Privacy Policy

Last updated: March 12, 2026

1. Introduction

Bamzal Ltd. ("Bamzal," "we," "us," or "our") operates the Bamzal platform, a Shopify embedded application available at bamzal.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information from Shopify

When you install our Shopify app, we access the following data from your Shopify store through the Shopify API:

• Product Data: Product titles, descriptions, prices, images, categories, and inventory status. We use this data to perform competitive analysis and generate ad copy.
• Store Information: Store name, domain, and Shopify plan. We use this to identify your store and tailor our service.
• Merchant Account Information: Your email address and name as provided by Shopify during app installation. We use this for account management and communication.

We do not access or collect: customer personal data, payment card information, order details, customer browsing behavior, or any data about your store's visitors or buyers.

2.2 Information from Connected Ad Networks (Google Ads, Meta, TikTok, Pinterest)

When you connect your Google Ads, Meta (Facebook & Instagram), TikTok Ads or Pinterest Ads account via each platform's official OAuth 2.0 flow, we access:

• Campaign Data: Campaign names, status, budgets, bidding strategies, ad groups/ad sets, keywords, audiences, and ad copy/creatives for campaigns we create or manage on your behalf on Google Ads, Meta, TikTok and Pinterest.
• Performance Metrics: Impressions, clicks, conversions, cost, and ROAS data for campaigns created through our platform on each connected network.
• Account Structure: Ad account IDs and linked account hierarchy on Google Ads, Meta Business, TikTok Business Center and Pinterest Business.

We access Google Ads, Meta, TikTok and Pinterest data only when you actively use the app and only for the purpose of creating, managing, and reporting on advertising campaigns you have authorized. We do not access your ad-network data in the background or for any purpose other than providing our Service.

2.3 Information You Provide Directly

• Contact Information: Email address, name, and phone number when you contact us for support.
• Preferences: Campaign preferences, budget settings, and keyword selections you make within the app.

2.4 Automatically Collected Information

• Usage Data: Pages visited within the app, features used, and interaction patterns to improve our Service.
• Technical Data: Browser type, IP address, device type, and operating system for security and debugging purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and maintain our Service, including product scanning, competitor analysis, and campaign creation
• To generate AI-powered ad copy, keywords, and strategic recommendations based on your product and competitive data
• To create and manage campaigns across Google Ads, Meta (Facebook & Instagram), TikTok Ads, Pinterest Ads and X Ads in your connected ad accounts upon your explicit approval
• To display campaign performance metrics and reporting within the app
• To communicate with you about your account, respond to support requests, and send service-related notifications
• To improve, personalize, and expand our Service
• To monitor and analyze usage patterns for product development
• To detect, prevent, and address technical issues and security threats

4. Google API Services User Data Policy

Bamzal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google Ads data (and equivalently, Meta, TikTok and Pinterest ad-network data) to provide and improve our multi-channel campaign management features
• We do not sell Google Ads, Meta, TikTok or Pinterest data to third parties
• We do not use Google Ads, Meta, TikTok or Pinterest data for advertising purposes unrelated to our Service
• We do not use Google Ads, Meta, TikTok or Pinterest data for any purpose other than providing our core campaign management features
• All Google Ads, Meta, TikTok and Pinterest data access is limited to what is necessary for the specific features the merchant has authorized

5. Data Sharing and Disclosure

We do not sell, trade, rent, or otherwise share your personal information or business data with third parties for their marketing purposes. We may share data only in the following limited circumstances:

• AI Processing (Anthropic): Product descriptions and competitive data are sent to Anthropic's Claude AI API for ad copy generation. Anthropic processes this data according to their data processing agreement and does not retain or use this data for model training.
• Search Data Providers: Product names and categories are sent to search data providers (Serper.dev, SerpAPI) to obtain competitor and ranking information. These queries contain no personally identifiable information.
• Google Ads API: Campaign data, ad copy, keywords, and budgets are sent to Google Ads to create and manage campaigns in your account, at your explicit direction.
• Meta Marketing API (Facebook & Instagram): Campaign data, ad creatives, audiences, and budgets are sent to Meta to create and manage Facebook and Instagram campaigns in your ad account, at your explicit direction. Bamzal acts as a Tech Provider on behalf of business clients who authorize access via Facebook Login for Business.
• TikTok Marketing API: Campaign data, creatives, and budgets are sent to TikTok to create and manage campaigns in your TikTok Ads account, at your explicit direction.
• Pinterest Ads API: Campaign data, pins, and budgets are sent to Pinterest to create and manage campaigns in your Pinterest Ads account, at your explicit direction.
• Infrastructure Providers: We use Supabase (database hosting), Upstash (Redis caching), and Sentry (error monitoring) as infrastructure providers. These providers process data on our behalf under strict data processing agreements.
• Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser, our servers, and third-party APIs uses HTTPS with TLS 1.2 or higher encryption.
• Encryption at Rest: Database storage on Supabase (PostgreSQL) uses encryption at rest.
• Authentication: OAuth 2.0 for Google Ads, Meta (Facebook Login for Business), TikTok and Pinterest API access. Shopify session tokens for app authentication. We never store Google, Meta, TikTok or Pinterest passwords.
• Access Controls: Rate limiting on all API endpoints. Role-based access to internal systems.
• Monitoring: Real-time error monitoring via Sentry. Automated CI/CD pipeline for secure deployments.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable measures to protect your data.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide our Service. Specifically:

• Product and Campaign Data: Retained while your app is installed. Deleted within 30 days of app uninstallation.
• Ad-Network Data (Google Ads, Meta, TikTok, Pinterest): Access is revoked immediately when you disconnect the corresponding ad account or uninstall the app. Cached performance data is deleted within 30 days.
• Account Information: Retained for up to 12 months after account deletion for legal and compliance purposes, then permanently deleted.
• Support Communications: Retained for up to 24 months for quality assurance and dispute resolution.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can request that we correct inaccurate or incomplete data.
• Deletion: You can request that we delete your personal data. Note that this may require uninstalling the app.
• Portability: You can request your data in a structured, machine-readable format.
• Objection: You can object to certain types of data processing.
• Restriction: You can request that we restrict the processing of your data.
• Withdraw Consent: You can disconnect your Google Ads, Meta, TikTok or Pinterest account, or uninstall the Shopify app, at any time to revoke data access.

To exercise any of these rights, please contact us at legal@bamzal.com. We will respond to your request within 30 days.

9. Ad-Network Account Disconnection (Google, Meta, TikTok, Pinterest)

You can disconnect your Google Ads, Meta (Facebook & Instagram), TikTok Ads or Pinterest Ads account from Bamzal at any time through the app settings, or by revoking access directly from each platform (Google Account permissions, Meta Business Integrations, TikTok authorized apps, Pinterest connected apps). Upon disconnection:

• All API access to the corresponding ad account (Google Ads, Meta, TikTok or Pinterest) is immediately revoked
• Campaigns previously created remain in your Google Ads, Meta, TikTok or Pinterest account under your control
• Cached Google Ads, Meta, TikTok and Pinterest data in our system is deleted within 30 days
• No further Google Ads, Meta, TikTok or Pinterest data will be accessed or collected

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place when transferring data internationally, in compliance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: legal@bamzal.com
• Mail: Bamzal Ltd., Nahal Besor 10/7, Beit Shemesh, Israel
• Phone: +972-58-486-9778