RunAds Privacy Policy

Effective Date: June 2, 2026 Last Updated: June 2, 2026

RunAds Technologies & Media Ltd ("RunAds", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, transfer, and protect personal data when you access or use the RunAds platform, websites, mobile applications, APIs, and related services (collectively, the "Platform"), whether as a Creator, Advertiser, visitor, or other user.

This Policy is issued in compliance with the Nigeria Data Protection Act, 2023 (NDPA), the Nigeria Data Protection Regulation, 2019 (NDPR), and, where applicable, the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other applicable international data protection laws.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

RunAds Technologies & Media Ltd Registered Office: 736 Daniel Gemana Cl, 7th Ave Gwarinpa, FCT Abuja, Nigeria Email: support@runadsng.com Phone: +234 704 111 0190

For privacy-related inquiries, contact our Data Protection Officer (DPO) at: privacy@runadsng.com.

2. Scope

This Policy applies to:

Creators who register on the Platform to promote campaigns and earn payouts.
Advertisers who fund and run advertising campaigns through the Platform.
Visitors to our website, marketing pages, and public APIs.
Representatives of corporate Advertisers, agencies, partners, vendors, and applicants.

This Policy does not cover third-party websites, social media platforms (TikTok, Instagram, YouTube, X, Facebook, Snapchat, etc.), or services that are linked to but not operated by RunAds. Those parties have their own privacy practices, which you should review.

3. Information We Collect

We collect personal data in three main ways: (i) information you provide directly, (ii) information collected automatically when you use the Platform, and (iii) information we receive from third parties.

3.1 Information You Provide

Account Data: name, username, email address, phone number, password (hashed), date of birth, country/state, profile photo.
Identity & KYC Data: government-issued ID (NIN, driver's license, international passport, voter's card), selfie/liveness verification, proof of address, business registration documents (CAC, certificate of incorporation, TIN), beneficial ownership details.
Creator Profile Data: linked social media handles, follower/subscriber counts, audience demographics, content categories, sample content, engagement metrics, content niche.
Advertiser Profile Data: business name, industry, website, billing contact, marketing objectives, brand assets, campaign creative.
Payment & Payout Data: bank account number, account name, bank code, transaction history, payout history, tax identification numbers.
Communications: support tickets, chat messages, emails, dispute submissions, survey responses, feedback.
Content You Submit: posts, videos, screenshots, links, captions, and analytics screenshots submitted as proof of campaign performance.

3.2 Information Collected Automatically

Device & Technical Data: IP address, device identifiers, device type, operating system, browser type and version, language settings, mobile network information, time zone.
Usage Data: pages visited, features used, clicks, session duration, referring URLs, navigation paths, search queries.
Cookies & Similar Technologies: session cookies, persistent cookies, local storage, pixels, SDKs, and similar tracking technologies (see Section 10).
Location Data: approximate geolocation derived from IP address; precise geolocation only with your consent.
Log Data: server logs, error logs, security events, API call records, timestamps.

3.3 Information from Third Parties

Social Media Platforms: when you connect a social account via OAuth, we receive profile information, follower counts, public posts, insights, and engagement metrics permitted by that platform's API.
KYC & Identity Verification Providers: identity verification results, watchlist/sanctions screening results, fraud signals.
Payment Processors & Banks: transaction confirmations, settlement reports, chargeback notices, fraud alerts.
Analytics & Attribution Providers: aggregated audience and performance signals.
Advertisers/Creators: information shared about you in the context of a campaign (e.g., performance attribution).
Public Sources & Business Partners: publicly available information for fraud prevention and due diligence.

3.4 Sensitive Information

We do not intentionally collect special categories of data (e.g., health, religion, political opinions, biometric data) except:

Biometric data (facial recognition for liveness checks) collected solely for KYC/identity verification, with your consent and processed by certified verification partners.
Government ID numbers (NIN) where required by Nigerian law.

We do not knowingly collect personal data of children under 18. If you are under 18, do not use the Platform.

