Privacy Policy

1. Introduction and Scope

The Golden Calf Pty Ltd ("we", "us", "our", or "TGC") operates the TGC Ripper Ad Intelligence platform ("the Application"), an internal marketing analytics tool used exclusively by authorised TGC team members to analyse publicly available competitor advertising data, optimise our own advertising campaigns on Meta platforms (Facebook and Instagram), and improve the effectiveness of our marketing efforts for our bedding and wellness product lines.

This Privacy Policy explains how we collect, use, store, and protect information in connection with the Application and its integration with the Meta Marketing API and Meta Ad Library API. It applies to all users of the Application, including employees, contractors, and authorised staff members of TGC.

By accessing or using the Application, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use immediately and contact your TGC administrator.

2. Information We Collect

2.1 Information You Provide

• Account registration information (name, email address) provided via Manus OAuth authentication
• Strategist notes, ad copy inputs, and creative briefs entered into the Application
• Ad creative assets (images, screenshots) uploaded for analysis
• Configuration settings and preferences saved within the Application

2.2 Information Collected Automatically

• Usage logs including page views, feature interactions, and timestamps
• IP addresses and browser/device information for security and access control purposes
• Session tokens and authentication cookies necessary for maintaining login state
• API request logs for debugging and performance monitoring

2.3 Data from Meta Platforms

The Application accesses the following data from Meta's APIs solely to support TGC's internal marketing operations:

• Meta Ad Library API: Publicly available competitor advertisement data including ad creative text, ad delivery dates, and impression ranges. This data is publicly accessible to any user of the Facebook Ad Library at facebook.com/ads/library and does not include any private or personally identifiable information.
• Meta Marketing API: Performance metrics for TGC's own ad campaigns (ROAS, spend, purchases, CTR, impressions) from TGC's own Meta Business Manager ad accounts. This data is used solely to evaluate campaign effectiveness and inform internal creative decisions.
• Ad creative thumbnails: Publicly accessible image URLs associated with TGC's own running ad campaigns, used for internal review and team performance tracking.

3. How We Use Information

We use the information collected for the following purposes:

• Marketing optimisation: Analysing competitor ad strategies and our own campaign performance to improve the effectiveness of TGC's advertising spend on Meta platforms, enabling us to allocate budget more efficiently and create higher-performing ad creatives for our bedding and wellness product lines.
• Creative production management: Tracking the output and performance of TGC's internal creative team (strategists, editors, designers) to manage workload and measure productivity.
• AI-assisted copywriting: Using publicly available competitor ad copy as reference material to train and prompt Claude AI (Anthropic) to generate original TGC ad copy. No competitor data is shared externally beyond the Anthropic API under their standard data processing terms.
• Task management integration: Creating and updating tasks in TGC's internal ClickUp project management workspace to coordinate creative production workflows.
• Authentication and access control: Verifying the identity of authorised TGC staff members and maintaining secure access to the Application.
• Security and fraud prevention: Monitoring for unauthorised access attempts and protecting the integrity of TGC's data and systems.

4. Meta Platform Data — Specific Disclosures

In compliance with Meta's Platform Terms and Developer Policies, we make the following specific disclosures regarding our use of Meta platform data:

• Purpose limitation: All Meta platform data accessed through the Marketing API is used exclusively for TGC's own internal business operations. We do not use this data to build profiles on individuals, target advertising to third parties, or sell insights to any external party.
• No data resale: We do not sell, license, or transfer Meta platform data to any third party.
• No unauthorised scraping: We access Meta data exclusively through official, approved API endpoints using authorised access tokens. We do not use automated browsers, scrapers, or unofficial methods to access Meta platforms.
• Data minimisation: We request only the minimum data fields necessary for each function of the Application and do not store raw API responses beyond what is operationally required.
• Retention: Meta API data stored in our database is retained for a maximum of 12 months for historical analysis purposes, after which it is deleted or anonymised.
• User data deletion: If you are a TGC staff member and wish to have your account data removed from the Application, contact [email protected]. We will process deletion requests within 30 days.

5. Data Sharing and Third-Party Services

We share data with the following third-party service providers solely to operate the Application:

We do not sell personal information to any third party. We do not share data with advertisers, data brokers, or any party for commercial purposes outside of TGC's own marketing operations.

6. Data Security

We implement industry-standard technical and organisational security measures to protect your information, including:

• Encrypted data transmission using TLS/HTTPS for all Application traffic
• Encrypted database storage with access restricted to authorised personnel only
• API credentials and secrets stored as environment variables, never in source code
• Role-based access control limiting staff access to functions relevant to their role
• JWT-based session authentication with secure, httpOnly cookies
• Regular security reviews and dependency updates

Despite these measures, no system is completely secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

7. Data Retention

We retain data for the following periods:

• User account data: Retained for the duration of employment/engagement with TGC, plus 90 days after account deactivation
• Ad job records: Retained for 24 months for historical analysis and performance tracking
• Meta API data (competitor ads): Retained for 12 months, then deleted
• Meta API data (own campaign metrics): Retained for 24 months for trend analysis
• Training examples (Claude AI): Retained indefinitely as internal IP unless deletion is requested
• Server logs: Retained for 90 days for security and debugging purposes

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention obligations)
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. For Meta platform data specifically, you may also exercise rights directly through Meta's own privacy controls at facebook.com/privacy/policy.

9. Cookies and Tracking

The Application uses the following cookies:

• Session cookies (essential): Required for authentication and maintaining login state. These are httpOnly, secure cookies that expire when you close your browser or after 7 days of inactivity.
• Preference cookies (functional): Store UI preferences such as selected time periods and filter settings. These persist for 30 days.

We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics cookies. The Application does not serve advertisements.

10. International Data Transfers

TGC is based in Australia. The Application and its data may be processed in servers located in Singapore, the United States, and other jurisdictions where our service providers operate. Where data is transferred outside Australia, we ensure appropriate safeguards are in place in accordance with the Australian Privacy Act 1988 and applicable international data protection laws, including the EU General Data Protection Regulation (GDPR) where applicable.

11. Children's Privacy

The Application is an internal business tool intended solely for adult TGC employees and contractors. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has accessed the Application, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify authorised users of material changes via the Application or email. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Application after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

If you are located in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.