Schedule a demoMETAWIZRD
Sign in

Privacy Policy

Effective May 17, 2026English

Plain English summary

  • We manage Facebook and Instagram ads for you. To do that we read your Meta ad account, your campaign performance, and the creatives you upload.
  • We never sell your data. We never share your raw data with other MetaWiz customers.
  • We extract anonymized performance patterns across our network to make the product smarter for everyone. Your account stays yours, the patterns are statistical only, and no identifier ties them back to you.
  • You own your Meta ad account. You can leave anytime, take your data with you, and ask us to delete what we hold.
  • You can delete your data through your account settings, by emailing legal@metawizrd.com, or through Meta directly. We respond within 30 days.

This Privacy Policy explains what personal information ROAS WIZ INC. (doing business as METAWIZ, referred to as "MetaWiz," "we," "us," or "our") collects when you use the MetaWiz service, why we collect it, who we share it with, and what rights you have over it. The Service is the MetaWiz software, the marketing site at metawizrd.com, and any product surface we operate under the metawizrd.com domain (including estate.metawizrd.com and dispo.metawizrd.com).

This policy applies to people who sign up for MetaWiz, visit our marketing site, or interact with us in any other way. It does not cover websites operated by other companies that we link to. It does not cover advertising you run on Meta, which is governed by Meta's own privacy policy and your own choices about what data to collect from your leads.

1. Who we are

The MetaWiz service is operated by ROAS WIZ INC., a Florida C-corporation (Florida document number P26000021432, filed 2026-04-20). Our registered address is 333 Las Olas Way CU1, Fort Lauderdale FL 33301. ROAS WIZ INC. is the entity responsible for personal information processed through the Service. METAWIZ is the brand and product name.

For any privacy question, write to legal@metawizrd.com. For legal notice, write to legal@metawizrd.com. For everything else, write to support@metawizrd.com. We have one privacy lead, and they read every message sent to that address.

You are the controller of the lead data and the Meta ad account data you connect to MetaWiz. We are the processor for that data, acting on your instructions. Meta is a separate controller for the data that lives inside its own platform. We explain that split in more detail throughout this policy.

2. What we collect

We collect the categories of personal information below. Each category has a purpose and a retention window. We do not collect anything outside this list without telling you first.

2.1 Account information

When you sign up, we collect your name, your email address, your business name, your phone number where you provide it, and the credential record held by our authentication subprocessor (named on the subprocessor page). We never see your plain-text password. We also collect the time you signed up, the version of these terms you accepted, and the IP address you signed up from. We use this to create your account, keep you signed in, send you receipts, and confirm that you accepted our Terms.

2.2 Meta ad account data we read on your behalf

When you connect your Meta ad account to MetaWiz, we read the categories of data needed to manage your campaigns. This includes ad-account identifiers, campaign structure and performance data, creative assets, audience definitions you create inside MetaWiz, activity data from the Facebook Pages and Meta Pixels you connect, and lead-form responses your ads generate. The specific API permissions MetaWiz requests are listed on Meta's app review page for our application and disclosed during the OAuth consent step before you grant access. We never receive or store your Meta account password.

We use this data only to operate your campaigns, generate recommendations through the Wizard, and provide reporting back to you. We do not use one customer's data to directly run another customer's ads. We never combine multiple customers' campaigns in one ad account. Meta's Platform Terms and Developer Policies require that separation, and we enforce it in our infrastructure.

2.3 Creative assets you upload

When you upload images, videos, ad copy, headlines, landing-page references, or other creative material, we store it so the Wizard can use it in your campaigns. Your creative is yours. We do not license it to other customers. The only use beyond running your own campaigns is the anonymized pattern extraction described in Section 4 below, which strips all identifying details before the pattern enters the cross-customer learning layer.

2.4 Device and cookie data

When you visit our marketing site or use the product, we collect basic device data through cookies and similar technologies. This includes session cookies that keep you signed in (set by our authentication subprocessor), security cookies that protect against cross-site request forgery, your IP address, your browser type, your operating system, the pages you visit, and the actions you take inside the product. We use a privacy-respecting analytics tool on the marketing site to understand how visitors move through the site. We do not run third-party advertising pixels inside the logged-in product. Section 6 explains our cookie practices in detail.

