Skip to content
Legal

Product Disclosures

This document provides transparency regarding how Adscod processes, stores, and protects data in the delivery of its products and services.

Effective Date: March 28, 2026

These disclosures supplement the Customer Terms of Service and Privacy Policy.

1. Overview

Adscod is committed to transparency and responsible data handling. This document discloses key aspects of how our platform operates, including data hosting, sub-processor usage, security, AI features, and compliance frameworks.

These disclosures apply to all users of the Adscod platform.

2. Data Hosting and Infrastructure

  • Customer Data is hosted on secure cloud infrastructure with data centers in Europe (primary) and Africa (secondary/CDN).
  • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Redundant backups are performed daily with a standard 30-day retention period.
  • Adscod utilizes infrastructure providers that maintain security practices in compliance with applicable data privacy laws, including the Data Protection and Privacy Act of Uganda, and relevant regional standards.

3. Sub-Processors

Adscod engages the following categories of sub-processors in the delivery of its services:

CategoryPurposeLocation
Cloud InfrastructureData hosting and computeEU / Africa
Payment ProcessingTransaction processing, wallet operations, mobile money and card payments, and payouts (Flutterwave)Africa / Global
Email DeliveryTransactional and marketing emailEU / US
AnalyticsUsage analytics and performance monitoringEU
CDNContent delivery and media optimizationGlobal
Customer SupportTicketing and live chatAfrica / EU

A detailed sub-processor list is available upon request by contacting dpo@adscod.com. Customers will be notified of material changes to sub-processors in accordance with the Data Processing Agreement.

4. Security Measures

  • Role-based access control (RBAC) across all internal systems.
  • Multi-factor authentication (MFA) for all administrative access.
  • Regular vulnerability assessments and penetration testing.
  • Incident response procedures with documented escalation paths.
  • Employee security training conducted at onboarding and annually thereafter.
  • Automated monitoring and alerting for anomalous activity.
  • Automated fraud detection system with six check types: account age/follower ratio analysis, follower velocity monitoring, conversion anomaly detection, follower legitimacy scoring, click burst detection, and social follower inflation analysis.
  • Conversion tracking pixel (adc_px) secured with domain allowlisting and rate-limited event ingestion to prevent attribution fraud.
  • Wallet operations secured with PIN verification (4–6 digits, bcrypt-hashed), atomic transactions, and immutable ledger entries.
  • Payment webhook signature verification (HMAC) with replay-attack prevention (5-minute timestamp window) and idempotent payment processing.

5. Data Retention

  • Customer Data is retained for the duration of the active account period plus a 30-day grace period for data retrieval upon closure.
  • After the retention period, data is permanently and irreversibly deleted.
  • Anonymized and aggregated data may be retained indefinitely for statistical, diagnostic, and platform improvement purposes.
  • Financial records, including wallet ledger entries and platform revenue records, are retained as required by applicable financial regulation.
  • Legal hold requests will be honored in accordance with applicable law.

6. AI and Machine Learning

  • Adscod uses The Eye, our automated matching and fraud-detection engine, to enhance the Platform, including: auto-matching of Brand campaigns to eligible Creators and Publishers (based on targeting criteria, bid, and performance signals); fraud screening of every click before billing or crediting (six automated check types with adaptive thresholds, covering account age/follower ratio analysis, follower velocity monitoring, conversion anomaly detection, follower legitimacy scoring, click burst detection, and social follower inflation analysis); internal fraud-risk scoring used to flag and block bad actors; and feed personalization.
  • The Eye's models are trained on aggregated and anonymized data. Individual Customer Data is not used to train models accessible to other customers.
  • Matching outputs include a calculated match score (0–100%) shown to both Brands and Creators. Match scores are generated algorithmically and do not constitute guarantees of campaign performance.
  • Customers may opt out of certain AI-powered features through their account settings. Creators may not opt out of The Eye's matching as it is a core platform function, but may request correction of inaccurate data underpinning their match signals.
  • Adscod does not use AI for automated decision-making that has legal or similarly significant effects without human oversight.

7. Third-Party Integrations

  • Adscod integrates with third-party social media platforms, analytics providers, and payment processors.
  • Data shared with third-party integrations is governed by the respective third party's terms and privacy policies.
  • Adscod is not responsible for the data practices of third-party services.
  • Customers are advised to review the terms of any third-party service connected to their Adscod account.

8. Communication Services

  • Adscod provides in-platform messaging for Brand–Creator communication.
  • Email notifications are sent for account, campaign, and billing events.
  • Communication records may be retained for dispute resolution, compliance, and audit purposes.
  • Adscod does not monitor the content of private messages except where required by law or to investigate reported violations.

9. Compliance

  • Adscod complies with applicable data protection laws, including the Uganda Data Protection and Privacy Act, Kenya Data Protection Act, Nigerian Data Protection Act, and the African Union Malabo Convention.
  • Adscod undergoes regular internal audits and third-party assessments to verify compliance.
  • Data Processing Impact Assessments (DPIAs) are conducted for high-risk processing activities.

10. Contact

For questions or requests regarding these disclosures, contact our Data Protection Officer:

Email: dpo@adscod.com

Web: adscod.com/privacy