We are pleased that you are visiting our website at www.adup.io and AI Agent TARA our Software as a Service (“SaaS”) Solution. Data protection and data security when using our website and SaaS are very important to us. We would therefore like to inform you which of your personal data we collect when you visit our website and use AI Agent TARA and for what purposes it is used.
WHO IS RESPONSIBLE?
The person responsible in the sense of the Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening gegevensbescherming) (“UAVG”) and the EU’s General Data Protection Regulation (“GDPR”) is AdUp, Joan Muyskenweg 30, 1115 RC, Amsterdam, Netherlands (“AdUp”, “we”, “us”, “our”). If you have any questions about this policy or our data protection practices, please contact us using support@adup.io.
PRINCIPLES OF DATA PROCESSING
Personal data
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior.
Processing
The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis.
Legal basis
In accordance with the UAVG and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: i) you have given your consent, ii) the data is necessary for the fulfillment of a contract / pre-contractual measures, iii) the data is necessary for the fulfillment of a legal obligation, or iv) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Retention
Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
DATA WE COLLECT
Provision and use of the website
When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii) name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.
Hosting
We use the hosting services of AWS (Amazon), DigitalOcean, and Google Cloud Platform. These services are hosted on European servers, and all data collected is processed on these servers in Europe. The legal basis for processing is our legitimate interest.
Data management and customer support
For optimal customer support, we use first name, last name, email address, and the data related to your contract with us. Your data may be stored on our website and/or our customer relationship management system ("CRM system") provided by Zoho. We use our own backend system for our SaaS. This data processing is based on our legitimate interest in providing our customer service.
Google Fonts
We use Google Fonts from Google on our website to display external fonts. To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is called up. Through the connection to Google, which is established when our website is called up, Google can determine from which website your request originates and to which IP address the display of the font should be transmitted. This constitutes a legitimate interest.
Cookies
We use cookies on our website to ensure functionality and enhance your experience. These small files, stored on your device, can be either Essential (necessary for the site to work) or Non-essential (used for analytics or advertising). We require your consent for Non-essential Cookies, as perthe Dutch Telecommunications Act (Wet van 4 februari 2015 tot wijziging van de Telecommunicatiewet) (“TA”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent tool to obtain and document your consent for cookie storage. When you visit, we collect your consent status, IP address, browser and device information, and time of visit. This processing is based on our legitimate interest.
Economic analyses and market research
For business and market research, we analyze internal data (transactions, contracts, Browse behavior) to improve our services. These analyses are for our internal use only, are anonymized, and are not disclosed externally. We use Google Analytics for this purpose, based on our legitimate interest and your consent. More details can be found in our Cookie Policy.
Contacting Us
We offer you the opportunity to contact us using various methods. We collect the data you submit such as your name, email address, telephone number and your message in order to process your enquiry and respond to you. The legal basis is both your consent and contract.
Contractual Services
We process the Personal Data involved when you enter into a contract with us in order to be able to provide our contractual services. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations.
Your end users and your AdUp AI Agent TARA
When you use our AdUp AI Agent TARA in your shop, we process your end users' personal data (like name, contact info, addresses, device info, and order history) to provide services such as transaction processing and personalized recommendations. The specific data depends on your configuration. We act as your Data Processor under UAVG and GDPR, meaning you control how this data is used. The legal basis for this processing is our contractual service.
Our AdUp AI Agent TARA
We process the Personal Data involved in your use of our AI Agent TARA Services (“Service Data”) to provide our services, acknowledging your full ownership and control, including access, sharing via integrations, export, and deletion. As your Data Processor, we handle this data strictly according to your instructions. Employee access is restricted to a need-to-know basis, and all Service Data is stored on AWS, Digital Ocean, and Google Cloud Platform servers in Europe, secured with appropriate legal and technical measures.
We store data we collect in European data servers. We only collect data on behalf of our clients, and when they give consent. With their consent we can make deeper analyses into their data.
Our AI Agent TARA integrates with:
● Ecommerce Platforms: Shopify, WooCommerce (Automattic)
● Analytics: Google Analytics 4 (GA4), Google Search Console (GSC)
● Advertising: Facebook Ads, TikTok Ads, LinkedIn Ads
● Customer Support: Intercom
● Payments: Stripe
● Custom Tracking: Our proprietary tracking system
Use of Google User Data
AdUp uses Google APIs to access and process your data within our services, including AI Agent TARA, only with your explicit consent. This access is limited to necessary scopes like Google Analytics and Google Ads.
We only use this data to provide and improve features visible in our user interface. This includes generating analytics reports, offering recommendations based on Google Analytics, and syncing campaign performance from Google Ads. We do not use your Google user data for personalized advertising, advertising outside our services, or building user profiles for resale.
All Google user data is stored securely on AWS servers in Frankfurt, Germany, and is encrypted both in transit and at rest. Access is strictly limited to authorized personnel on a need-to-know basis. No human has access unless you give explicit permission, it's for security, or legally required.