2.5 Support communications

When you contact us through email, the in-app help widget, or any other channel, we keep a record of your message and our reply. We use this to help you, to train our support team, and to detect patterns that point to product problems. We do not use support communications to train AI models.

2.6 Payment data, held by Whop on our behalf

When you pay for a MetaWiz subscription, Whop processes the payment as the merchant of record. Whop receives your billing email, your billing address, the last four digits of your card, and the subscription tier you selected. We see the billing email, the subscription status, and the payment outcome. We never see your full card number, your CVV, or any other sensitive payment credential. Your Meta ad spend does not flow through Whop or through MetaWiz. Meta charges your ad spend directly to the payment method on file in your Meta ad account.

2.7 Autopilot decisions and audit logs

When the Wizard takes any autonomous action on your behalf (only after you turn on autopilot through the in-product opt-in described in our Terms), we keep an audit record of what was done, when, why, the inputs that informed the decision, and the authorization the action ran under. The log is yours to view and export at any time from your account settings.

2.8 Lead data captured through your Meta ads

When your Meta ad runs a Meta Leadgen form, Meta returns the responses to MetaWiz through Meta's Leadgen webhook. The lead data belongs to you. We store it under your tenant, never pool it with other customers' leads, and pass it to your CRM if you have one connected. We do not use your lead data to train any model. We do not pass your lead data to Meta for retargeting beyond the audience setup you authorized.

3. How we use it

We use the data we collect for the purposes below. Each use ties to a category from Section 2.

We use account information to create your account, keep you signed in, send transactional emails like receipts and password resets, and verify that you accepted these terms. We use Meta ad account data to run the Wizard's analysis, generate recommendations, and produce reports for you. We use creative assets to compose ads on your behalf and to extract anonymized patterns for the cross-customer learning layer described in Section 4. We use device and cookie data to keep the site secure, fix bugs, and improve performance. We use support communications to help you. We use payment data to confirm your subscription is active and to send you receipts. We use autopilot logs to show you what the Wizard did and to defend you in any dispute over an autopilot outcome.

We do not use your data for behavioral advertising on third-party platforms. We do not sell or share your data within the meaning of California's privacy law. We do not use your data to build a profile of you that we share outside MetaWiz.

If we ever want to use your data for a new purpose that is not covered in this policy, we will tell you first and give you a chance to object.

4. Anonymized cross-customer learning (the Valkyrie Chip)

MetaWiz operates a cross-customer learning layer that we call the Valkyrie Chip. It is the layer that lets us tell you "video ads under fifteen seconds with social proof tend to get higher click-through rates in your vertical." The pattern is the product of looking at many customers' data; the learning is what makes MetaWiz smarter than a single-account tool.

We built the layer so that no raw customer data and no customer-identifying details cross the boundary. Before any pattern enters the cross-customer store, every identifier that could tie a record back to you or your campaigns is removed. The store holds only statistical patterns that cannot be linked back to any individual customer, account, or campaign by reasonable means. This approach is consistent with the data-separation framework set out in Meta's Platform Terms and Developer Policies.

We use these anonymized patterns to make recommendations for you and for other customers. We never sell the patterns. We never license the patterns to a third party. The patterns themselves are not personal information under California's privacy law (Cal. Civ. Code §1798.140(m)(2)) or under the European Union's GDPR (Recital 26), because they cannot be linked back to any individual or account by reasonable means.

If you delete your account, the raw data we hold about you is deleted on the timeline in Section 8. The anonymized patterns derived from your account remain in the learning layer, because they are no longer personal data and cannot be tied back to you.

We use Anthropic, PBC for the AI inference that powers the Wizard. Anthropic processes your prompt content and the campaign metadata we send with it, returns the model output to us, and does not use your data to train its models by default under our commercial agreement with Anthropic. Section 5 lists Anthropic in our subprocessor list with a link to Anthropic's own terms.

5. Who we share with

We share your data only with the third parties we need to operate the Service. Each of those third parties is a subprocessor working under a written contract that requires it to handle your data consistent with this Privacy Policy. The categories below describe the function each subprocessor performs, the type of data it sees, and the region where the processing happens. The named, current list of subprocessors, along with the last-updated date and the changelog of every addition and replacement, lives at metawizrd.com/legal/subprocessors. That page is the canonical record. Reading it together with this section gives you a complete view of who touches your data.

