Privacy Policy
This Privacy Policy describes how PV Holdings Corp ("PV Holdings", "we", "us", or "our") collects, uses, discloses, retains, and protects personal information when you use the PrimeVentures App ("App", "Service") and the websites located at pvholdingscorp.com (collectively, the "Services").
PrimeVentures App connects to Meta Platforms, Inc. ("Meta") products — including Facebook, Instagram, the Meta Marketing API, the Conversions API, the Pages API, the Catalog API, the Instagram Graph API, and the Messenger Platform — on behalf of advertisers, businesses, and their authorized employees ("Customers", "you") to help create, manage, and optimize advertising and content on those platforms.
Contents
1. Who we are
PV Holdings Corp is the operator of the PrimeVentures App. For the purposes of the EU/UK GDPR, PV Holdings Corp is the data controller for personal information collected directly from visitors of pvholdingscorp.com and from individuals who register for the Service. For personal information that PrimeVentures App processes on behalf of Customers (for example, advertising data, audience data, leads, or page content accessed via Meta APIs), PV Holdings Corp acts as a data processor on the Customer's instructions.
2. Scope and your role
This Privacy Policy applies to:
- Visitors of pvholdingscorp.com.
- Customers and their authorized users who sign in to PrimeVentures App using Facebook Login for Business.
- End users whose data is processed by the App because a Customer authorized us to access their Meta business assets (for example, Lead Ads form submissions, Page comments, or Messenger conversations).
If you are an end user and you believe a Customer is using PrimeVentures App to process your personal information, please contact that Customer first. We will assist them in responding to your request as required by applicable law.
3. Information we collect
3.1 Information you provide
- Account information: name, email address, business name, role, and password (hashed) when you register.
- Billing information: billing address and payment-method metadata. Card numbers are processed by our PCI-DSS-compliant payment processor and are not stored by us.
- Support communications: messages, attachments, and metadata when you contact us.
3.2 Information collected automatically
- Usage data: pages visited, features used, timestamps, referring URL.
- Device data: IP address, browser type and version, operating system, device identifiers, and approximate location derived from IP.
- Cookies and similar technologies: for authentication, security, preferences, and analytics. You can control cookies through your browser settings.
4. Information we access from Meta on your authorization
When you connect a Meta business asset (Ad Account, Page, Catalog, Instagram Business Account, or WhatsApp Business Account) through Facebook Login for Business, PrimeVentures App accesses the data needed to perform the use cases you have approved. Depending on the permissions you grant, this may include:
| Use case / Permission | Data accessed | Purpose |
|---|---|---|
Create & manage ads (ads_management, ads_read, business_management) |
Ad Account ID, campaigns, ad sets, ads, creatives, budgets, schedules, audiences, custom audiences metadata, performance metrics. | To create, edit, pause, duplicate, scale, and report on ad campaigns at your direction. |
| Measure ad performance | Insights data: impressions, reach, clicks, conversions, spend, ROAS, breakdowns. | To produce dashboards and reports for the Customer. |
Capture & manage ad leads (leads_retrieval, pages_manage_ads) |
Lead Ads form submissions including names, emails, phone numbers, and other fields the form asks for. | To deliver leads to the Customer's CRM, spreadsheet, or webhook in near real time. |
Manage Pages and Messenger (pages_show_list, pages_manage_posts, pages_manage_engagement, pages_messaging, pages_read_engagement) |
Page metadata, posts, comments, page-level insights, Messenger conversations between the Page and its customers. | To schedule and publish content, moderate engagement, and respond to messages on the Customer's behalf. |
Manage Instagram (instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_messages, instagram_manage_insights) |
Instagram Business Account profile, media, comments, direct messages with the account, and insights. | To publish, moderate, and report on Instagram content. |
Manage products with Catalog API (catalog_management) |
Product catalog items, price, inventory status, and feed metadata. | To synchronize catalogs and run dynamic ads. |
Authentication (email, public_profile) |
Your name, profile picture, and email associated with your Facebook account. | To create and authenticate your PrimeVentures user account. |
We only request the permissions necessary for the features you use, and we follow the principle of least privilege. We do not request access to your friends list, private posts, or other data outside the scope of these business use cases.
