SALVOBY AXVEER
Get started
Legal

Privacy Policy

Last updated: May 8, 2026

Axveer Salvo is built to help teams plan, launch, manage, optimize, and measure marketing campaigns across advertising and social media platforms. This Privacy Policy explains what information Axveer (“Axveer”, “we”, “us”) collects, how we use, store, share, and protect it, and the choices and rights you have when you visit our website, create an account, connect advertising platforms, use the Salvo product or its agentic features, or communicate with our team.

This Privacy Policy applies to Axveer Salvo websites, applications, dashboards, APIs, integrations, and related services operated by Axveer, Inc. (Vienna, Virginia, United States). It does not replace or modify the privacy policies of third-party platforms — including Google, Meta, LinkedIn, X (formerly Twitter), Snapchat, TikTok, and Reddit — that you choose to connect.

1. Information We Collect

We collect the following categories of information:

Account information

Name, email address, company name, role, password, workspace details, billing contact details, and other information you provide when creating or managing an account. Passwords are stored as one-way bcrypt hashes and are never stored or transmitted in plaintext.

Workspace and team information

Organization name, project names, team member roles (Owner, Admin, Member, Viewer), team invitations, collaboration activity, audit logs, and administrative settings.

Campaign and marketing information

Campaign names, objectives, budgets, targeting and audience configurations, ad copy, creative briefs, landing-page URLs, performance metrics, and historical campaign data.

Connected platform information

When you connect a third-party platform we receive OAuth access and refresh tokens, account identifiers, business manager and ad-account identifiers, granted permissions, and the data that platform’s API exposes (campaign metadata, analytics, asset metadata, and similar). Tokens and platform credentials are encrypted at rest using AES-256-GCM with versioned keys.

Creative and asset data

Images, videos, files, text, brand materials, templates, logos, and other content uploaded or generated inside the platform.

Agentic AI inputs and outputs

Prompts, instructions, conversation history, agent messages, tool calls, and outputs created when you use Salvo’s AI and agentic features. See Section 3.

Usage and device information

IP address, browser type, device type, operating system, referring URLs, pages viewed, actions taken, session metadata, error logs, and diagnostic information.

Payment and subscription information

Plan type, subscription status, invoices, billing history, and payment-related metadata. Where payment processing is enabled, payment card details are handled by a third-party payment processor and are not stored on Axveer systems.

Communications

Messages, support requests, demo requests, feedback, survey responses, and other communications with our team.

Cookies and similar technologies

Salvo currently sets only strictly-necessary cookies (session and CSRF) required to operate the service. If we add analytics, advertising, or non-essential cookies in the future, we will surface a consent control where required by applicable law before they are set. See Section 9.

2. How We Use Information

We use information to:

  • Provide, host, secure, and improve Axveer Salvo.
  • Create and manage user accounts, workspaces, projects, and role-based access controls.
  • Authenticate users, validate sessions, and protect accounts against unauthorized access.
  • Connect to and sync with third-party advertising, analytics, and social platforms you choose to authorize.
  • Plan, launch, edit, pause, optimize, and report on campaigns; produce dashboards, recommendations, and analytics.
  • Power Salvo’s AI and agentic features — including assistive content generation and multi-step agent workflows that propose campaign actions for your review and approval (see Section 3).
  • Support collaboration, permissions, project management, and audit visibility for your organization.
  • Respond to support requests and inquiries and to communicate service updates, security notices, and product announcements.
  • Send marketing communications where permitted, with a one-click unsubscribe option.
  • Process payments, subscriptions, invoices, and account administration.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and policy violations.
  • Improve product reliability, usability, AI quality, and platform performance.
  • Comply with legal, tax, audit, and contractual obligations and enforce our agreements.

3. AI, Automation, and Agentic Features

Salvo includes two layers of AI-assisted functionality.

(a) Assistive AI features

Salvo helps you generate campaign ideas, ad copy, targeting suggestions, audience configurations, optimization recommendations, and reports. Information you provide — campaign goals, brand assets, prompts, performance data, and account settings — is processed to produce these outputs.

(b) Agentic AI features

Salvo’s agent can plan multi-step workflows in response to your direction. The agent reads your connected campaign data and calls Salvo’s research and lookup APIs directly. For campaign-affecting actions — creating a new campaign, launching a paused campaign, or pausing an active campaign — the agent does not modify campaigns or push changes to connected advertising platforms. Instead, it produces a pending draft proposal for review. A member of your project with the relevant permission must explicitly apply (or reject) each proposal from the agent chat panel before any campaign change takes effect on Salvo or on a connected platform. Each agent run is recorded as a thread of messages, tool calls, and proposals so that you can review what the agent saw, decided, and proposed, and so that organization administrators have a complete audit trail.

