OBSIDIOLABS← Back to Home

Privacy Policy

Last updated: June 11, 2026

1. Our Commitment to Privacy

At Obsidio Labs, protecting privacy is a foundational principle of how we operate. This Privacy Policy explains what information we collect, how we use and share it, and the rights available to you when you use our website and our SyncPulse platform. We understand that the data, strategies, and insights shared with us by clients, partners, and users are sensitive and commercially valuable, and we are committed to protecting all such information with the highest standards of care, discretion, and security.

2. Scope and Our Role

SyncPulse is a real-time TV-to-digital advertising synchronization platform offered to advertising agencies and direct-brand advertisers. In most cases, Obsidio Labs acts as a data processor that processes campaign and advertising data on behalf of, and under the instructions of, our clients (who act as data controllers). For our own website, contact, and account information, Obsidio Labs acts as the data controller. Where the GDPR or equivalent law applies, we process personal data on the lawful bases described in this policy, including the performance of a contract, our legitimate interests in operating and securing our services, and your consent where required.

3. Information We Collect

In the course of providing our services, we may collect and process the following categories of data:

  • Contact Data: Name, email address, job title, and company name provided through our contact form, account registration, or direct communications.
  • Account and Usage Data: Login credentials, dashboard activity, access logs, feature usage, and performance metrics describing how you interact with the SyncPulse platform.
  • Advertising and Campaign Data: Campaign configurations, broadcast detection events, and advertising performance data (such as impressions, clicks, conversions, and cost) processed through SyncPulse on behalf of clients, including data accessed from connected advertising platforms.
  • Technical Data: IP addresses, browser type, device information, and cookies used for platform functionality and security.

SyncPulse does not collect or process personal data of individual end consumers from connected advertising platforms beyond the aggregated and account-level campaign metrics required to operate the service.

4. How We Use Information

We use the information we collect solely to provide, operate, secure, and improve our services. Specifically, we use it to:

  • Detect broadcast television advertisements and activate, pause, or restore the corresponding digital campaigns on connected platforms.
  • Retrieve and display advertising performance reporting in the SyncPulse dashboard.
  • Authenticate users, maintain account security, and prevent abuse.
  • Respond to inquiries and provide support.

We do not sell, rent, or trade personal data, and we do not use client or platform data for advertising profiling, training of unrelated models, or any purpose beyond the direct delivery of contracted services without explicit prior written consent.

5. Third-Party Advertising Platform Integrations

SyncPulse integrates with third-party advertising platforms, including Google Ads, Meta, TikTok, and Google Ad Manager, through their official APIs. When a client connects an advertising account, they authorize SyncPulse, via OAuth or equivalent authorization, to access that account on their behalf for two purposes only: (1) to change campaign status (activate or pause) in response to broadcast detection events, and (2) to read campaign performance metrics for reporting.

In relation to TikTok specifically, SyncPulse uses the TikTok Marketing API with the minimum scopes required to operate the service — limited to retrieving campaign information, updating campaign status, and reading integrated performance reports. SyncPulse does not post content to TikTok, does not access TikTok user profiles or personal account data, and does not request scopes beyond those needed for the functions described above. Data obtained through the TikTok Marketing API is used only to operate and report on the client's own campaigns and is handled in accordance with the TikTok Developer Terms of Service and applicable data protection law.

Access tokens are stored securely and are used only to perform the authorized actions above. Clients may revoke SyncPulse's access to any connected account at any time through the relevant platform or by contacting us.

6. How We Protect Your Information

We implement robust technical and organizational measures to safeguard the information we process, including:

  • Encryption of data in transit and at rest using industry-standard protocols.
  • Strict access controls ensuring only authorized personnel can access sensitive data.
  • Secure storage and handling of OAuth tokens and API credentials for connected advertising platforms.
  • Regular security audits and vulnerability assessments of our infrastructure.
  • Mandatory confidentiality training for all Obsidio Labs employees and contractors.
  • Secure data deletion policies upon termination of services.

7. Data Sharing and Sub-Processors

We do not sell, rent, or trade personal or confidential information to third parties under any circumstances. We share data only in the following limited circumstances:

  • With the connected advertising platforms (such as Google Ads, Meta, TikTok, and Google Ad Manager) as necessary to carry out the actions you authorize.
  • With trusted sub-processors (for example, hosting and infrastructure providers) who are bound by equivalent confidentiality and data protection obligations and act solely on our instructions.
  • When required by applicable law, regulation, or court order, in which case we will provide advance notice to the affected party where legally permitted.
  • With the express prior written consent of the disclosing party.

8. Data Retention

We retain information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Upon termination of a service engagement, client data is either returned, securely deleted, or anonymized within 30 days, subject to any legal retention requirements. Data obtained from connected advertising platforms is retained only for the period needed to provide reporting and to operate the service, and is deleted when access is revoked or the engagement ends. We maintain detailed records of our data retention schedules and make these available to clients upon request.

9. International Data Transfers

Where data is transferred outside the country in which it was collected, including to sub-processors or connected advertising platforms located in other jurisdictions, we ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent legally recognized transfer mechanisms, in compliance with the GDPR and other applicable data protection laws.

10. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including:

  • The right to access and receive a copy of your personal data.
  • The right to request correction of inaccurate data.
  • The right to request deletion of your data ("right to be forgotten").
  • The right to object to or restrict processing of your data.
  • The right to data portability.

To exercise any of these rights, please contact us through the contact form on our website. Where we act as a processor on behalf of a client, we will direct such requests to the relevant controller and assist them in responding.

11. Cookies

We use cookies and similar technologies for essential platform functionality, security, and to understand how our website and platform are used. You can control or disable cookies through your browser settings, though some features may not function properly if cookies are disabled.

12. Breach Notification

In the event of a confirmed data breach that is likely to result in a risk to the rights and freedoms of individuals, Obsidio Labs will notify affected clients and relevant supervisory authorities as required by applicable law, and no later than 72 hours after becoming aware of the breach. We maintain an incident response plan and conduct regular drills to ensure readiness.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide notice of significant changes by updating the date at the top of this page. Your continued use of our services following any changes constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

14. Contact

For any questions, concerns, or requests related to this Privacy Policy or the handling of your data, please contact our team through the contact form on our website. We are dedicated to responding to all privacy-related inquiries within five business days.