We rely on a managed cloud database vendor to store your account record, your campaign metadata, your audit logs, and the encrypted OAuth tokens that let MetaWiz read your Meta ad account on your behalf. The database is hosted in the United States. We rely on a frontend hosting and edge-network vendor to serve the marketing site and the logged-in product to your browser. The vendor's primary region is the United States; its edge network serves cached content from the location closest to you. We rely on a backend application hosting vendor to run our FastAPI service, our Redis queue, and our background workers. The backend processes every Meta API call and every scheduled job. The vendor's primary region is the United States.

We rely on an identity and authentication vendor to manage your sign-in, your session tokens, and any social login you use. The vendor stores your email address and the hashed credential that proves it is you. We never see your plain-text password. We rely on an AI inference vendor to power the Wizard. When the Wizard analyzes a campaign or drafts a recommendation, it sends the relevant prompt content and the campaign metadata around it to that vendor's hosted model, then returns the output to you. Under our commercial agreement with that vendor, your data is not used to train the model. The named vendor and a link to its commercial terms are on the public subprocessor page.

We rely on a payment-processing vendor that acts as the merchant of record for your MetaWiz subscription. That vendor receives your billing email, your billing address, the last four digits of your card, your subscription tier, and the outcome of each payment. We see the billing email, the subscription status, and the payment outcome. We never see your full card number or your CVV. Your Meta ad spend never flows through this vendor or through MetaWiz, because Meta charges your ad spend directly to the payment method on file in your own Meta ad account. We rely on a transactional email vendor to deliver your receipts, your password resets, your autopilot notifications, and your account alerts. That vendor sees your email address and the content of any message we send to it. If we add an application monitoring vendor in the future to capture errors and performance traces, we will list the vendor on the public subprocessor page before the integration goes live and give the thirty-day notice described in this section. When that vendor ships, personal information will be scrubbed at the SDK layer before any payload leaves our systems.

Every subprocessor named on the public list is bound by a written contract, processes your data only on our documented instructions, is required to maintain confidentiality and to apply security measures at least as strong as ours, and is required to support your data-subject rights and to delete data on request. When we add or replace any material subprocessor, we will post the change on the public list with at least thirty days' notice, email the billing contact on file, and post a banner inside the product for active accounts. You can object to a new subprocessor on documented data-protection grounds within the notice period. If we cannot accommodate your objection, you may terminate the affected services and receive a pro-rated refund of any prepaid fees, as set out in our Terms.

We also share data when the law requires it, when we need to defend our legal rights, when the data is needed to prevent fraud or to protect the security of the Service, and when a court or regulator orders us to. We will tell you first unless we are legally prohibited from doing so.

Meta is not a subprocessor of MetaWiz. Meta is the platform you connect MetaWiz to. Your relationship with Meta is governed by Meta's own terms and privacy policy. MetaWiz operates on your Meta ad account as a Tech Provider acting on your authorization; Meta processes your data under its own contract with you, not under a subprocessor contract with us.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising We do not transfer your personal information to anyone outside the subprocessors above without telling you first.

6. Cookies, tracking, and Global Privacy Control

We use cookies and similar technologies for three purposes. First, to keep the Service working (session cookies from Clerk that keep you signed in, security cookies that prevent cross-site request forgery, a cookie that remembers your own cookie preferences). Second, to understand how the marketing site is used (a privacy-respecting analytics tool, no third-party advertising pixels). Third, to deliver the in-product experience (a small set of preference cookies that remember what you toggled in your account settings).

We do not run behavioral retargeting pixels inside the logged-in product. We do not currently run the Meta Pixel or any other third-party advertising pixel on the marketing site. If we ever add advertising pixels in the future, we will collect your consent before they fire and update this Privacy Policy at least thirty days before the change takes effect.

We honor the Global Privacy Control browser signal (the Sec-GPC header) as a valid opt-out request for the sale or sharing of personal information under California law and equivalent state laws. If your browser sends the signal, we will not share any data that would otherwise count as sharing for behavioral advertising. We confirm this in writing to anyone who asks.