4. How We Use Your Information (Purposes & Legal Bases)

We process personal data only where we have a lawful basis. The legal bases under NDPA/GDPR are: (a) performance of a contract, (b) legal obligation, (c) legitimate interests, (d) consent, and (e) vital interests/public interest (rare).

| Purpose | Examples | Legal Basis | |---|---|---| | Account creation & management | Registration, login, profile setup | Contract | | KYC, AML, sanctions screening, fraud prevention | Verifying identity, screening against watchlists | Legal obligation; legitimate interests | | Operating campaigns | Matching Advertisers with Creators, tracking deliverables, calculating payouts | Contract | | Payments & payouts | Processing wallet top-ups, settlements, refunds, chargebacks | Contract; legal obligation | | Communications | Service emails, OTPs, support, dispute resolution | Contract; legitimate interests | | Marketing | Newsletters, product announcements, promotional offers | Consent (you may opt out anytime) | | Analytics & product improvement | Understanding usage, debugging, A/B testing | Legitimate interests | | Security & abuse prevention | Detecting bot traffic, fake engagement, account takeover | Legitimate interests; legal obligation | | Legal & regulatory compliance | Tax reporting, responding to lawful requests, audits | Legal obligation | | Personalization | Recommending campaigns or creators | Legitimate interests; consent where required | | Enforcement | Enforcing the Terms of Service, protecting our rights | Legitimate interests |

We will not use your personal data for purposes materially different from those described here without notifying you and, where required, obtaining your consent.

5. How We Share Your Information

We do not sell your personal data. We share personal data only as described below:

5.1 With Other Users

Advertisers receive Creators' platform-displayed profile information, campaign performance metrics, and content submissions necessary to evaluate and pay for campaigns.
Creators receive Advertiser brand name, campaign brief, and assets needed to perform the campaign.
Public profile fields (name, handle, avatar, niche) may be visible to other users.

5.2 Service Providers (Processors)

We share data with vetted vendors acting under written data processing agreements, including:

Cloud hosting & infrastructure providers
KYC, AML, and identity verification providers
Payment processors, payout rails, and banks
Communication providers (email, SMS, push notifications)
Analytics, monitoring, and crash-reporting tools
Customer support and CRM tools
Fraud detection and security providers

5.3 Legal & Compliance Disclosures

We may disclose personal data when required to:

Comply with applicable law, court order, subpoena, or lawful government request (including from the Nigeria Data Protection Commission (NDPC), EFCC, CBN, FIRS, and law enforcement).
Enforce our Terms of Service or other agreements.
Detect, prevent, or address fraud, security, or technical issues.
Protect the rights, property, or safety of RunAds, our users, or the public.

5.4 Business Transfers

In a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to standard confidentiality protections and notice where required by law.

5.5 With Your Consent

Any other sharing will only occur with your explicit consent.

5.6 Aggregated / De-identified Data

We may share aggregated, de-identified, or anonymized data (which cannot reasonably be used to identify you) for industry benchmarking, research, marketing, and reporting.

6. International Data Transfers

RunAds is headquartered in Nigeria. Personal data may be transferred to, processed, and stored in countries outside your country of residence, including the United States, the European Union, the United Kingdom, and other jurisdictions where our service providers operate.

Where we transfer personal data outside Nigeria, we rely on lawful transfer mechanisms under the NDPA, including:

Transfers to jurisdictions deemed adequate by the NDPC.
Standard Contractual Clauses (SCCs) or equivalent contractual safeguards.
Your explicit consent, where applicable.
Other derogations permitted by law (e.g., necessary for performance of a contract).

For EEA/UK data subjects, we rely on GDPR Article 46 safeguards (SCCs, supplementary measures) for transfers outside the EEA/UK.

You may request a copy of the safeguards by contacting privacy@runadsng.com.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including:

Account data: for the life of the account, plus up to 7 years after closure to comply with Nigerian financial, tax, and AML record-keeping obligations.
KYC & AML records: at least 5 years after the end of the business relationship, as required by the Money Laundering (Prevention and Prohibition) Act, 2022.
Transaction & payout records: at least 7 years for tax and audit purposes.
Marketing data: until you unsubscribe or withdraw consent.
Support communications: up to 3 years after the ticket is closed.
Server logs & security data: typically 12-24 months.
Cookies: as described in Section 10.

After applicable retention periods, we securely delete or irreversibly anonymize personal data.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

Right to be informed about how we process your data (this Policy).
Right of access — request a copy of the personal data we hold about you.
Right to rectification — correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten") — request deletion, subject to legal retention obligations.
Right to restriction of processing in certain circumstances.
Right to data portability — receive your data in a structured, machine-readable format.
Right to object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent at any time, where processing is based on consent.
Right not to be subject to solely automated decisions producing legal or similarly significant effects (see Section 12).
Right to lodge a complaint with a supervisory authority (e.g., the NDPC in Nigeria, your local data protection authority in the EEA/UK).

How to Exercise Your Rights

Send a written request to privacy@runadsng.com, including enough information for us to verify your identity. We will respond within 30 days (extendable by 60 days for complex requests) at no charge, except where requests are manifestly unfounded or excessive.

