27,000+

AgenciesAccounts created

124,830+

ClientsClients connected

412,830+

PlatformsAccounts connected

Legal

Privacy Policy

Effective date: March 26, 2026  ·  Last updated: March 26, 2026

Joiyn.ai ("Joiyn", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and services. By using Joiyn.ai, you consent to the practices described in this policy.

This policy applies to information collected through the Joiyn.ai website, web application, and any associated services (collectively, the "Service").

1. Information We Collect

We collect information in the following ways:

Information you provide directly

Account registration details: name, email address, agency name, and password.

Billing and payment information (processed securely via Stripe — we do not store card numbers).

Communications you send us, including support requests and feedback.

Team member information when you invite colleagues to your agency account.

Information collected automatically

Usage data: pages visited, features used, connection events, and time spent in the application.

Device and browser information: IP address, browser type, operating system, and referring URL.

Cookies and similar tracking technologies (see Section 8 for details).

Information from third-party platforms

When you connect your Meta or Google account to Joiyn, we receive OAuth tokens from those platforms. These tokens are encrypted at rest using AES-256-GCM and used solely to facilitate the provisioning of access on your behalf.

We do not receive or store your clients' passwords. Clients authenticate directly with their own platform accounts.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service.

Process transactions and manage your subscription.

Send you transactional communications — account confirmations, access notifications, and billing receipts.

Send product updates, feature announcements, and promotional emails (you can unsubscribe at any time).

Improve the Service through analytics and user research.

Detect, prevent, and respond to fraud, abuse, and security incidents.

Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal data. We share information only in the following limited circumstances:

Service providers: We use trusted third-party vendors to operate the Service — including Stripe (payments), Google Cloud (infrastructure), and analytics tools. These vendors process data only on our behalf and under strict data processing agreements.

Third-party platforms: When you use Joiyn to request platform access, we communicate with Meta, Google, and other integrated platforms using the tokens you have authorised. We share only what is necessary to complete the requested action.

Legal requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of Joiyn, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you before this occurs.

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your data within 90 days, except where we are required to retain it for legal or regulatory reasons.

OAuth tokens for platform integrations are retained for the duration of the active connection and deleted promptly upon disconnection or account closure.

5. Data Security

We implement industry-standard security measures to protect your data:

All OAuth tokens are encrypted at rest using AES-256-GCM — the same standard used in financial services.

All data is transmitted over HTTPS/TLS.

Access to production systems is restricted to authorised personnel only and requires multi-factor authentication.

We perform regular security reviews and maintain a vulnerability disclosure process.

No method of transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security.

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data ("right to be forgotten").

Portability: Request your data in a structured, machine-readable format.

Objection: Object to processing of your data for direct marketing or other legitimate interest purposes.

Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing your request.

If you are located in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

7. Children's Privacy

The Service is intended for business use by adults only. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected data from a minor, we will delete it promptly.

8. Cookies

We use cookies and similar technologies to operate and improve the Service. Cookies we use include:

Essential cookies: Required for core functionality such as authentication sessions. These cannot be disabled.

Analytics cookies: Help us understand how users interact with the Service so we can improve it. These are opt-in where required by law.

Preference cookies: Remember your settings and preferences.

Marketing & advertising trackers: On our public marketing pages (i.e. not inside the authenticated agency product at /dashboard, /admin, /connect, /settings, /billing or /portal), we load the following third-party pixels so we can measure the effectiveness of our advertising and retarget visitors. Each pixel receives your IP address, browser user-agent, page URL, and a randomly generated client identifier; none receive your name, email, or any data from your agency dashboard:

Google Tag Manager (googletagmanager.com) — Google Privacy Policy.

Meta Pixel (connect.facebook.net) — Meta Privacy Policy · opt out of Meta ads.

Reddit Pixel (redditstatic.com) — Reddit Privacy Policy · opt out of personalised Reddit ads.

OpenAI (ChatGPT) Conversions Pixel (bzrcdn.openai.com) — OpenAI Privacy Policy.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service. Marketing trackers can be blocked entirely via browser-level "Do Not Track" / ad-blocker extensions or via the platform-specific opt-out links above.

9. International Data Transfers

Joiyn.ai is hosted on Google Cloud infrastructure. Your data may be processed in data centres outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses for transfers from the EU/EEA).

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Client Identity & Automated Access Revocation

Joiyn groups your business's platform connections (Google Ads, Meta, Shopify, TikTok, etc.) into a single logical "Client" record so plan limits can be applied at the business level rather than per OAuth account. We resolve which Client a new OAuth belongs to using, in order:

  • URL session token — when the agency's share link is opened, all OAuth completions in that browser session are grouped under one Client.
  • Email match — if the OAuth email matches a Client your agency has already onboarded under that email, the new OAuth is attached to that Client.
  • Business domain match — if the OAuth email's business domain (e.g. @acme.com) matches an existing Client's domain for the same agency, the new OAuth is attached. We skip this for free-mail providers (gmail, yahoo, outlook, etc.) to prevent unrelated personal-email clients from being merged.
  • If none of the above match, a new Client record is created.

Automated access revocation: when an agency cancels their subscription, downgrades to a smaller plan, or their free trial expires without converting, Joiyn automatically revokes platform-side access to your accounts on Google Ads (via Manager Account unlink), Meta (Business Manager partner removal), and TikTok (Business Center asset revoke). For downgrades, the oldest Client connections beyond the new plan's limit are revoked first; newer connections are preserved.

Revocation happens server-side via Joiyn's revocation worker; no action is required from you. Revoked connections retain their record in our database for audit + re-invite purposes, but the underlying OAuth grant is dropped at the platform. You can request deletion of these records by emailing [email protected] — see Section 6 for full data-subject rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or an in-app notification and update the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please contact our privacy team:

Joiyn AI Inc. — Privacy Team
7030 Woodbine Avenue, Suite 500, Markham, ON L3R 6G2, Canada
Phone: (647) 568-7812
Email: [email protected]
General support: [email protected]
Website: https://joiyn.ai

© 2026 Joiyn AI Inc. — All rights reserved

Privacy PolicyTerms & ConditionsContact