AI provider

Salvo’s AI and agentic features are powered by Google Cloud Vertex AI (Gemini models). Prompts, conversation history, and outputs are processed by Vertex AI in the United States under Axveer’s Google Cloud agreement. Per Google’s terms for Vertex AI, customer prompts and outputs are not used to train Google’s foundation models.

Your responsibility

AI and agent-generated outputs — including agent-proposed drafts — may be incomplete, inaccurate, or unsuitable for a given platform’s policies. You are responsible for reviewing AI-generated content and agent-proposed drafts before applying them, and for the consequences of any draft you apply. The current product does not provide an “auto-apply” option for campaign-affecting actions; every such action requires explicit human review and apply.

Opting out

You can disable agentic features for your workspace from Workspace Settings. Doing so disables the agent’s ability to propose drafts; assistive AI suggestions can be ignored on a per-suggestion basis or disabled at the workspace level.

4. Third-Party Platform Integrations

Salvo integrates with third-party advertising, analytics, and social platforms that you choose to connect. Currently supported platforms include Google Ads, Google Analytics, Meta (Facebook and Instagram), LinkedIn Ads, TikTok Ads, Reddit Ads, Snapchat Ads, X (Twitter) Ads, and Google Drive. We may add other platforms from time to time and will update this list when we do.

Salvo supports two distinct connection scopes, which are enforced in code:

Organization-scoped connections

Advertising platforms (Google Ads, Meta, LinkedIn, TikTok, Reddit, Snapchat, X) are connected at the organization level. Once connected, any team member with access to the relevant project can use the connection to manage campaigns. Owners and Admins manage these connections from Organization Settings.

User-scoped connections

Personal integrations (currently Google Drive) are connected at the individual-user level. Only the user who connected the account can access or use the connection. Organization Owners and Admins cannot view, override, or use another user’s personal integration on their behalf. This boundary is enforced in code: every read and write to a user-scoped connection is filtered by the connecting user’s identity, and there is no administrator-override path.

When you connect a third-party account, you authorize Axveer to access and process information from that platform under the permissions you grant. Your use of those platforms remains subject to their own terms, advertising policies, API terms, and privacy policies. We are not responsible for the availability, security, policies, or actions of third-party platforms. You can disconnect any integration from the relevant settings page in Salvo or revoke Salvo’s access from the third-party platform directly.

5. How We Share Information

We share information only with the categories of recipients below.

Service providers (sub-processors)

We rely on a small number of vendors to operate Salvo, including Google Cloud Platform for application hosting (GKE), database (Cloud SQL for PostgreSQL), cache (Memorystore for Redis), object storage (Cloud Storage), secret management, and AI inference (Vertex AI), and Resend for transactional email delivery. A current list of sub-processors is available on request from legal@axveer.com. All sub-processors are contractually bound to confidentiality and to security and privacy obligations consistent with this Policy.

Connected third-party platforms

When you instruct Salvo to publish a campaign, sync analytics, manage account settings, or perform similar actions on a connected platform, the relevant data is sent to that platform.

Workspace members

Other members of your organization can access information in your workspace based on the role you have given them (Owner, Admin, Member, Viewer). User-scoped personal integrations are excluded from this access — see Section 4.

Business transfers

Information may be transferred if Axveer is involved in a merger, acquisition, financing, restructuring, sale of assets, or similar transaction. We will post a notice on the website and notify users by email where a transfer materially changes how information is handled.

Legal and compliance

We may disclose information when required by law, legal process, regulation, subpoena, court order, or government request, or when necessary to protect rights, safety, security, and prevent abuse.

With your direction or consent

We share information when you instruct us to do so or otherwise give permission.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising (as those terms are defined under the California Privacy Rights Act).

6. Data Security

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, and disclosure. Current measures include:

  • AES-256-GCM encryption with versioned keys for third-party platform credentials and OAuth tokens.
  • TLS in transit and provider-managed encryption at rest for application data on Google Cloud Platform.
  • Server-side, Redis-backed sessions with HttpOnly, Secure, SameSite cookies (no authentication tokens stored in browser local storage).
  • bcrypt password hashing with per-user salts.
  • Role-based access controls (Owner / Admin / Member / Viewer) inside Salvo, with per-resource ownership checks on every API call.
  • Centralized audit logging and security-event recording.
  • Private VPC networking for the database and cache, with no public endpoints.
  • Least-privilege secret management via Google Secret Manager and short-lived workload identity for cloud access.
  • A documented incident-response process and breach notification practices aligned with applicable law.

No system is completely secure. You are responsible for using a strong, unique password, protecting your credentials and devices, configuring workspace roles carefully, and managing the third-party platform permissions you grant Salvo.