5. How we use information
We use the information we collect to:
- Provide, operate, maintain, and improve the Services.
- Authenticate users and protect accounts from unauthorized access.
- Execute the actions you instruct us to perform on your Meta business assets.
- Provide customer support and respond to inquiries.
- Process payments and manage subscriptions.
- Generate aggregated, de-identified analytics about Service usage.
- Detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms.
- Comply with legal obligations and enforce our agreements.
6. Legal bases for processing (EU/UK GDPR)
Where the GDPR applies, we rely on the following legal bases:
- Contract (Art. 6(1)(b)): to provide the Services to Customers.
- Legitimate interests (Art. 6(1)(f)): to secure the Services, prevent fraud, and improve product quality, balanced against your rights.
- Consent (Art. 6(1)(a)): for cookies that are not strictly necessary and for optional marketing communications. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): when we must keep records or respond to lawful requests.
7. How we share information
We share information only as described below:
- Sub-processors and service providers who help us operate the Services under written agreements that require confidentiality and adequate security — for example: cloud hosting (AWS / Google Cloud), error monitoring, transactional email, customer support tooling, and payment processing.
- Meta, when you instruct us to write data to your Meta business assets (for example, when launching a campaign).
- Customer-authorized destinations, such as a CRM or webhook the Customer has connected.
- Authorities and other parties, where required by law, valid legal process, or to protect the rights, property, or safety of PV Holdings, our users, or the public.
- Successor entities, in the event of a merger, acquisition, or sale of assets, subject to the same protections described in this Policy.
We never sell or rent personal information.
8. Data retention
We retain personal information only as long as necessary for the purposes described in this Policy:
- Account data: for the life of your account plus up to 24 months after closure for legal and accounting purposes.
- Meta business data accessed via APIs: only for as long as needed to deliver the requested feature, and then deleted or anonymized. Lead Ads data is retained for up to 90 days after delivery to the Customer's destination unless the Customer instructs otherwise.
- Logs and security data: up to 12 months.
- Backups: rotated out within 35 days.
If you disconnect PrimeVentures App from your Meta account or revoke a permission, we will stop accessing the corresponding data and will delete cached copies within 30 days, except where retention is required by law.
9. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256) for stored access tokens and personal data.
- Role-based access control and least-privilege provisioning for staff.
- Single sign-on and multi-factor authentication for production systems.
- Continuous monitoring, logging, and intrusion detection.
- Regular vulnerability scanning and periodic third-party security reviews.
- An incident-response plan with notification timelines aligned to applicable laws and Meta's Data Incident Reporting obligations.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we work hard to protect your information.
10. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Request correction or deletion.
- Object to or restrict certain processing.
- Request portability of information you provided.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data-protection authority.
California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, email privacy@pvholdingscorp.com. We will respond within the timelines required by applicable law (typically 30 days under GDPR, 45 days under CCPA).
11. Data deletion requests
You can request that we delete the personal information PV Holdings holds about you in three ways:
- From Facebook: Go to Settings & Privacy → Settings → Apps and Websites, locate "PrimeVentures App", click Remove, and select "Send a request to delete data". Meta will forward the request to us and we will process it within 30 days.
- In-app: Sign in to PrimeVentures and use Account → Delete my data.
- By email: Send a deletion request to privacy@pvholdingscorp.com from the email associated with your account.
Detailed instructions are available at pvholdingscorp.com/data-deletion.html.
12. International data transfers
Personal information may be processed in countries other than the one in which you reside. When transferring personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with supplementary technical and organizational measures.
13. Children
The Services are intended for business users and are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify you by email or through the Service. Your continued use after the changes become effective constitutes acceptance of the revised Policy.
15. Contact us
If you have questions about this Privacy Policy or our data practices, please contact:
PV Holdings Corp — Privacy Team
Email: privacy@pvholdingscorp.com
Support: support@pvholdingscorp.com
Website: http://pvholdingscorp.com/
For EU/UK data-protection matters, you may also contact our Data Protection Officer at the email above with the subject line "DPO request".