Aveyo Dashboards
Last updated May 6, 2026Effective May 6, 2026

Privacy Policy

Aveyo Solar (“Aveyo,” “we,” “us,” or “our”) operates Aveyo Dashboards (the “Service”), available at aveyodashboards.com. This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.

By using Aveyo Dashboards, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

Aveyo Solar
1261 S 820 E #300
American Fork, UT 84003
Email: info@aveyo.com
Phone: (833) 362-8300

Aveyo Solar also maintains regional offices in California, Illinois, and Pennsylvania. For the purposes of this Privacy Policy, the entity responsible for the Service is Aveyo Solar at the American Fork, Utah headquarters listed above.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use the Service, we collect:

  • Account information: name, email address, password (stored as a one-way hash)
  • Workspace information: workspace name, slug, and member roles
  • Communications: any messages you send to our support team

2.2 Third-Party Account Credentials

When you connect a third-party advertising or CRM platform to the Service, we collect and store the credentials you provide so the Service can retrieve your data on your behalf:

  • Meta (Facebook) Ads Manager: access tokens generated through Meta Business Manager System Users, along with the Ad Account ID(s) you authorize
  • GoHighLevel: Private Integration Tokens and Location IDs you authorize

These credentials are encrypted at rest using industry-standard encryption and are accessible only to the workspace member(s) you authorize.

2.3 Data Retrieved from Connected Platforms

Once you authorize a connection, we periodically retrieve and cache the following data so we can display it in your dashboard:

  • From Meta Ads Manager: ad account metadata, campaign details, ad set details, ad creative metadata, performance metrics (spend, impressions, clicks, CTR, CPC, conversions), audience breakdowns, and related insights data
  • From GoHighLevel: contact records, opportunity records, pipeline configurations, and related CRM data

We retrieve only the data necessary to provide the Service and only from accounts you have explicitly authorized.

2.4 Automatically Collected Information

When you use the Service, we automatically collect:

  • Usage data: pages viewed, features used, timestamps, and actions taken within the Service
  • Device data: browser type, operating system, IP address, and device identifiers
  • Cookies and similar technologies: session cookies for authentication and preference cookies for settings (we do not use third-party advertising cookies on the Service)

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and secure accounts
  • Sync, display, and analyze data from your connected platforms within your dashboard
  • Communicate with you about your account, security, and product updates
  • Detect, prevent, and respond to fraud, abuse, or technical issues
  • Comply with legal obligations

We do not sell your personal information. We do not use data retrieved from Meta or GoHighLevel APIs for advertising, profiling outside your workspace, or any purpose other than providing the Service to you.

4. Compliance with Meta Platform Terms

Aveyo Dashboards uses the Meta Marketing API to retrieve advertising data on behalf of authorized users. Our use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including their requirements on limited use of data.

Specifically:

  • We access Meta data only when explicitly authorized by an admin of the relevant Meta ad account
  • We use Meta data solely to provide the dashboard and reporting features the user has signed up for
  • We do not transfer Meta data to data brokers, ad networks, or other third parties for their independent use
  • We do not use Meta data for retargeting, building user profiles, or training AI/ML models
  • Users may revoke our access at any time through Meta Business Manager or by removing the connection in our Service

5. How We Share Information

We do not sell or rent your personal information. We share information only in the following limited circumstances:

  • Service providers: with vendors who help us operate the Service under written confidentiality agreements (see Section 6)
  • Workspace members: within your workspace, members can see data shared in that workspace based on their assigned role
  • Legal requirements: when required by law, subpoena, court order, or to protect the rights, safety, or property of Aveyo, our users, or the public
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users

6. Service Providers We Use

To operate the Service, we share data with the following processors under appropriate contractual and security safeguards:

  • Supabase: database hosting, authentication, and serverless function execution (data stored in U.S. regions)
  • Lovable / Vercel: application hosting and content delivery
  • Cloudflare: DNS, edge security, and traffic protection
  • Meta Platforms, Inc.: API provider for ad data (we send only authentication tokens and required query parameters)
  • HighLevel: API provider for CRM data
  • Email service providers: for transactional emails (account verification, password reset, etc.)

Each provider is bound by their own privacy and security commitments. We review provider security posture before integration.

7. Data Retention

We retain your information only as long as necessary to provide the Service:

  • Account information: retained until you delete your account, then permanently deleted within 30 days
  • Connected platform credentials: retained until you remove the connection or delete your account, then permanently deleted within 7 days
  • Cached platform data: retained on a rolling basis (typically the most recent 13 months) and refreshed/overwritten on each sync
  • Usage logs: retained for up to 12 months for security and debugging purposes
  • Sync logs: retained for up to 90 days

Backup copies are purged within an additional 30 days after primary deletion.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal information we hold about you
  • Correction: ask us to correct inaccurate information
  • Deletion: request deletion of your account and associated data
  • Portability: receive your data in a portable format
  • Objection / Restriction: object to or restrict certain processing activities
  • Withdrawal of consent: revoke consent for processing where consent is the legal basis

To exercise any of these rights, contact us at info@aveyo.com or use our Data Deletion Request page. We respond to verified requests within 30 days.

California Residents (CCPA/CPRA): You have additional rights, including the right to know what personal information we collect and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

  • TLS/HTTPS encryption for data in transit
  • AES-256 encryption at rest for sensitive credentials
  • Row-level security policies isolating data between workspaces
  • Access controls and authentication requirements for all internal systems
  • Regular security reviews of dependencies and infrastructure

No method of transmission over the internet is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

10. International Data Transfers

The Service is hosted and operated from the United States. If you access the Service from outside the U.S., you acknowledge that your information will be transferred to, processed in, and stored in the U.S., which may have data protection laws different from those in your country.

11. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. If you believe a child has provided us with personal information, please contact info@aveyo.com.

12. Third-Party Links and Integrations

The Service may contain links to third-party websites or display data from third-party platforms. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on this page with a new “Last Updated” date
  • Notify you by email if you have an active account
  • For significant changes, obtain your consent where required by law

14. Contact Us

For questions, concerns, or requests related to this Privacy Policy:

Email: info@aveyo.com
Phone: (833) 362-8300
Mail: Aveyo Solar, 1261 S 820 E #300, American Fork, UT 84003