1 Introduction
Welcome to Exit Strategy Ads. We are a specialized Google Ads agency helping supplement brands build independent, profitable direct-to-consumer businesses while reducing Amazon dependency.
This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website (exitstrategyads.com), use our services, or communicate with us.
Our Commitment: We treat your data with the same care we demand for supplement compliance—transparent, ethical, and in your best interest.
Contact Us
Exit Strategy Ads
4077 Malawi Trl
Saint Cloud, FL 34772
Osceola County, Florida, USA
Email: privacy@exitstrategyads.com
2 Information We Collect
From Website Visitors
When you visit our website or submit inquiries, we collect:
- Contact Information: Name, email address, phone number, company name
- Business Details: Monthly revenue, current sales channels, product categories
- Scheduling Data: Calendar appointments, preferred meeting times
- Technical Information: IP address, browser type, device information, operating system
- Analytics Data: Pages viewed, time on site, traffic sources, user behavior patterns
From Clients
When you engage our services, we collect additional information necessary to deliver results:
Business & Account Access
- Shopify store URLs, product catalogs, pricing information
- Google Ads account access (view and management permissions)
- Revenue data, order volume, average order values
- Email and SMS marketing platform credentials (Klaviyo, Attentive, or similar)
- Customer purchase history and order data accessed through Shopify integration
Customer Data (Accessed Through Your Platforms)
- Customer email addresses and phone numbers (for email/SMS marketing campaigns)
- Purchase history and transaction records
- Product preferences and browsing behavior
- Geographic location data (for ad targeting and shipping analysis)
Financial Information
- Billing details for service fees
- Payment information processed securely through Stripe (we do not store credit card numbers)
- Ad spend amounts and budget allocations
Communications
- Email correspondence, Slack messages, call recordings (consent obtained via verbal disclosure at call start or calendar invite notice)
- Weekly performance call notes
- Strategy documents, creative briefs, compliance reviews
From Third-Party Integrations
We receive data through authorized integrations with:
- Shopify: Customer lists, order data, product catalogs, conversion tracking
- Google Ads: Campaign performance, click data, conversion metrics, audience lists
- Email/SMS Platforms: Subscriber lists, engagement rates, automation performance
- Analytics Tools: Google Analytics 4 traffic data, conversion tracking, user behavior
3 How We Use Your Information
For Prospective Clients
- Respond to inquiries and schedule discovery calls
- Assess program eligibility (revenue requirements, inventory levels, product compliance)
- Send educational content and marketing communications (with opt-out available)
- Evaluate business fit for our three program tiers
For Active Clients
Service Delivery
- Manage Google Ads campaigns (Search, Shopping, Performance Max, Display, YouTube)
- Build and optimize landing pages, product pages, and conversion funnels
- Create email and SMS marketing sequences and automations
- Develop compliant ad copy and creative assets
- Set up conversion tracking (Google Tag Manager, GA4, server-side tracking)
Performance Monitoring
- Calculate and report ROAS (Revenue ÷ Ad Spend) for guarantee compliance
- Track progress toward 3:1 ROAS within 90-day guarantee period
- Monitor infrastructure delivery milestones for 90-Day Infrastructure Guarantee
- Generate custom Looker Studio dashboards for real-time performance visibility
Compliance & Quality Assurance
- Review product claims for FDA/FTC compliance
- Identify prohibited disease claims in ad copy and landing pages
- Verify required disclaimers are properly displayed
- Monitor for Google Ads policy violations and ad disapprovals
- Ensure structure/function claims have proper substantiation
Communication & Support
- Conduct weekly performance calls (Month 1) and ongoing strategy sessions
- Provide campaign updates, optimization recommendations, compliance alerts
- Deliver SOPs with video documentation for internal team training
- Respond to client questions via email, Slack, or scheduled calls
For Business Operations
- Generate invoices and process payments for management fees and ad spend fees
- Maintain financial records for tax reporting and legal compliance
- Analyze aggregate campaign performance to improve service methodologies
- Fulfill legal obligations (subpoenas, regulatory requests, contract enforcement)
4 Data Sharing & Third Parties
Service Providers We Work With
We share information with trusted third-party providers necessary to deliver our services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google LLC | Ad campaign management, Analytics tracking, conversion measurement | Campaign settings, customer lists (hashed), conversion events, website traffic |
