Türkçe · English
Legal

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how personal data is processed when you use BunnyAds. The data controller is the company below.

1. Data We Collect

  • Account data: name, email, phone, brand details.
  • Technical data: IP address, browser/device info, session and activity (audit) logs for security.
  • Meta advertising data: with your permission: ad accounts, campaign/performance data, connected Facebook Pages and Instagram accounts.
  • Google data: with your permission: Google Analytics 4 report data and Google Search Console search performance data (read-only).

2. Purposes of Processing

  • Providing the service: creating, managing and reporting Meta ads.
  • Account security, abuse prevention and audit logging.
  • Support and communication.
  • Compliance with legal obligations.

3. Meta (Facebook / Instagram) Data Sharing

BunnyAds operates through Meta's advertising APIs (Marketing API, Graph API). To use the service you grant access to your Meta account; we access only the data required for ad management (ad accounts, campaigns, Pages, Instagram business accounts, performance metrics).

  • Your Meta access tokens are stored encrypted on the server, never in the browser.
  • Your data is never sold and is not shared with third parties beyond what is required for ad management.
  • You can disconnect Meta at any time (see Data Deletion).
  • Meta's own processing is governed by Meta's Privacy Policy.

4. Google (Analytics & Search Console) Data

If you choose to connect your Google account, BunnyAds displays your Google Analytics 4 and Google Search Console data inside your panel. This connection is optional and requests read-only access; BunnyAds cannot make any changes to your Google account.

  • Data accessed: report data of the GA4 property you select (visitors, sessions, conversions, revenue) and the search performance of your Search Console site (clicks, impressions, queries, pages).
  • How it is used: this data is shown only to you, as reporting and analysis in your own panel. It is not used for any other purpose, not shared with third parties, and never sold.
  • Storage and protection: your Google access token is stored encrypted on the server and never reaches the browser. Report data is fetched from Google at view time; no permanent copy is kept.
  • Disconnecting: use "Remove connection" in the panel's Brand Management page to delete your access token immediately. You can also revoke access from your Google account permissions.
  • BunnyAds's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Cookies

We use cookies for session management, preferences and anonymous analytics. You can manage cookies in your browser settings.

6. Third-Party Service Providers

The minimum data required is processed with: Cloudflare (hosting/CDN), Supabase (database/authentication), Meta (advertising API), Google (Analytics and Search Console reports), and Anthropic (AI-assisted content). Each processes data only within its own service scope.

7. Data Retention

Data is retained while your account is active and for any legally required periods. Upon a deletion request, data other than mandatory legal records is deleted.

8. Data Security

Data is protected via encrypted transport (HTTPS), access control (row-level security) and encrypted token storage. Sensitive data is not kept client-side; it is processed via a server-side proxy.

9. Your Rights

Under applicable law (incl. Turkish KVKK art. 11), you may request information about, correction or deletion of your personal data, and object to processing. Contact iletisim@bunnyads.com.

10. Data Deletion

See the Data Deletion Instructions for how to delete your account and data.

11. Changes

This policy may be updated; the current version is always published on this page.

Contact

iletisim@bunnyads.com · 0505 930 90 06