We do not sell Google user data. Data may only be shared with subprocessors who assist us and are bound by data protection agreements, or if legally required or with your explicit consent for a specific case.
We retain Google user data only as long as necessary for the outlined purposes. You can request access, export, or deletion at any time by contacting support@adup.io. Data unrelated to your direct use of our services is not retained and is securely deleted when no longer needed.
Our use of Google user data strictly adheres to Google’s API Services User Data Policy, including its Limited Use requirements. We regularly review our practices to ensure full compliance.
Artificial Intelligence Act Compliance
In accordance with the Artificial Intelligence Act ("EU AI Act") and The White House Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, we have taken the following steps: (i) assessed the risks associated with our AI Agent TARA (Limited risk), (ii) raise awareness (our policies, this statement and the use of AI Tools are clearly described on our website), (iii) designed our AI Agent TARA on ethical principles, (iv) assigned responsibility over AdUp AI Agent TARA to our CEO, (v) continue to develop AdUp AI Agent TARA and keep it up-to-date, and (vi) established formal governance.
Support ticket
When you create a support ticket, we request personal and non-personal data (like your name, email, and order details) to process and handle your inquiry. This data is not shared with third parties. Our employees may access data you share for technical support or import purposes, with strict privacy and security guidelines in place. The legal basis for this processing is our contractual obligation and/or our legitimate interest.
Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
Payment Data
If you make a purchase your payment will be processed via our payment service provider Mollie or Stripe. Payment data will solely be processed through Mollie or Stripe, and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.
Promotional use of your data
We use your data within the legally permissible scope for marketing purposes, e.g., to draw your attention to special promotions and discount offers. In addition, we may draw your attention to comparable offers by email, e.g., we may inform you about exclusive sales, promotions, or special events. The legal basis for processing is our legitimate interest.
DATA SECURITY
We protect your Personal Data and Service Data confidentially using extensive, regularly updated technical and organizational security measures, including encryption (SSL/TLS). However, due to internet structure, we cannot guarantee against actions outside our control; users are responsible for protecting their own data.
MARKETING
We may contact you for marketing and advertising purposes, via consented communication channels, based on your explicit or implied consent (from interactions or contractual relationships). Marketing is typically by email, but may use other channels, managed by us or service providers. All direct marketing includes an opt-out option.
ADVERTISING
We use third-party tools and cookies to show you relevant advertising outside our website. These tools collect information about your website activities (e.g., products viewed, pages visited), allowing us to tailor ads to your interests and optimize their relevance. Your browser connects to the tool provider's server, which may process data like IP address, browser info, pixel data, and visit details (e.g., orders, clicks). The legal bases for this processing are our legitimate interest and, for cookies, your consent. More information is in our Cookie Policy.
SOCIAL MEDIA
We maintain a social media presence based on our legitimate interest. If you interact with us on these platforms, we and the social media platform are jointly responsible for processing your data (e.g., messages, comments, publicly viewable profile details). This data is used to handle your requests and for market research and advertising (e.g., creating usage profiles for tailored ads). The legal basis for this processing is typically our legitimate interest and your consent, with further details on advertising in our Cookie Policy. Your public profile data processed depends on your own social media privacy settings.
INTERNATIONAL TRANSFERS
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.
SHARING YOUR PERSONAL DATA
We may share your Personal Data with Business Partners to provide or customize services, but only with those who agree to protect and use the data solely for our specified purposes. We may also disclose data with your consent, for legal or fraud prevention purposes, or to protect our legitimate business interests. Otherwise, your Personal Data will not be disclosed without prior notice.
WHAT WE DO NOT DO
● We do not request Personal Data from minors and children;
● We do not use Automated decision-making including profiling; and
● We do not sell your Personal Data.
PRIVACY RIGHTS
Under the UAVG and the GDPR, you can exercise the following rights:
● Right to information
● Right to rectification
● Right to deletion
● Right to data portability
● Right of objection
● Right to withdraw consent
● Right to complain to a supervisory authority
● Right not to be subject to a decision based solely on automated processing.
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
UPDATING YOUR INFORMATION AND WITHDRAWING YOUR CONSENT
We will assist you if you believe your information is inaccurate or if you wish to rectify, delete, object to its processing, or withdraw consent. Please contact us for such requests.
ACCESS REQUEST
If you wish to make a Data Subject Access Request, please inform us in writing. We will respond to requests for access and correction as soon as reasonably possible. If we cannot respond within thirty (30) days, we will inform you of the delay and the reason. If we are unable to provide data or make a requested correction, we will explain why.
COMPLAINT TO A SUPERVISORY AUTHORITY
You have the right to complain about our data processing to a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl). We would appreciate the chance to address your concerns first.
HELP AND COMPLAINTS
If you have any questions about this policy or the information we hold about you, please contact us at support@adup.io and we will do our best to address your concerns.
CHANGES
The first version of this policy was issued on Wednesday, 4th June, 2025, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.