Privacy Policy

Owens Asset Management LLC, doing business as Nightshift Leads ('we,' 'us,' or 'our'), is committed to protecting your privacy.

By accessing or using the App, you agree to the practices described below. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Personal Data

Information you provide directly, such as:

Name, e-mail address, phone number, company name.

Authentication credentials (hashed).

Billing-related information (handled by our payment processor).

1.2 Usage Data

Automatically collected technical data (IP address, browser type, device identifiers, referring URLs, pages viewed, date/time stamps, error logs, and similar diagnostics).

1.3 Cookies & Similar Technologies

We use session, preference, and security cookies to operate and improve the App. You can disable cookies via your browser, but parts of the App may not function properly without them.

1.4 Facebook & Instagram Advertising Data

When you connect a Facebook or Instagram account, we request the following Meta permissions:

PermissionWhy We Request Itads_management (Advanced)Create, edit, pause, or delete campaigns, ad-sets, and ads you explicitly authorize.ads_read (Advanced)Pull ad-performance metrics (impressions, spend, conversions) for dashboards and exports.business_management (Advanced)List Ad Accounts, Pages, and Custom Audiences that belong to your Business Manager so you can select assets.pages_show_list (Standard)Display the Pages you manage so you can choose one for boosted-post campaigns.

Export to Sheets

We do not request or receive your friend lists, private messages, personal posts, or any special-category data (health, financial, political, religious, or biometric information).

2. How We Use Information

We process data to:

Provide, operate, and maintain the App.

Execute advertising actions you initiate (e.g., "Create Campaign").

Display real-time analytics and generate aggregate benchmarks.

Send transactional messages (password resets, invoices).

Detect, prevent, and address technical issues or fraud.

Comply with legal obligations.

Legal bases under GDPR/UK-GDPR: Performance of contract, legitimate interests, consent (where obtained), and compliance with law.

3. Data Retention

Data TypeRetention Period

Meta advertising objects & insights

24 months from the last successful token refresh or 48 hours after you disconnect your account—whichever occurs first.

Personal & billing data

For as long as you maintain an account and up to 7 years thereafter to meet bookkeeping & compliance duties.

Cookies & logsUp to 26 months unless a shorter period is sufficient.

4. Your Choices & Data Deletion

Delete Your Meta Data:

Disconnect in Facebook → Settings → Business Integrations to trigger our Facebook Data Deletion Callback (automatic purge within 48 hours).

Or email [Contact Email Address] with the subject "Delete my Meta data". We will honor verified requests within 72 hours.

You may also exercise rights of access, rectification, objection, restriction, portability, and complaint under GDPR/CCPA by contacting us.

5. Sharing & Disclosure

We never sell or rent any Meta advertising data. We share data only with:

Sub-processors that perform services on our behalf (hosting, payment, customer support) under executed DPA and confidentiality terms.

Authorities or successors when required by law or during a business transfer.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5.1 Sub-processors & Vendors

The following third-party service providers process data on our behalf:

CategoryLegal Entity NameTypical Data Touched

Hosting / Infrastructure[e.g., Amazon Web Services, Inc.]Servers, file storage, backups

Serverless / Frontend[e.g., Vercel Inc.]Edge functions, static assets, build logsCDN / Security[e.g., Cloudflare, Inc.]TLS termination, WAF logs, cached API traffic

Database[e.g., Supabase, Inc.]Database tables (campaign metadata, insight caches)

Payments & Billing[e.g., Stripe, Inc.]Customer name, email, card last-4, invoicesTransactional Email[e.g., Resend, Inc.]Password-reset links, system notifications

CRM / Automation[e.g., HighLevel Inc.]Client contact records, funnels, campaign assets

6. International Transfers

We operate in United States. Where we transfer data from the EEA/UK, we rely on Standard Contractual Clauses or an adequacy decision.

7. Security

We employ encryption in transit and at rest, role-based access controls, 2-factor authentication for internal accounts, regular penetration testing, and vendor risk assessments. No method is 100% secure, and we cannot guarantee absolute security.

8. Children

The App is not directed to, and we do not knowingly collect information from, anyone under 18.

9. Changes

Material changes will be announced 30 days in advance via e-mail or in-App notice. The "Last updated" date reflects the current version.

10. Contact

Owens Asset Management LLC

2750 W River Rd N, Elyria Ohio 44035

Email: [email protected]

Phone: (216) 849-7770