California Residents (CCPA/CPRA)

California residents have additional rights including the right to know, delete, correct, and opt out of "sharing" of personal information, and the right to non-discrimination. We do not sell personal information.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction, including:

TLS/HTTPS encryption in transit and AES-256 encryption at rest for sensitive data.
Hashed and salted passwords (e.g., bcrypt/argon2).
Tokenization of payment card data via PCI-DSS Level 1 processors.
Role-based access control, least-privilege principles, and audit logging.
Multi-factor authentication for administrative access.
Regular security testing, vulnerability scanning, and penetration testing.
Employee training, confidentiality agreements, and background checks.
Vendor security assessments and data processing agreements.
Incident response and disaster recovery procedures.

No method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential.

Data Breach Notification

If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify the NDPC within 72 hours (or applicable supervisory authority) and affected users without undue delay, as required by the NDPA/NDPR/GDPR.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate, secure, and improve the Platform.

Managing Cookies

You can manage non-essential cookies via our cookie banner or your browser settings. Disabling certain cookies may degrade Platform functionality.

We honor Global Privacy Control (GPC) signals where legally required.

11. Marketing Communications

With your consent (or where permitted by law), we may send you marketing emails, SMS, or push notifications. You can opt out at any time by:

Clicking the "unsubscribe" link in any marketing email.
Replying "STOP" to SMS messages.
Adjusting notification settings in your account.
Emailing privacy@runadsng.com.

Opting out of marketing does not affect transactional or service messages (e.g., OTPs, payout confirmations, security alerts) which are necessary for the Platform.

12. Automated Decision-Making and Profiling

We use automated systems to:

Detect fraudulent traffic, fake engagement, and bot activity.
Score campaign and creator quality.
Match Creators with Advertiser briefs.
Screen transactions for AML/fraud risk.

In some cases, automated decisions (e.g., rejecting a campaign submission flagged as fraudulent, withholding a payout) may significantly affect you. You have the right to:

Request human review of the decision.
Express your point of view.
Contest the decision.

Contact privacy@runadsng.com to exercise these rights.

13. Third-Party Services and Links

The Platform may contain links to or integrations with third-party services (e.g., TikTok, Instagram, YouTube, X, Facebook, Snapchat, payment processors, KYC providers). RunAds is not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

When you connect a third-party account, you authorize us to receive certain information from that service in accordance with that service's terms.

14. Children's Privacy

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn we have collected personal data from a child under 18, we will delete it promptly. If you believe we have collected data from a child, contact privacy@runadsng.com.

15. Account Closure and Deletion

You may close your account at any time via account settings or by contacting support@runadsng.com. Upon closure:

We will deactivate your profile and stop active processing.
We will retain certain data as required by law (KYC, tax, AML, dispute records) for the periods described in Section 7.
Aggregated or anonymized data may be retained indefinitely.
Outstanding obligations (unpaid payouts, refunds, disputes) will be resolved per the Terms of Service.

16. Specific Notes for Creators

Your public profile, niche, audience metrics, and portfolio may be visible to Advertisers and other Platform users.
Performance data from your social accounts (views, likes, comments, shares, watch time, demographics) is collected to verify campaign deliverables and calculate payouts.
Tax-related personal data (TIN, address) may be reported to Nigerian tax authorities (FIRS) where required by law.

17. Specific Notes for Advertisers

Authorized representatives' contact details are processed to administer your account.
Campaign performance data and aggregated audience insights are provided to help you measure ROI.
Billing and tax information (TIN, VAT, business registration) may be reported to tax authorities.
You are an independent controller of any personal data you upload (e.g., target audience lists) and must have a lawful basis for doing so.

18. Changes to This Privacy Policy

We may update this Policy from time to time. Material changes will be communicated via email, in-app notice, or prominent notice on the Platform at least 14 days before they take effect. The "Last Updated" date at the top reflects the latest revision. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.

19. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria, without regard to conflict-of-laws principles. Disputes shall be resolved exclusively in the courts of the Federal Capital Territory, Abuja, Nigeria, except where mandatory consumer protection or data protection laws of your country of residence grant you additional rights.

20. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or our data practices:

RunAds Technologies & Media Ltd 736 Daniel Gemana Cl, 7th Ave Gwarinpa, FCT Abuja, Nigeria General Support: support@runadsng.com Data Protection Officer: privacy@runadsng.com Phone: +234 704 111 0190

You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at https://ndpc.gov.ng, or with your local data protection supervisory authority.