your campaigns and run your account:

Data you provide

  • Sign-up: name, email, phone, and organization details.
  • Payment: the data needed to bill you by card, processed by Stripe. We do not store your full card details.

Data from the ad platforms

  • When you connect Google, Meta, TikTok, or LinkedIn through official OAuth, we receive access tokens and campaign, spend, and metric data — to show in the dashboard, compute real ROAS, and enforce the Vault. Baton never receives or moves your media budget.

Usage data

  • Access logs (IP, date/time), actions taken in the dashboard, and technical device/browser data, plus cookies (see section 5).

3How and why we use it

We process your data for the purposes below, always under a valid legal basis:

PurposeLegal basis
Provide the service: connect accounts, show the dashboard, enforce the Vault, and record the audit trailPerformance of a contract
Billing, invoicing, and fraud preventionPerformance of a contract and legal obligation
Proactive alerts (anomalies, fatigue, pacing) by WhatsApp, Slack, or emailPerformance of a contract and legitimate interest
Support, product improvement, and securityLegitimate interest
Marketing communicationsConsent

4Sharing

We do not sell your data. We share the minimum necessary with processors that make the service possible:

  • Ad platforms (Google, Meta, TikTok, LinkedIn): to read data and run the actions you authorize.
  • Stripe: payment processing.
  • Infrastructure and cloud providers (e.g., hosting and databases): to run the platform securely.
  • Messaging providers (WhatsApp, Slack): to deliver the agent's alerts.
  • Authorities: when required by law or court order.

5Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the platform is used. You can manage cookies in your browser settings; some are essential to operation and cannot be turned off.

  • Essential: session, security, and authentication.
  • Analytics: aggregate usage metrics, to improve the product.
  • Preferences: language and interface settings.

6Security and retention

We apply technical and organizational measures to protect your data: encrypted access tokens, per-organization isolation, role-based access control, and an immutable, reversible audit trail. We keep data only as long as needed for the stated purposes or as required by law; after that, it is deleted or anonymized. You can close your account at any time and request deletion of your data, subject to legal retention obligations.

7Your rights

Depending on where you live, you may at any time:

  • confirm processing and access your data;
  • correct incomplete, inaccurate, or outdated data;
  • request anonymization, restriction, or deletion of unnecessary or improperly processed data;
  • request portability to another provider;
  • withdraw consent and request deletion of data processed on that basis;
  • get information about how your data is shared;
  • object to processing based on legitimate interest.

To exercise your rights, write to hello@baton.ai. We respond within the statutory timeframes.

8International transfers

Some processors (such as ad platforms and cloud providers) may process data outside your country. In those cases, we apply appropriate safeguards (such as Standard Contractual Clauses) to ensure adequate protection of your data.

9Minors

Baton is intended for businesses and professionals and is not directed at anyone under 18. We do not knowingly collect data from minors.

10Changes to this policy

We may update this policy from time to time. When there is a material change, we will notify you in the dashboard or by email. The date at the top shows the latest revision.

11Contact and DPO

Questions about privacy or this policy? Reach our Data Protection Officer (DPO):

Email: hello@baton.ai
Company: Baton, Inc.