Privacy Policy — Chrome Extension
1. Who We Are
Mediads SAS is a French simplified joint-stock company (Société par actions simplifiée) with a share capital of EUR 1,326.80, registered under number 920 035 607 R.C.S. Paris, with its registered office at 20 rue du 4 septembre, 75002 Paris, France.
Mediads SAS acts as the data controller within the meaning of the GDPR for all personal data collected through the Extension.
Privacy contact: privacy@mediads.io
2. What the Extension Does
The Mediads Chrome Extension is an overlay interface that allows advertisers and agencies to create and manage Mediads advertising campaigns directly from Meta Business Manager, without leaving that environment.
The Extension activates exclusively on pages under the *.facebook.com domain (business.facebook.com, adsmanager.facebook.com, etc.). It does not run on any other website.
3. Data Collected and Legal Bases
3.1 What the Extension Reads (Without Storing)
To operate, the Extension reads the following data in memory only, without transmitting it to our servers:
- The active page URL, specifically the
act=<id>parameter on adsmanager.facebook.com URLs — in order to identify the active Meta ad account and match it to the associated Mediads brand.
3.2 Mediads Account Data (Authentication) GDPR Art. 6.1.b
Authentication is handled by Clerk, our identity provider (also used on app.mediads.io). When signing in through the Extension:
- The user session (JWT token) is stored in the Extension's background service worker, in accordance with Chrome security best practices.
- The content script injected into Meta pages never accesses the JWT.
- Data displayed in the overlay (name, brand, campaigns, media catalogue) is retrieved via Mediads' secure API (HTTPS) using the active session.
Legal basis: Performance of a contract (Art. 6.1.b GDPR).
3.3 User Preferences (Local Storage) GDPR Art. 6.1.f
Extension settings (floating button position, auto-open toggle, selected environment) are saved in chrome.storage.sync. This data:
- Is purely functional (interface configuration only).
- Contains no personally identifiable information.
- Is synchronised by Chrome across the user's devices if they are signed into their Chrome profile.
Legal basis: Legitimate interests (Art. 6.1.f GDPR) — improving user experience.
3.4 What We Do NOT Collect
- No browsing history.
- No data from the Meta Business Manager DOM (ads, budgets, audiences, Meta account data).
- No analytics or user behaviour data (no analytics SDK is bundled in V1).
- No payment card or financial data.
- No data relating to minors.
4. Purposes of Processing
| Purpose | Legal Basis |
|---|---|
| Authenticate the user and maintain their active session | Contract (Art. 6.1.b) |
| Identify the active Meta ad account to contextualise the Mediads interface | Contract (Art. 6.1.b) |
| Display the media catalogue, campaigns, and quick actions associated with the user's Mediads brand | Contract (Art. 6.1.b) |
| Enable the creation of Mediads campaigns | Contract (Art. 6.1.b) |
| Save the user's interface preferences | Legitimate interests (Art. 6.1.f) |
5. Data Sharing and Transfers
5.1 Sub-processors
| Sub-processor | Purpose | Country | Transfer Mechanism |
|---|---|---|---|
| Clerk | Authentication | United States | Standard Contractual Clauses (SCCs) |
| AWS | API & data hosting | France |
5.2 No Sale or Transfer to Third Parties
We do not sell, rent, or transfer any personal data to third parties for advertising, marketing, or data brokering purposes.
In accordance with the Chrome Web Store User Data Policy, the use of data is strictly limited to the purposes described in this policy.
6. Data Retention
- Clerk session: Duration of the active session, then deleted upon sign-out or Extension uninstallation.
- chrome.storage.sync preferences: Until the Extension is uninstalled or manually reset by the user.
- Mediads account data (managed on the SaaS platform): See the privacy policy at app.mediads.io.
7. Security
- Encrypted communications: All exchanges between the Extension and Mediads servers are encrypted via TLS (HTTPS).
