Privacy Policy

Nexcomet ("we," "our," or "us") is operated by Nexcomet (nexcomet.com), a technology company based in Paris, France. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-channel advertising analytics platform (the "Service").

By accessing or using Nexcomet, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately.

This policy complies with the General Data Protection Regulation (GDPR), applicable Moroccan data protection law (Law No. 09-08), and TikTok's and Snapchat's platform data policies.

We collect the following categories of data:

We use collected data for the following purposes:

• Service delivery: Authenticating your session, syncing your ad campaign data, and rendering your analytics dashboard.
• OAuth token management: Storing, refreshing, and revoking access tokens to maintain uninterrupted API access.
• Account management: Processing your subscription, sending invoices, and notifying you of plan changes.
• Service communications: Sending transactional emails (password resets, sync alerts, security notifications). We do not send marketing emails without explicit consent.
• Security and fraud prevention: Detecting unauthorized access, monitoring for API abuse, and enforcing our Terms of Service.
• Product improvement: Analyzing aggregated, anonymized usage patterns to improve Nexcomet's features and performance.

We do not sell, rent, or trade your personal data or advertising data to any third party.

Nexcomet integrates with advertising platforms via OAuth 2.0, an industry-standard authorization protocol. When you connect an ad account:

• You are redirected to the third-party platform's authorization page (hosted by TikTok or Snapchat, not Nexcomet).
• You explicitly grant Nexcomet permission to access specific scopes of your ad account data.
• The platform returns an access token and refresh token to Nexcomet, which we store encrypted.
• You may revoke Nexcomet's access at any time through your ad platform's account settings.

Nexcomet accesses ad platform APIs in read-only mode. We do not create, modify, pause, or delete any campaigns, ad groups, or creatives on your behalf.

When you connect a TikTok Ads account, Nexcomet accesses data under the TikTok Marketing API in accordance with TikTok's Developer Terms of Service and Data Use Policy.

Specifically, Nexcomet requests the following TikTok API scopes:

• campaign.read — to sync campaign metadata and settings
• adgroup.read — to sync ad group configurations
• ad.read — to sync individual ad creatives and status
• report.read — to pull performance metrics (spend, impressions, clicks, conversions, CPA)

TikTok Ads data is stored exclusively on Nexcomet's servers and is never shared with other Nexcomet users or third parties. Data retention periods are defined by your subscription plan. You may request deletion at any time.

When you connect a Snapchat Ads account, Nexcomet accesses data under the Snapchat Marketing API in accordance with Snap Inc.'s Developer Terms and Advertising Policy.

Nexcomet requests the following Snapchat API permissions:

• Campaign, ad squad, and ad read access to sync hierarchy data
• Reporting read access to pull spend, impressions, swipe-ups, and conversion metrics

Snapchat data is handled under the same security, retention, and deletion policies as TikTok data described in this policy.

We retain your data for the following periods:

• Account data: Retained for the duration of your account and 30 days after account deletion, then permanently purged.
• Campaign performance data: Retained per your plan (Free: 7 days, Pro: 90 days, Enterprise: unlimited). After expiry, historical data is permanently deleted.
• OAuth tokens: Retained until you disconnect the platform or delete your account, then permanently deleted.
• Log and usage data: Retained for 12 months for security purposes, then automatically purged.

If you are located in the European Economic Area or a jurisdiction with similar data protection laws, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to our processing of your personal data.
• Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, email us at admin@nexcomet.com. We will respond within 30 days.

We implement industry-standard security measures to protect your data:

• All data in transit is encrypted using TLS 1.3.
• OAuth tokens and sensitive credentials are encrypted at rest using AES-256 encryption.
• Access to production systems is restricted to authorized personnel only, with multi-factor authentication enforced.
• We conduct regular security audits and vulnerability assessments.
• In the event of a data breach, we will notify affected users within 72 hours as required by GDPR Article 33.

Nexcomet uses strictly necessary cookies to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies (such as Google Analytics) without explicit consent.

You may disable cookies in your browser settings, but doing so will prevent you from logging in to Nexcomet.

Nexcomet uses the following third-party services that may process data on our behalf:

• Payment processing: We use a PCI DSS-compliant payment processor to handle subscription billing. We do not store credit card numbers on our servers.
• Infrastructure: Our servers are hosted with reputable cloud providers that maintain SOC 2 Type II certifications.
• Workflow automation: We use n8n for scheduled data sync jobs. n8n processes only the API data required for campaign syncing.

Nexcomet is based in Paris, France. If you are located outsideParis, France, your data may be transferred to and processed inParis, France and other countries where our infrastructure partners operate. We ensure that such transfers comply with applicable data protection laws through appropriate safeguards.

Nexcomet is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a child under 18, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before the changes take effect. Continued use of Nexcomet after the effective date constitutes acceptance of the revised policy.

For privacy-related inquiries, data subject requests, or to report a concern, please contact: