Privacy Policy

Last updated: April 2026

Mata Digital S.A. de C.V. ("Agenc-ia.digital"), based in Mexico City, Mexico, is responsible for the use and protection of your personal data, as described below.

1. Data We Collect

To provide the services described in this Privacy Policy, we process the following personal data:

  • Identification data (full name).
  • Contact data (email address, mailing address, phone number).
  • Business data (company name, RFC tax ID).
  • Authentication data (hashed passwords, session tokens).
  • Transactional data (validation history, invoices, usage logs).
  • Financial data (payment information processed by third parties such as Stripe).

2. Purposes of Processing

We use your personal data solely for the following purposes, which are necessary to deliver the services you requested:

  • Providing electronic invoicing (CFDI) and ad-spend synchronization services.
  • Validating Mexican fiscal documents and SAT watchlist verification (EFOS/EDOS).
  • Managing your account and subscription on our platform.
  • Billing for our services.
  • Customer support and technical assistance.

3. Third-Party Services

Your data may be shared with or processed by the following service providers solely to operate the platform:

  • Stripe: Payment processing.
  • Facturapi / SW Sapien (PAC): CFDI invoice stamping and validation.
  • Google Ads / Meta Ads: Ad campaign data synchronization (with your explicit OAuth authorization).
  • SendGrid: Transactional email delivery.
  • Google Cloud / Vercel / Neon: Infrastructure, hosting, and database services.

4. Use of Google Ads API Data (Google API Services User Data Policy)

Our platform integrates with the Google Ads API to provide advertising analytics and reporting services to digital marketing agencies. Our use of data obtained through Google APIs complies with the Google API Services User Data Policy, including its Limited Use requirements.

4.1 Data We Access

When you authorize a Google Ads connection via OAuth 2.0, we access:

  • Advertising account information (account name, Customer ID, MCC hierarchy).
  • Campaign performance metrics (impressions, clicks, conversions, spend).
  • Campaign configuration data (name, status, budget).
  • Ad group and keyword data associated with your campaigns.

4.2 How We Use Google Ads Data

Data obtained from Google Ads is used exclusively to:

  • Display advertising performance dashboards within our platform.
  • Calculate ROAS metrics and detect performance anomalies.
  • Generate billing reports based on actual ad spend.
  • Deliver automated alerts about significant performance changes.

4.3 Storage and Security of Google Data

  • OAuth tokens are stored encrypted with Fernet (AES-128-CBC) in our database.
  • Metric data is stored in PostgreSQL databases protected by encryption at rest and in transit (TLS 1.3).
  • Access to data is restricted to authorized technical personnel and is regularly audited.
  • Campaign data is retained only while the user account is active.

4.4 Limited Use Disclosure

Agenc-ia.digital's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We do not sell Google Ads data to third parties.
  • We do not use Google Ads data for advertising or to serve ads.
  • We do not share Google Ads data with third parties except as necessary to provide the service, comply with applicable law, or as part of a merger or acquisition with prior user consent.
  • We do not allow humans to read Google Ads data except with your explicit consent, for security purposes, to comply with applicable law, or for internal aggregated and anonymized analysis.

4.5 Revoking Access

You may revoke Agenc-ia.digital's access to your Google Ads data at any time:

  • From your account settings on our platform (disconnect the Google Ads integration).
  • From your Google account at myaccount.google.com/permissions.
  • Upon revocation, we will stop syncing data and delete stored authentication tokens.

5. Data Retention

  • Invoice and validation history: retained for a minimum of 12 months or as required by Mexican tax law (up to 5 years).
  • Payment records: retained for 7 years for accounting compliance.
  • Temporary cache: volatile data is deleted within 24 hours.

6. Security Measures

We implement administrative, technical, and physical security measures, including:

  • TLS 1.3 encryption in transit.
  • Password hashing with bcrypt.
  • Encrypted database backups and storage.
  • DDoS protection and web application firewalls.

7. Your Rights

You have the right to access, correct, delete, or object to the processing of your personal data. To exercise any of these rights, please contact us at:

contacto@academ-ia.digital

8. Changes to This Policy

We may update this Privacy Policy to reflect legal requirements, product changes, or business needs. We will notify you of material changes through our website.

9. Contact

If you have any questions about this Privacy Policy, please contact us at:
Email: contacto@academ-ia.digital
Address: Mexico City, Mexico.