Data controller
- Legal name
- IZEME Platform, S.L.
- Trade name
- Izeme
- Tax ID (CIF)
- B88969076
- Registered office
- Alcalá de Henares, Madrid, España
- admin@izeme.io
- Website
- https://www.izeme.io
Purpose of processing
Izeme processes personal data for the following purposes, always linked to providing and improving its services:
- Manage contact forms and commercial inquiries.
- Handle support requests and incidents.
- Operate automation workflows and platform processes.
- Manage user accounts and service access.
- Improve performance, usability and platform evolution.
- Analytics, metrics and usage measurement.
- Send communications related to the contracted or requested service.
- Manage authorized OAuth integrations: Google Ads API, Meta Marketing API, TikTok Marketing API and Google Calendar API.
Categories of data
Depending on use of the website and platform, Izeme may collect:
- Name and surname.
- Email address.
- Phone number.
- Real estate agency or organization name.
- Information submitted through forms.
- Technical navigation and usage data.
- Cookies and similar technologies.
- IP address and device/browser data.
- OAuth integration data: Google Ads, Meta Ads, TikTok Ads and Google Calendar (as connected by the user).
Legal basis
Processing is based on one or more of the following legal grounds, as applicable:
- User consent.
- Contract performance or pre-contractual measures.
- Izeme's legitimate interest in operating, protecting and improving the service.
- Compliance with applicable legal obligations.
Retention
Personal data is retained for as long as necessary to fulfill the purpose for which it was collected, manage the user relationship and meet applicable legal obligations.
Once those purposes and obligations are fulfilled, data is securely deleted or anonymized, unless it must remain blocked by legal requirement. See also the «Data deletion and retention» section.
Recipients and processors
Izeme may use technology and operational providers acting as processors or service providers necessary to operate the platform, including:
- Hosting and secure cloud infrastructure.
- Automation and workflow orchestration tools.
- CRM and commercial management systems.
- Analytics and measurement platforms.
- Messaging and communications services.
- Lead capture and form tools.
- Email and notification providers.
These providers process data under Izeme's instructions and apply appropriate security and confidentiality measures.
Integration with Google Ads API
Data controller for this integration: IZEME Platform, S.L. (admin@izeme.io). Izeme uses the Google Ads API so authenticated users can manage their own advertising accounts from the application.
Processing purposes:
- Allow users to manage Google Ads campaigns from Izeme.
- Display metrics and performance in the analytics dashboard.
- Automate internal reporting for the real estate agency.
Access method: OAuth 2.0 — the user authorizes on Google's consent screen.
Read operations (within granted permissions):
- Advertising accounts (Customer ID), campaigns, ad groups and ads.
- Status, budgets, dates and campaign settings.
- Aggregated metrics: impressions, clicks, CTR, cost and conversions.
Write operations (only when the user authorizes the relevant OAuth scopes):
- Create or pause campaigns and ad groups (depending on granted permissions).
- Adjust budgets and ad statuses authorized by the user.
Categories of data processed (examples):
- Customer ID and account or campaign names.
- Campaign status, budgets and dates.
- Aggregated advertising performance metrics.
Legal basis: contract performance and the user's explicit consent through the provider OAuth flow. Retention: while the integration remains active and for applicable legal periods. Sharing: data is not sold; only necessary technical subprocessors (hosting, databases, secure cloud infrastructure) under contract.
Why this is necessary for platform functionality:
Google Ads access allows the real estate agency to operate its own advertising accounts from Izeme (metrics, campaign management and reporting). Izeme is not the owner of the client's Google Ads account.
- What is accessed: advertising account identifiers (Customer ID), campaign structure, settings, budgets, dates and aggregated performance metrics (impressions, clicks, CTR, cost, conversions).
- How it is used: to display dashboards, automate internal agency reports and perform campaign actions explicitly initiated by the user in Izeme.
- What is not accessed: Izeme does not request access to Gmail, Google Drive, contacts or other Google services unrelated to the authorized Ads/Calendar scopes.
Revoking access: Disconnect in app.izeme.io → Integrations, or revoke access from the Google account.
Additional technical documentation: Product · Integrations.
Integration with Meta Marketing API
Data controller for this integration: IZEME Platform, S.L. (admin@izeme.io). Izeme allows connecting Meta advertising accounts (Facebook and Instagram Ads) via OAuth so agencies manage campaigns from one dashboard.
Processing purposes:
- Manage campaigns, ad sets and creatives on Meta.
- View performance metrics (reach, clicks, leads, cost).
- Unify advertising analytics with other capture channels.
Access method: OAuth 2.0 — the user signs in and authorizes permissions on Meta.
Read operations (within granted permissions):
- Ad account identifiers, campaigns and ad sets.
- Status, budgets, dates and campaign settings.
- Aggregated performance metrics and insights.
Write operations (only when the user authorizes the relevant OAuth scopes):
- Create or modify campaigns and ad sets (depending on permissions).
- Adjust budgets and statuses when authorized on Meta.
Categories of data processed (examples):
- Ad account IDs, campaign data and aggregated metrics.
Legal basis: contract performance and the user's explicit consent through the provider OAuth flow. Retention: while the integration remains active and for applicable legal periods. Sharing: data is not sold; only necessary technical subprocessors (hosting, databases, secure cloud infrastructure) under contract.
Revoking access: Disconnect in app.izeme.io → Integrations, or revoke the app in Meta Business Settings.
Additional technical documentation: Product · Integrations.
Integration with TikTok Marketing API
Data controller for this integration: IZEME Platform, S.L. (admin@izeme.io). Izeme integrates TikTok Ads via OAuth so users manage TikTok campaigns from the platform.
