Legal

Privacy Policy

Last updated: April 2026

1. Who we are

Tixy Labs Ltd ("Tixy Labs", "we", "our", "us") is a paid media consultancy registered in England and Wales. We operate as a data controller in respect of personal data collected through this website and through the delivery of our services.

For any data protection queries, contact us at: hello@tixylabs.co.uk

2. Data we collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number, and company name submitted via our contact form or email.
  • Usage data — pages visited, time on site, referring URLs, and browser/device information collected via analytics tools.
  • Client account data — advertising account identifiers, campaign data, ad creative references, audience configurations, and performance metrics (impressions, clicks, spend, conversions) shared with us in the course of a client engagement.
  • Third-party platform data — where explicitly authorised by clients, we access advertising data via platform APIs (Meta, TikTok, Google) solely for campaign management and reporting purposes. This includes campaigns, ad sets, ads, insights, and conversion data.

We apply data minimisation principles and collect only data that is necessary for the stated purpose. We do not collect personal or sensitive data (such as email addresses, phone numbers, physical addresses, gender, or demographic information) from end users of client campaigns without explicit consent.

3. How we use your data

We use personal data solely for the following purposes and will not process it for any other purpose without prior disclosure:

  • Responding to enquiries and booking consultation calls
  • Delivering paid media consultancy services to clients
  • Managing, optimising, and reporting on advertising campaigns on behalf of clients
  • Accessing and analysing advertising account data via authorised API connections (including Meta Marketing API and Google BigQuery integrations)
  • Generating performance reports and campaign analysis
  • Improving our website and understanding how visitors interact with it
  • Complying with legal and regulatory obligations

We do not use client advertising data for any purpose beyond the scope of the contracted engagement. We do not build, modify, or augment user profiles using device identifiers or tracking mechanisms without explicit consent. We do not sell, license, or transfer advertising data to third parties for their own commercial purposes.

4. Legal basis for processing

We process personal data under the following legal bases as defined by UK GDPR and applicable data protection law:

  • Contractual necessity — processing required to deliver services under a client agreement.
  • Legitimate interests — responding to enquiries, improving our services, and managing our business operations, where these interests are not overridden by your rights.
  • Consent — where you have explicitly agreed to a specific use of your data. Consent may be withdrawn at any time.
  • Legal obligation — where processing is required to comply with applicable law.

5. Meta platform data and API access

Tixy Labs uses the Meta Marketing API to access and manage client advertising accounts on Meta platforms (Facebook and Instagram). This access is granted exclusively by the account holder and is governed by Meta's Platform Terms and Meta's Developer Policies.

Through this API access we may read and manage the following data types: campaigns, ad sets, ads, ad insights (performance metrics), ad account configurations, and conversion event data.

Data use restrictions: Meta platform data is used solely for the purposes of managing and optimising the authorised client's advertising campaigns. It is not used for any other commercial purpose, not combined with data from other sources for profiling, and not shared with any third party except as required to deliver the contracted service.

Data segregation: Data from each client's advertising account is maintained separately and is never combined with or accessible to other clients.

Custom audiences: Where custom or lookalike audiences are created on behalf of clients, Tixy Labs operates on the basis that the client has obtained all necessary consents from end users for the use of their data in audience-building tools, in accordance with Meta's policies and applicable law. Tixy Labs will not create audiences using data for which consent has not been confirmed by the client.

AI-generated content: Where AI tools are used to assist in ad creative or copy generation, this will be disclosed to the client. Any such content is subject to review and approval before publication.

Data source declaration: Tixy Labs declares the source of all data used in client campaigns, including for remarketing and cross-platform tracking, in accordance with Meta's 2026 compliance requirements.

Revoking access: Clients may revoke Tixy Labs' access to their Meta advertising accounts at any time via Meta Business Manager → Settings → Partners. Upon termination of engagement, all API access credentials relating to the client account will be revoked or deauthorised.

6. Other third-party platforms and integrations

In addition to Meta, we may connect to the following platforms on behalf of clients:

  • TikTok — via the TikTok Ads API, to manage campaigns and access performance reporting.
  • Google Ads — to manage search and display campaigns and access performance data.
  • Google BigQuery / Google Cloud Platform — for aggregated storage and analysis of advertising performance data. Data is processed under Google's Data Processing Terms.

All platform connections are established only with explicit written authorisation from the client. Data accessed via these integrations is used solely for delivering contracted services.

7. Data sharing

We do not sell, rent, or trade personal data. We may share data only in the following circumstances:

  • Service providers — including Google Cloud Platform for data storage and analysis, under appropriate data processing agreements.
  • Advertising platforms — only as required to manage your campaigns (Meta, TikTok, Google), under your authorisation.
  • Legal authorities — where required by law or to protect our legal rights.
  • Meta — in the event of a security incident, we will notify Meta promptly via their incident reporting process and cooperate with any investigation or audit.

8. Data security

We maintain administrative, physical, and technical safeguards that meet or exceed industry standards to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include access controls, encrypted storage, and secure API credential management.

In the event of a data breach or unauthorised access to platform data, we will take immediate corrective action, notify affected parties as required by law, and report the incident to Meta and any other relevant platform through their respective incident reporting channels.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Client advertising data is retained for the duration of the engagement and for up to 12 months thereafter, unless a different period is agreed in writing or deletion is requested earlier.

Platform data obtained via Meta APIs will be deleted when it is no longer needed for the contracted purpose, when the client engagement ends, or upon written request — whichever comes first. We will not retain Meta platform data beyond what is permitted under Meta's Platform Terms.

10. Your rights and data deletion

Under UK GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data — you may request erasure of your personal data at any time where there is no lawful basis to retain it
  • Object to or restrict certain processing activities
  • Data portability where applicable
  • Withdraw consent at any time where consent is the legal basis

To request deletion or exercise any of your rights, contact us at hello@tixylabs.co.uk. We will respond within 30 days. This right is available to all users and clients who interact with Tixy Labs.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

11. International compliance

This policy is designed to comply with applicable privacy laws including but not limited to:

  • UK GDPR and the Data Protection Act 2018
  • EU General Data Protection Regulation (GDPR)
  • ePrivacy Directive
  • California Consumer Privacy Act (CCPA/CPRA)
  • Other applicable US state privacy laws (Virginia CDPA, Colorado CPA, Connecticut CTDPA)
  • Children's Online Privacy Protection Act (COPPA) — we do not knowingly collect data from persons under 13

12. Cookies

This website may use cookies and similar technologies to understand how visitors use the site. These are used for analytics purposes only and do not track you across third-party websites. You can disable cookies in your browser settings at any time.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or applicable law. The most current version will always be available at this URL. All previous versions are retained and available upon request. Continued use of our services following any material changes constitutes acceptance of the updated policy.

This policy does not replace, modify, or conflict with Meta's Platform Terms, Meta's Developer Policies, or any other applicable platform policies.