| Shopify Inc. | E-commerce platform integration, customer data access for marketing | Order data, customer email lists, product catalogs, revenue metrics |
| Stripe Inc. | Secure payment processing (PCI-DSS Level 1 certified) | Billing information (we never see or store your full credit card number) |
| Email/SMS Platforms (Klaviyo, Attentive) | Marketing automation, subscriber management, campaign deployment | Customer email lists, phone numbers, purchase history, engagement data |
| Project Management Tools (Slack, Asana, Google Workspace) | Client collaboration, file sharing, task management | Project files, communication logs, strategy documents |
What We Never Do
We Do Not:
- Sell your customer lists or email subscribers to third parties
- Share proprietary product formulations, supplier contacts, or trade secrets
- Disclose your revenue data, ROAS performance, or business metrics without explicit permission
- Use your customer data for purposes outside our contracted services
- Provide your competitive intelligence to other clients in your niche
Legal Disclosures
We may disclose information when legally required:
- Legal Compliance: Subpoenas, court orders, government investigations
- Regulatory Requests: FDA inquiries about product claims, FTC investigations of advertising practices
- Fraud Prevention: Suspected fraudulent activity, terms of service violations
- Business Transfers: Merger, acquisition, or sale of Exit Strategy Ads (clients notified in advance)
In all cases, we disclose only the minimum information legally required and notify you when permitted by law.
5 Client Data Ownership & Access Rights
You Own Your Data
Complete Ownership
- All customer lists, email subscribers, and purchase data remain your exclusive property
- Product catalogs, creative assets, and landing page source files belong to you
- Campaign strategies, SOPs, and documentation delivered per Freedom First Guarantee
Data Export
- Request full data export at any time (CSV, JSON, or native platform format)
- Receive complete export within 5 business days of request
- No fees for data export requests
Contract Termination
- Upon cancellation, receive all assets within 15 business days per Freedom First Guarantee
- Includes: landing pages, email templates, SOPs with videos, dashboards, creative source files, audience lists, campaign documentation
- All access credentials returned or revoked immediately
Our Access Rights
During Active Engagement
- View and manage access to Google Ads accounts
- API access to Shopify for conversion tracking and customer data
- Login credentials to email/SMS platforms for campaign deployment
- Analytics platform access for performance monitoring
Access Termination
- All platform access revoked within 15 business days of contract end
- Emergency revocation available immediately upon client request
- Access logs available for audit upon request
Data Retention After Termination
- Performance reports and campaign data: retained 90 days for transition support, then deleted
- Financial records: retained 7 years per IRS requirements
- Customer lists and proprietary data: deleted within 30 days unless you request we maintain backup
6 Data Security Measures
Technical Safeguards
Encryption
- SSL/TLS 1.3 encryption for all data transmission
- Encrypted storage for client databases and backup files
- Password-protected client portals with optional two-factor authentication (2FA)
Infrastructure Security
- Regular security audits of third-party integrations
- Firewall protection and intrusion detection systems
- Automated daily backups with 30-day retention
- Secure API connections with token-based authentication
Access Controls
- Role-based permissions (team members access only assigned client accounts)
- Password complexity requirements and regular rotation policies
- Session timeouts for inactive portal users
Organizational Safeguards
Internal Policies
- Employee confidentiality agreements signed upon hire
- Annual security awareness training for all team members
- Documented data handling procedures and incident response protocols
- Background checks for employees with customer data access
Vendor Management
- Due diligence reviews of third-party security practices
- Data processing agreements with all service providers
- Regular compliance audits of critical integrations
Breach Notification
In the unlikely event of a data breach:
Our Response
- Investigate and contain the breach immediately
- Notify affected clients within 72 hours of confirmed breach
- Provide detailed information: what data was compromised, how it occurred, remediation steps taken
- Offer credit monitoring services if financial or sensitive personal data exposed
Your Actions
- We'll provide specific guidance based on the nature of the breach
- May include: password resets, notification to your customers (if required by law), fraud monitoring
8 Your Privacy Rights & Choices
Access & Correction
✓ Right to Access
Request a copy of all personal data we hold about you. Receive data in commonly used, machine-readable format (CSV, JSON, PDF). Response time: 15 business days from verified request.