7. Data Retention

We retain information for as long as needed to provide the services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.

When you delete a campaign, project, audience, or connection, the record is marked deleted and removed from your workspace immediately. Soft-deleted records are purged from the active database within 90 days, except where a longer retention period is required for legal, security, audit, or fraud-prevention purposes. Backups containing previously-deleted data are rotated on a 30-day cycle.

If you disconnect a third-party platform, future syncing stops and we discontinue use of the OAuth tokens. Previously synced campaign and metric data is retained until you delete it, your account is closed, or our retention period expires, whichever comes first.

If your account is closed, we delete or de-identify personal information within 90 days, except where retention is required by law or necessary for legitimate business operations such as billing records, fraud prevention, or legal-defense files.

8. Your Choices and Rights

You have several ways to control your information.

In-product controls

You can update profile information, manage workspace members and roles, configure or disconnect platform integrations, and disable AI or agentic features from Account and Workspace Settings.

Email preferences

You can unsubscribe from marketing emails using the unsubscribe link in those emails. Service-related messages — security alerts, billing notices, and account updates — cannot be unsubscribed while your account remains active.

Privacy requests

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information, and to withdraw consent where processing is based on consent. To exercise these rights, contact legal@axveer.com. We will verify your identity using reasonable measures proportionate to the sensitivity of the request and respond within the timeframe required by applicable law. We may decline or limit a request where a recognized exception applies (for example legal retention obligations or risks to others’ rights), and will explain our decision.

Self-service data export and account deletion

We are building in-product self-service controls for data export and account deletion. Until those controls are available in the product, requests are handled by legal@axveer.com within applicable statutory deadlines.

9. Cookies and Tracking

Salvo currently sets only strictly-necessary cookies required to operate the service:

  • salvo-session — server-side session identifier (HttpOnly, Secure, SameSite).
  • salvo-csrf — cross-site request forgery token (HttpOnly, Secure, SameSite).

We do not currently use third-party advertising, analytics, or marketing cookies, and Salvo does not currently emit tracking pixels or use browser local storage for tracking. If we add non-essential cookies in the future, we will provide a consent control where required by applicable law (including the EU ePrivacy Directive and equivalent regimes) before they are set.

You can manage or block cookies in your browser settings. Blocking strictly-necessary cookies will prevent you from logging in.

10. International Data Transfers

Salvo’s primary infrastructure is in the United States (Google Cloud Platform, region us-east1). When you use Salvo from outside the United States, your information will be transferred to and processed in the United States and may be processed in other countries where our sub-processors operate.

For transfers from the European Economic Area, the United Kingdom, and Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, and supplementary technical and organizational measures. Copies of the relevant transfer mechanisms are available from legal@axveer.com.

11. Children’s Privacy

Salvo is intended for business users. It is not directed to children, and we do not knowingly collect personal information from children under the age required by applicable law (16 in the EEA and the United Kingdom; 13 in the United States). If you believe a child has provided information to us, contact legal@axveer.com and we will delete the account and information.

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know what personal information we have collected about you, the sources, the business or commercial purpose of collection, and the categories of third parties with whom we share it.
  • Right to delete personal information we have collected from you, subject to exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information.
  • Right to limit the use of sensitive personal information to specified purposes.
  • Right to non-discrimination for exercising any of the above rights.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of consumers under 16 years old.

To exercise these rights, contact legal@axveer.com or use the in-product controls described in Section 8. We will verify your identity using reasonable measures proportionate to the sensitivity of the request. An authorized agent may submit a request on your behalf with written authorization that we may verify.

13. EEA, UK, and Swiss Privacy Rights (GDPR / UK GDPR / FADP)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the controller of your personal information is Axveer, Inc. unless otherwise stated. You have the rights to access your personal information, request rectification of inaccurate data, request erasure of data we no longer need, request restriction of processing, object to processing based on legitimate interests, and request data portability in a machine-readable format. Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

Our lawful bases for processing include (i) performance of a contract when we operate the Salvo product for you; (ii) legitimate interests in providing, securing, and improving the product, communicating with users, and preventing fraud; (iii) consent for marketing communications and any non-essential cookies; and (iv) compliance with legal obligations for tax, accounting, and lawful requests.

You may lodge a complaint with your local supervisory authority. To exercise rights, contact legal@axveer.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you in advance through the application, email, or another reasonable means. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of Axveer Salvo after the effective date of an update means the revised policy applies.

15. Contact Us

For privacy questions, requests, or complaints, contact:

Axveer, Inc.Email: legal@axveer.comAddress: 344 Maple Ave W, Suite 123, Vienna, Virginia 22180

Last updated: May 8, 2026

See also our Terms of Service.