Processing purposes:
- Manage TikTok Ads campaigns and creatives.
- View performance and cost metrics.
- Coordinate multi-channel capture (Google, Meta, TikTok) from Izeme.
Access method: OAuth 2.0 — authorization on TikTok for Business.
Read operations (within granted permissions):
- Advertiser accounts, campaigns, ad groups and metrics.
Write operations (only when the user authorizes the relevant OAuth scopes):
- Modify campaigns and budgets per granted scopes.
Categories of data processed (examples):
- Advertiser and campaign identifiers, aggregated metrics.
Legal basis: contract performance and the user's explicit consent through the provider OAuth flow. Retention: while the integration remains active and for applicable legal periods. Sharing: data is not sold; only necessary technical subprocessors (hosting, databases, secure cloud infrastructure) under contract.
Revoking access: Disconnect in app.izeme.io or revoke access in TikTok for Business.
Additional technical documentation: Product · Integrations.
Integration with Google Calendar API
Data controller for this integration: IZEME Platform, S.L. (admin@izeme.io). Izeme may sync the user's Google Calendar to schedule commercial visits and check availability after explicit OAuth authorization.
Processing purposes:
- Schedule visits and avoid appointment conflicts.
- Show commercial availability in the CRM.
Access method: OAuth 2.0 — calendar permissions on Google.
Read operations (within granted permissions):
- Events, availability and calendar metadata within granted scopes.
Write operations (only when the user authorizes the relevant OAuth scopes):
- Create or update events authorized by the user.
Categories of data processed (examples):
- Event titles, times and availability — no email or other Google services.
Legal basis: contract performance and the user's explicit consent through the provider OAuth flow. Retention: while the integration remains active and for applicable legal periods. Sharing: data is not sold; only necessary technical subprocessors (hosting, databases, secure cloud infrastructure) under contract.
Revoking access: Disconnect in app.izeme.io or revoke access from the Google account.
Additional technical documentation: Product · Integrations.
Compliance and responsible API usage
Izeme accesses third-party data only when a user voluntarily connects an integration and approves the provider's OAuth permissions (Google, Meta, TikTok or other authorized providers).
- APIs and OAuth permissions are used exclusively to deliver the platform features requested by the user (advertising management, analytics, commercial calendar and service-related automations).
- Izeme does not use data obtained through these integrations for purposes unrelated to the contracted service.
- Integrations operate under permissions granted by the user at each provider; Izeme cannot access data outside the authorized OAuth scopes.
- Users retain ownership and control of their advertising accounts (Google Ads, Meta, TikTok) and Google calendars; Izeme acts as an authorized management tool, not the account owner.
This policy supports compliance reviews for Google OAuth, Google Ads API, Meta Marketing API, TikTok Developer and other legitimate provider integrations.
Google user data and limited use
Izeme's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Izeme expressly confirms that it does NOT engage in the following activities with Google user data obtained through Google APIs (including Google Ads API and Google Calendar API):
- Sell Google user data to third parties.
- Use Google user data for personalized advertising or remarketing unrelated to providing the Izeme service to the user who authorized the integration.
- Use Google user data to train general-purpose artificial intelligence or machine learning models.
- Use Google user data for data brokerage.
- Transfer Google user data to third parties for advertising purposes unrelated to the functionality requested by the user in Izeme.
Google data is limited to the purposes described in the integration sections of this policy, protected with appropriate security measures, and shared only with technical subprocessors strictly necessary to operate the platform, under contractual confidentiality and data protection obligations.
Data deletion and retention
Users may request deletion of their personal data or account closure by contacting Izeme at admin@izeme.io, subject to applicable legal retention obligations.
- When an OAuth integration is disconnected in app.izeme.io, Izeme revokes and deletes the associated access and refresh tokens from our systems, to the extent technically permitted by the provider.
- Data synchronized from external providers is deleted or anonymized when no longer required for the service purpose, except where legal blocking applies.
- After service termination, Izeme applies proportionate retention periods and secure deletion or anonymization procedures.
To revoke permissions without deleting an Izeme account, users may use provider controls (e.g. Google → Security → Third-party access) or disconnect the integration within the application.
Your rights
Under applicable law (including GDPR where relevant), you may exercise the following rights:
- Access to your personal data.
- Rectification of inaccurate or incomplete data.
- Erasure where applicable.
- Objection to processing where legally provided.
- Restriction of processing.
- Data portability where applicable.
- Withdrawal of consent, without retroactive effect.
To exercise these rights, contact Izeme at: admin@izeme.io
Security
Izeme implements technical and organizational measures designed to protect personal information and integration tokens against unauthorized access, loss, alteration or improper disclosure, proportionate to risk and data sensitivity.
- Encrypted communications via HTTPS/TLS between browsers, applications and Izeme services.
- OAuth 2.0 authentication for integrations, with explicit user consent on the provider screen.
- Encrypted storage of OAuth access and refresh tokens where infrastructure permits, with rotation and revocation upon disconnection.
- Role-based access controls and least-privilege principles for authorized personnel and internal systems.
- Secure cloud infrastructure, backups and operational monitoring of production environments.
- Revocable third-party integrations at any time from Izeme or the provider's security settings.
These measures are reviewed periodically as the platform and API provider requirements evolve. For additional operational detail, see our Security page.
Changes
Izeme may update this Privacy Policy to reflect legal changes, API provider requirements or platform developments.
Material changes will be communicated by reasonable means and the last updated date on this page will be revised accordingly.
Contact
For privacy, OAuth integrations, data deletion or compliance inquiries: admin@izeme.io