✓ Right to Correction
Update inaccurate or incomplete information. Correct business details, contact information, or account preferences. Submit corrections via email to privacy@exitstrategyads.com or through client portal.
Data Deletion
Right to Deletion (with exceptions)
- Request deletion of your account and associated personal data
- We may retain certain records for legal compliance:
- Financial records: 7 years (IRS requirement)
- Contract disputes: duration of legal proceedings
- Fraud prevention: records of terms violations
Marketing Opt-Out
- Unsubscribe from marketing emails via link in every message
- Opt-out takes effect within 48 hours
- Note: We'll still send transactional emails related to active services (invoices, performance reports, compliance alerts)
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
✓ Right to Know
Categories of personal information collected, purposes for collection and use, categories of third parties we share data with, specific pieces of information we hold about you.
✓ Right to Delete
Request deletion of personal information (with legal retention exceptions noted above).
✓ Right to Opt-Out of Sale/Sharing
We do NOT sell or share your personal information for cross-context behavioral advertising, so no opt-out action is needed. We will never sell or share your data in the future without explicit consent.
✓ Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA/CPRA rights. No denial of services, different pricing, or reduced service quality.
Authorized Agent
You may designate an authorized agent to submit requests on your behalf. Requires written authorization and identity verification.
Submit CCPA/CPRA Requests:
Email: privacy@exitstrategyads.com
Subject Line: "CCPA Request - [Your Name]"
Response Time: We acknowledge requests within 5 business days and fulfill them within 45 days (may extend 45 additional days for complex requests)
European Union & United Kingdom Residents (GDPR)
If you are located in the EU or UK, you have rights under the General Data Protection Regulation:
Legal Basis for Processing
- Contract Performance: Processing necessary to deliver services you've engaged us for
- Legitimate Interest: Analytics, fraud prevention, business operations
- Consent: Marketing communications, non-essential cookies (you may withdraw anytime)
- Legal Obligation: Tax reporting, regulatory compliance
Your GDPR Rights
✓ Right to Access
Obtain copy of your personal data and information about how we process it.
✓ Right to Rectification
Correct inaccurate or incomplete data.
✓ Right to Erasure
Request deletion when data no longer necessary for original purpose.
✓ Right to Restriction
Limit how we process your data in certain circumstances.
✓ Right to Data Portability
Receive your data in structured, machine-readable format to transfer to another controller.
✓ Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
✓ Right to Withdraw Consent
Withdraw consent at any time (doesn't affect lawfulness of prior processing).
✓ Right to Lodge Complaint
File complaint with your local supervisory authority if you believe we've violated GDPR.
International Data Transfers
- Our primary operations are in Saint Cloud, Florida, USA
- EU/UK client data may be transferred to US-based servers (Google Cloud, AWS)
- We use Standard Contractual Clauses (SCCs) approved by the European Commission for lawful transfers
Submit GDPR Requests:
Email: privacy@exitstrategyads.com
Subject Line: "GDPR Request - [Your Name]"
Response Time: We acknowledge requests within 5 business days and fulfill them within 30 days
9 Data Retention Periods
Prospective Clients
| Data Type | Retention Period | Purpose |
|---|---|---|
| Contact Form Submissions | 2 years from submission | Marketing communications, follow-up on inquiries. Automatically purged after 2 years or upon opt-out request. |
| Discovery Call Notes | 1 year from last contact | Context for future conversations if you return. Manually reviewed and purged annually. |
Active Clients
| Data Type | Retention Period | Purpose |
|---|---|---|
| Performance Data (campaign metrics, ROAS, ad performance, conversions) | Duration of contract + 3 years | Guarantee verification, service improvement, dispute resolution |
| Financial Records (invoices, payments, fees) | 7 years from transaction date | IRS compliance, audit requirements, tax reporting. Cannot be deleted earlier due to legal obligations. |
| Customer Lists (accessed from Shopify) | Duration of contract + 30 days | Email/SMS campaign deployment, retargeting audiences. Purged within 30 days of contract termination unless you request retention for transition support. |
| Communication Logs (emails, Slack, calls, strategy docs) | Duration of contract + 1 year | Service delivery, dispute resolution, quality assurance |
Terminated Relationships
- Final Deliverables: Provided per Freedom First Guarantee, then deleted from our systems 90 days after delivery. Includes landing pages, SOPs, email templates, dashboards, creative files.