You can change your cookie preferences on the marketing site through the "Cookies" link in the footer. You can also clear cookies through your browser's privacy settings. Clearing cookies will sign you out of the product and reset your preferences. The full cookie inventory lives at metawizrd.com/cookies.

7. Your rights

You have rights over the personal information we hold about you. The specific rights depend on where you live. We honor each right described below regardless of where you live, because the system to deliver them is the same.

7.1 California residents (CCPA and CPRA)

If you live in California, the California Consumer Privacy Act as amended by the California Privacy Rights Act gives you the right to know what personal information we collect about you, the right to delete that information, the right to correct inaccurate information, the right to opt out of the sale or sharing of your personal information, the right to limit our use of sensitive personal information, and the right not to be discriminated against for exercising any of these rights (Cal. Civ. Code §§1798.100, 1798.105, 1798.106, 1798.120, 1798.121, 1798.125).

We do not sell or share your personal information. We do not use sensitive personal information for any purpose beyond providing the Service you signed up for. We honor Global Privacy Control as a valid opt-out request. To exercise any of these rights, use the controls in your account settings or email legal@metawizrd.com. We respond to verifiable requests within forty-five days. We may extend the response window by another forty-five days when we need more time, and we will tell you if we do.

You can designate an authorized agent to make requests on your behalf. We will verify the agent's authority before acting. There is no fee for any of these rights unless your request is manifestly unfounded or excessive, in which case we will explain why and tell you the fee before we charge anything.

7.2 European Union and European Economic Area residents (GDPR)

If you live in the EU or EEA, the General Data Protection Regulation gives you the rights to access your data, rectify it, request erasure, restrict processing, port it to another provider, object to certain processing, and not be subject to solely automated decisions with legal or similarly significant effects (GDPR Articles 15 through 22).

MetaWiz V1 is offered in the United States. If you signed up from inside the EU or EEA, your personal data is transferred to and processed in the United States. We rely on Standard Contractual Clauses and, where available, the EU-US Data Privacy Framework for these transfers. Each of the subprocessors in Section 5 has its own safeguards listed at metawizrd.com/legal/subprocessors.

We process your data on the legal bases of contract performance (delivering the Service you signed up for), legitimate interests (improving the Service and detecting fraud), and consent (where you opt in to autopilot or to analytics). You have the right to lodge a complaint with the supervisory authority in your member state. To exercise any of your GDPR rights, write to legal@metawizrd.com. We respond within one month, extendable by two more months when the request is complex.

7.3 Residents of other US states

If you live in Virginia, Colorado, Connecticut, Texas, Maryland, Florida, or another state with a comprehensive privacy law, you have rights similar to the California rights above. The mechanism is the same: use the controls in your account settings or email legal@metawizrd.com. We respond within forty-five days.

7.4 Everyone

Regardless of where you live, you can request a copy of your data, ask us to delete it, ask us to correct an error, or ask a question by writing to legal@metawizrd.com from the email address on file. We will verify your request through a one-step email round-trip, then respond within thirty days.

8. Data deletion

You can request deletion of your personal data at any time. The fastest path is the "Delete my account" button in your account settings, which authenticates the request through your active session. You can also email legal@metawizrd.com from the email address on file. We will verify the request and confirm completion within thirty days.

When we delete your data, we remove it from our active systems within thirty days. We also apply deletion against any backup copies as part of our standard backup rotation, with controls that prevent re-introduction of deleted data into live systems. If a backup is restored for any operational reason, the deletion runs again automatically against the restored data.

We may retain a limited subset of data past a deletion request when the law requires it. Tax and financial records are retained for seven years. A hashed identifier may be retained for fraud detection. Anonymized patterns derived from your account, as described in Section 4, remain in the cross-customer learning layer because they are no longer personal data.

If you connected your Meta ad account to MetaWiz, you can also request deletion through Meta directly using the data-deletion controls in your Facebook account settings. Meta will notify MetaWiz through Meta's standard data-deletion callback, and we will process the deletion using the same workflow. We verify the callback's authenticity, log every deletion request to an internal audit record, and return the confirmation Meta requires. User-initiated deletions follow the same workflow, gated by your authenticated session.

You can view the status of a deletion request through a confirmation page we surface to you when the request is filed. The page shows the date the request was received and the expected completion date.

