Privacy Policy
How we collect, use, and protect your information when you use Black Umbrella
Digital Warriors LLC ("Black Umbrella", "we", "us", or "our") operates the Black Umbrella web and mobile application (the "App"). This Privacy Policy describes how we collect, use, share, retain and delete information when you use the App, and the rights and choices you have.
By accessing or using the App you agree to the practices described below. If you do not agree, please do not use the App.
1Information We Collect
1.1 Personal Data
Information you provide directly, such as:
- Name, e-mail address, phone number, company name
- Authentication credentials (hashed)
- Billing-related information (handled by our payment processor)
1.2 Usage Data
Automatically collected technical data (IP address, browser type, device identifiers, referring URLs, pages viewed, date/time stamps, error logs and similar diagnostics).
1.3 Cookies & Similar Technologies
We use session, preference and security cookies to operate and improve the App. You can disable cookies via your browser, but parts of the App may not function.
1.4 Facebook & Instagram Advertising Data
When you connect a Facebook or Instagram account we request the following Meta permissions:
| Permission | Why We Request It |
|---|---|
| ads_management (Advanced) | Create, edit, pause or delete campaigns, ad-sets and ads you explicitly authorise. |
| ads_read (Advanced) | Pull ad-performance metrics (impressions, spend, conversions) for dashboards and exports. |
| business_management (Advanced) | List Ad Accounts, Pages and Custom Audiences that belong to your Business Manager so you can select assets. |
| pages_show_list (Standard) | Display the Pages you manage so you can choose one for boosted-post campaigns. |
We do not request or receive your friend lists, private messages, personal posts or any special-category data (health, financial, political, religious or biometric information).
2How We Use Information
We process data to:
- Provide, operate and maintain the App
- Execute advertising actions you initiate (e.g. "Create Campaign")
- Display real-time analytics and generate aggregate benchmarks
- Send transactional messages (password resets, invoices)
- Detect, prevent and address technical issues or fraud
- Comply with legal obligations
Legal bases under GDPR/UK-GDPR: performance of contract, legitimate interests, consent (where obtained), and compliance with law.
3Data Retention
| Data Type | Retention Period |
|---|---|
| Meta advertising objects & insights | 24 months from the last successful token refresh or 48 hours after you disconnect your account—whichever occurs first |
| Personal & billing data | For as long as you maintain an account and up to 7 years thereafter to meet bookkeeping & compliance duties |
| Cookies & logs | Up to 26 months unless a shorter period is sufficient |
4Your Choices & Data Deletion
Delete Your Meta Data:
- Disconnect in Facebook → Settings → Business Integrations to trigger our Facebook Data Deletion Callback (automatic purge within 48 hours)
- Or email privacy@blackumbrella.app with subject "Delete my Meta data". We will honour verified requests within 72 hours
You may also exercise rights of access, rectification, objection, restriction, portability and complaint under GDPR/CCPA by contacting us.
5Sharing & Disclosure
We never sell or rent any Meta advertising data. We share data only with:
- Sub-processors that perform services on our behalf (hosting, payment, customer support) under executed DPA and confidentiality terms
- Authorities or successors when required by law or during a business transfer
5.1 Sub-processors & Vendors
The following third-party service providers process data on our behalf:
| Category | Legal Entity Name | Typical Data Touched |
|---|---|---|
| Hosting / infrastructure | Amazon Web Services, Inc. | Servers, S3 file storage, RDS backups |
| Serverless / frontend hosting | Vercel Inc. | Edge functions, static assets, build logs |
| CDN / Edge security | Cloudflare, Inc. | TLS termination, WAF logs, cached API traffic |
| Database-as-a-service | Supabase, Inc. | Postgres tables (campaign metadata, insight caches) |
| Payments & billing | Stripe, Inc. | Customer name, email, card last-4, invoices |
| Transactional email | Resend, Inc. | Password-reset links, system notifications |
| CRM / Marketing automation | HighLevel Inc. | Client contact records, funnels, campaign assets |
6International Transfers
We operate in the United States. Where we transfer data from the EEA/UK we rely on Standard Contractual Clauses or an adequacy decision.
7Security
We employ encryption in transit and at rest, role-based access controls, 2-factor authentication for internal accounts, regular penetration testing and vendor risk assessments. No method is 100% secure, and we cannot guarantee absolute security.
8Children
The App is not directed to, and we do not knowingly collect information from, anyone under 18.
9Changes
Material changes will be announced 30 days in advance via e-mail or in-App notice. The "Last updated" date reflects the current version.
10Contact
Digital Warriors LLC
390 NE 191st St Suite 8234, Miami FL 33179, USA