- Backup Systems: Archived data removed from backup rotations within 90 days of contract end.
- Exception: Records retained longer if ongoing dispute, legal proceeding, or regulatory investigation.
10 Children's Privacy
Age Restriction: Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
Parental Rights: If you are a parent or guardian and believe your child has provided us with personal information, contact us immediately at privacy@exitstrategyads.com. We will delete the information within 30 days of verified notification.
Supplement Industry Context: Our clients sell dietary supplements, which are intended for adult use only. Product marketing and advertising is targeted exclusively to individuals 18 and older.
11 International Data Transfers
Primary Operations: Saint Cloud, Florida, USA
Server Locations
Client data may be stored on servers located in the United States through our use of:
- Google Cloud Platform (US-based data centers)
- Amazon Web Services (AWS) - US regions
- Shopify servers (multi-region, including US)
For EU/UK Clients
We ensure adequate protection for international data transfers through:
Standard Contractual Clauses (SCCs)
We use European Commission-approved SCCs with our US-based service providers to ensure GDPR-compliant data transfers.
Adequacy Decisions
Where available, we rely on European Commission adequacy decisions for specific countries or under frameworks like the EU-US Data Privacy Framework.
Additional Safeguards
- Encryption in transit and at rest
- Regular security audits of cross-border data flows
- Data processing agreements with all international vendors
Your Rights: You may request a copy of the safeguards we use for international transfers by contacting privacy@exitstrategyads.com.
12 Changes to This Privacy Policy
Notification of Changes: We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings.
Material Changes
- Notify active clients via email at least 30 days before changes take effect
- Post updated policy on website with "Last Updated" date clearly displayed
- Highlight material changes in notification email
Non-Material Changes
- Update "Last Updated" date on this page
- No advance notification required (e.g., minor clarifications, formatting updates)
Continued Use: Your continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy.
Disagreement with Changes: If you do not agree with material changes, you may terminate services per your program's cancellation terms and request data deletion (subject to legal retention requirements).
Policy Archive: Previous versions of this Privacy Policy are available upon request for your review.
13 Contact Us
We're here to help with any privacy concerns, data access requests, or questions about how we handle your information.
Privacy Questions or Requests
Exit Strategy Ads
4077 Malawi Trl
Saint Cloud, FL 34772
Osceola County, Florida, USA
Email: privacy@exitstrategyads.com
Response Time: We acknowledge all privacy inquiries within 5 business days and fulfill requests within 30 days (GDPR) or 45 days (CCPA/CPRA).
What to Include in Your Request
- Full name and contact information
- Specific nature of your request (access, deletion, correction, opt-out)
- Account or email address associated with your data
- Any relevant dates or details that help us locate your information
Identity Verification
For security purposes, we may ask you to verify your identity before fulfilling data access or deletion requests. This protects your information from unauthorized access.
Your privacy matters. Your business independence matters more.
We built Exit Strategy Ads on the principle that supplement brands deserve to own their customer relationships and build businesses that survive without Amazon. That same philosophy extends to how we handle your data—with transparency, respect, and your best interests at the center of every decision.
If you have questions about this Privacy Policy or how we protect your information, we're always here to talk.
Exit Strategy Ads
Building supplement brands that survive—and thrive—independently.