9. Data retention

We keep personal data only as long as we need it. The default windows are below.

Ad-account performance data is retained for twenty-four months past the disconnect of your Meta account, so trends can be analyzed across multiple cycles. Lead data is retained per the setting in your account, default twelve months. Login and security logs are retained for twelve months. Autopilot audit logs are retained for twenty-four months minimum, longer if a regulatory inquiry is open. Support communications are retained for thirty-six months. Financial records (invoices, receipts) are retained for seven years to satisfy US tax law. Backups are retained on a standard rotation cycle for the primary database.

If you ask us to delete your account, we apply the deletion within thirty days as described in Section 8, subject to the legal-hold and tax carve-outs above.

10. Children

MetaWiz is a business product for adults. We do not direct the Service at children under thirteen, and we do not knowingly collect personal information from children under thirteen. If you believe a child has provided us with personal information, write to legal@metawizrd.com and we will delete it.

In jurisdictions where the child-protection threshold is higher than thirteen (such as the European Union's sixteen-year-old default, which member states may lower to thirteen), the same rule applies at the higher age.

11. International transfers

MetaWiz V1 is operated in the United States. All processing happens on infrastructure hosted in the United States. The subprocessors listed in Section 5 process data in the regions stated in that section.

If you sign up from outside the United States, your personal data will be transferred to the United States. We rely on Standard Contractual Clauses for transfers from the EU, the UK, and Switzerland, and on the EU-US Data Privacy Framework where the subprocessor self-certifies under it. We will expand this section as we add international hosting regions or subprocessors.

12. Security

We protect your data with technical and organizational measures appropriate to the risk. Data is encrypted in transit (TLS 1.2 or higher) and at rest. We enforce tenant separation so one customer's data is never exposed to another customer. OAuth tokens for your Meta ad account are stored encrypted and rotated on a regular schedule. Sign-in and credential handling are performed by our authentication subprocessor (named on the subprocessor page).

We monitor and log access to your data so we can investigate any unusual activity. We follow rate-limit and abuse-prevention practices designed to keep your Meta account in good standing. Specific implementation details are available to customers on request, under NDA, through our security review process.

No system is perfect. If a breach happens that is likely to put your rights at risk, we will tell you within seventy-two hours of becoming aware of it, as required by the GDPR for EU residents, and as a matter of policy for everyone else.

13. Automated decision-making

The Wizard, our AI agent, processes your campaign data and produces recommendations. In MetaWiz V1, the Wizard reads and recommends only. It does not take automated action on your ad account unless you turn on autopilot through an explicit, in-product opt-in. If you opt in to autopilot, the Wizard takes the specific categories of action you authorized. We log every autonomous decision and tie it to your authorization. You can view, export, and revoke at any time. The full architecture lives in our Terms.

We disclose the AI involvement here so you know what is happening. The AI inference for the Wizard is performed by an AI subprocessor named on our subprocessor page. We do not use third-party data brokers to make decisions about you.

You have the right to ask for human review of any autopilot decision that affects you. Write to legal@metawizrd.com and we will look at the decision with a human and respond within thirty days.

14. Changes to this policy

We will update this policy from time to time. When we make a material change, we will tell you at least thirty days before the change takes effect by email to the address on file and by a banner inside the product. When we make a non-material change (typo, clarification, vendor swap that does not change what we collect), we will update the policy and the "last updated" line. The full version history is available at metawizrd.com/legal/privacy/changelog.

Continued use of the Service after the effective date of a change means you accept the updated policy. If you do not accept a material change, you can cancel as described in our Terms.

15. Contact

For any privacy question, complaint, or request, write to us at:

ROAS WIZ INC. (d/b/a METAWIZ) 333 Las Olas Way CU1 Fort Lauderdale, FL 33301 United States

legal@metawizrd.com (privacy questions, deletion, access, correction) support@metawizrd.com (general help) legal@metawizrd.com (legal notice)

We read every email sent to these addresses. We respond within thirty days, sooner when we can.

This Privacy Policy is between you and ROAS WIZ INC. (d/b/a METAWIZ). It is governed by the laws of the State of Florida, without regard to its conflict of laws provisions. Disputes are handled as described in our Terms of Service.

Questions? Email legal@metawizrd.com or support@metawizrd.com.