Legal
Privacy Policy
Effective date: June 15, 2026
NABL (“NABL,” “we,” “us,” or “our”) operates an internal agency platform that automates marketing operations for advertising agencies and their clients. This Privacy Policy explains how we handle data in connection with our platform and this website (nabl.ai). Because NABL processes data exclusively on behalf of agencies under existing service agreements, most data we handle is business-to-business in nature and governed by those agreements.
1.Who This Policy Covers
This policy applies to:
- Agency users — employees or contractors of advertising agencies who access the NABL platform.
- Website visitors — anyone who browses nabl.ai.
End consumers whose data may be processed as part of advertising attribution (e.g., leads captured via client CRMs) are governed by the privacy policies of the relevant agency and ad platform, and by the service agreements between NABL and those agencies.
2.Information We Collect
2.1 Information you provide directly
- Account information: name, email address, and company name when you sign up or request access.
- Communications: any messages you send to us via email or contact forms.
- Waitlist / beta sign-up: email and optional details submitted through our onboarding form.
2.2 OAuth credentials & platform connections
When an agency connects client ad accounts, NABL receives OAuth access tokens for Google Ads, Meta Ads (Facebook/Instagram), GoHighLevel CRM, and linked analytics platforms. These tokens are stored encrypted and used solely to perform authorized operations (read campaign data, upload offline conversion events) on behalf of the agency. We do not store platform passwords.
2.3 Attribution & conversion data
To enable accurate ROAS measurement, NABL receives CRM lead webhook payloads containing:
- Ad platform click IDs (e.g.,
gclid,fbclid) - UTM parameters and campaign metadata
- Keyword and audience signals associated with the originating ad click
- Lead status or disposition updates from the CRM
This data is processed for the sole purpose of uploading offline conversion events back to the originating ad platform account. It is not used for any other purpose, and it is not sold or shared with third parties.
2.4 Automatically collected data
- Log data: IP address, browser type, pages visited, and referring URL when you access our website or platform.
- Cookies: session cookies for authentication and minimal analytics cookies to understand aggregate website usage. No cross-site advertising cookies are used.
3.How We Use Information
We use information to:
- Authenticate agency users and maintain secure platform sessions.
- Connect to client ad accounts via OAuth and execute authorized API operations.
- Receive, process, and upload offline conversion events to Google Ads and Meta Ads on behalf of agency clients.
- Provide customer support and respond to inquiries.
- Send product updates, security notices, and operational communications to account holders.
- Improve platform reliability, diagnose errors, and monitor system performance.
- Comply with applicable laws and our obligations under platform developer policies.
We do not use client attribution data for our own advertising, profiling, or any purpose outside the explicit scope of the agency service agreement.
4.Meta Marketing API
NABL uses the Meta Marketing API to upload offline conversion events — specifically, leads captured through agency client CRM systems — back to Meta ad accounts managed by the agency. This enables conversion optimization and accurate attribution for paid social campaigns.
Our use of the Meta Marketing API is limited to:
- Uploading offline event data (conversions) to ad accounts the agency has explicitly authorized.
- Reading campaign-level metadata necessary to match conversions to the correct ad set or campaign.
We comply with Meta’s Platform Terms and Privacy Policy. Data obtained via Meta APIs is not used for any purpose not disclosed in those terms or this policy.
5.Data Sharing & Disclosure
We do not sell, rent, or trade any data. We may share data only in the following limited circumstances:
- Ad platforms: Offline conversion events are uploaded to Google Ads or Meta Ads accounts as instructed by the agency — this is the core function of the platform.
- Service providers: Infrastructure providers (cloud hosting, database services) that process data on our behalf under confidentiality agreements and appropriate data processing terms.
- Legal obligations: If required by law, court order, or to protect the rights, property, or safety of NABL, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of that transaction, subject to the same privacy protections.
6.Data Retention
We retain account and platform data for as long as the agency account is active or as needed to provide services. Attribution and conversion data is retained only long enough to confirm successful upload to the ad platform, after which it is purged according to our standard data lifecycle policy. OAuth tokens are revoked and deleted when an agency disconnects an account.
You may request deletion of your account and associated data at any time by contacting us at ryan@nabl.ai.
7.Security
We implement industry-standard security measures including encryption at rest and in transit (TLS), access controls, and regular security reviews. OAuth tokens are stored encrypted. No security measure is perfect, however, and we encourage users to use strong passwords and report any suspected security issues to ryan@nabl.ai.
8.Your Rights
Depending on your location, you may have the right to access, correct, or delete personal information we hold about you, object to certain processing, or request data portability. To exercise any of these rights, contact us at ryan@nabl.ai. We will respond within 30 days.
9.Children's Privacy
NABL is a business-to-business platform and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors.
10.Changes to This Policy
We may update this Privacy Policy from time to time. We will notify active agency users of material changes via email. The “Effective date” at the top of this page reflects the date of the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.
11.Contact
Questions or concerns about this Privacy Policy should be directed to:
NABL
Email: ryan@nabl.ai
Last updated June 15, 2026
View Terms of Use →