Aeris

Privacy Policy

Aeris, operated by The Real Group (TRG). Last updated 11 June 2026.

1. Who we are

Aerisis an advertising analytics and management dashboard operated by The Real Group (TRG) (“we”, “us”). For your account and the advertising data you connect, we act as a data controller; where we process end-user conversion events on your behalf, we act as a processor under your instructions.

2. Data we collect

  • Account information — your name, business email, and billing details.
  • Connected advertising-platform data— when you connect an ad account (Meta, Google, Microsoft, TikTok, Amazon, Reddit, or OpenAI) via that platform’s authorization (OAuth), we read your account’s advertising performance and campaign metadata: campaigns and their status, impressions, clicks, spend, conversions, revenue, and currency.
  • Google user data (Google Ads) — if you connect a Google Ads account, you authorize us through Google OAuth (scope https://www.googleapis.com/auth/adwords) to access that account via the Google Ads API. The Google user data we read is your Google Ads campaigns, ad groups, and keywords, their performance metrics (impressions, clicks, cost, conversions), and your account/customer identifiers.
  • Conversion / pixel events — pseudonymous events used to measure advertising performance, where you enable our pixel.
  • Usage & technical data — log and device data needed to operate and secure the service.

3. How we use advertising-platform data

Data we obtain from advertising platforms is used solely to provide the service to you, the advertiser who connected the account:

  • Show your advertising performance across your connected channels in one dashboard.
  • Let our AI assistant (Aeris) analyze your performance and suggest what is working, where spend is wasted, and a recommended next step.
  • List your campaigns and their status and budgets.
  • Where you explicitly authorize it, take a requested action on your behalf — for example, pause or resume one of your campaigns.

We show this data only to you. We do not sell it, and we do not share it with other customers or use it to advertise to your customers.

4. Advertising-platform tokens & access

We request only the permission scopes needed for the above. Access tokens are stored encrypted. We access an ad account only while you keep it connected — you can disconnect it at any time from the Connections page, which immediately stops our access. (See “Your rights & data deletion” below.) Our use of data from Meta, Google, and other platforms also complies with each platform’s developer policies.

Google API Services — Limited Use. Aeris’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the features described above (reporting, optimization suggestions, and changes you explicitly approve). We do not sell Google user data, use it for advertising or to train generalized AI/ML models, or transfer it to third parties except as needed to provide this service (our infrastructure sub-processors listed below) or where required by law. We never create or delete your Google Ads accounts.

5. Legal bases (GDPR)

We rely on performance of our contract with you, our legitimate interest in operating and improving the service, and your consent for cookie-based analytics on our marketing site.

6. Sharing & sub-processors

We use infrastructure and payment providers — including AWS, MongoDB Atlas, Cloudflare, and Stripe — and the advertising platforms you connect. We provide our full sub-processor list on request. We do not sell personal data.

7. Retention

  • Account & advertising data: retained while your account is active and for up to seven years after termination for legal/financial compliance.
  • Conversion / pixel events: up to 24 months before aggregation.
  • Click identifiers: up to 90 days.

8. Your rights & data deletion

You may request access, correction, deletion, or export of your data. You can delete connected advertising-platform data at any time by disconnecting the account in the app, or by emailing privacy@realry.com — we will delete the associated data we hold. EU/EEA and other users may exercise the rights granted under applicable data-protection law.

9. International transfers

Our infrastructure spans the US and EU; transfers of EEA data rely on Standard Contractual Clauses.

10. Security

Payment details are tokenized via Stripe; OAuth tokens are encrypted; production access requires authentication and multi-factor verification.

11. Children

The service is for business users aged 18+. We do not knowingly collect data from minors.

12. Changes

We provide at least 30 days’ notice of material changes to this policy.

13. Contact

Privacy enquiries and data requests: privacy@realry.com.