Data & Privacy

Integrations

How does the Meta integration work?

Per one customer's organization account, one (main) user of the customer can authenticate their Meta Ads Manager account through the Kitchn.io application that is registered with Meta. The integration will allow the user to select their ad accounts, in order to make them available within the Kitchn.io platform. Kitchn.io is a certified Meta Business Partner.

When the integration is successful, users can set up automations to perform actions such as: Creating ads or ad sets in Meta, uploading media creatives into the Meta Asset Library, or take actions based on rules (such as reduce budget, when CPM is over a certain threshold).

All these requests are handled through the Meta Marketing API. Only accounts that are selected to be available by the main user are available.

Invited users are able to perform automations through the same authentication of the main user.

In Meta, these actions will show up as performed by the main user, but marked as performed through the Kitchn.io Application (instead of, for example, in the Meta Ads Manager).

See all requested permissions below.

How does the Google Drive integration work?

When you connect to Google Drive, the Kitchn.io App will connect your user name and email address with your Google credentials.

Only files that you explicitly select and share with the application will be accessible.

We use Google's recommended non-sensitive scope drive.file.

Note: The user who connects their Google Drive account shares access with their colleagues.

How does the Dropbox integration work?

Kitchn.io integrates with Dropbox using their Chooser product. That means there is no connection between Kitchn.io and Dropbox other than for the exact files a user chooses from their own Dropbox account.

When a file is chosen, Dropbox generates a download URL. This is passed on to Kitchn.io to store the asset on our servers, and then to upload to the desired Ad platform.

How does the Slack integration work?

Adding Kitchn.io's app to your Slack workspace works via the 'user creation' in the integration. This allows anyone in your Kitchn.io organization to select any private and public channels to send automated messages. No content of said channels is shared with Kitchn.io. See exact definition of the used scopes below.

Privacy

Is your Privacy Policy accessible online?

Yes, you can find it under www.kitchn.io/privacy

Is Personally Identifiable Information (PII) shared with Kitchn.io?

Per default, some integrations share PII such as names and email addresses with Kitchn.io, which are required for the integration to function correctly. No further PII beyond these are shared with, or stored in Kitchn.io

Server and Data processing

Where are your servers located?

Kitchn.io's servers are hosted by AWS in Frankfurt, Germany.

Is my users' data shared with Kitchn.io through the Ad platform integrations?

Any data shared by Ad platforms with Kitchn.io is shared at an aggregated level, and never using any PII from end users.

What type of data is processed by Kitchn.io?

Being a German company that is regulated under GDPR, generally only absolutely necessary data is stored. Kitchn.io never stores the individual customer data of our customers.

Typically, the data that is stored can be structured in 3 ways: a) Kitchn.io user data, b) Meta ad account data, and c) Meta performance data.

a) User data includes necessary emails, names, as well as emails used for integrations (Slack, Meta).

b) Meta ad account data includes ad account ids and ad account names

c) Meta performance data is only stored - when necessary - for a required use case. Kitchn.io's Rules product, for example, will store aggregated performance data to evaluate if the rule's parameters are met. This data is requested through the Meta Insights API.

Data Security and Access

How are users' credential stored?

Users' credentials - e.g. when using Meta's Auth integration with Kitchn.io - are stored encrypted on our servers using industry best-practices.

What security measures are in place?

Making Kitchn.io a safe software to use for our customers is accomplished through a multi-fold approach, ensuring best-practices in development, monitoring, employee training, as well as user training:

• Adoption of Cloud Platforms with Strong Security Practices (in our case AWS with highest security standards)

• Access Controls through Principle of Least Privilege, Short-Lived and Rotating Tokens, as well as Multi-Factor-Authentication (MFA) for in-production employees

• Logging and Monitoring allowing both real-time activity log, as well as audit trails of complete history.

• Employee training: Educating employees on security best practices and monitoring customers' accounts as well as requiring MFA, where possible

• User training: Automations can be set up to inform users when ad account behaviour seems unusual (particular high bids, high spend etc.)

Reference

Meta Permissions and Features for the Kitchn.io App

Ads Management Standard Access	Allows your app to access the Marketing API.	✅
public_profile	Allows reading Default Public Profile Fields on the User node.
email	Allows reading a person's primary email address.
Business Asset User Profile Access	Allows reading User Fields for users engaging with business assets.	✅
ads_management	Allows reading and managing Ads accounts.	✅
pages_read_engagement	Allows reading content and metadata posted by the Page.
business_management	Allows reading and writing with the Business Manager API.	✅
pages_read_user_content	Allows reading and managing user-generated content on the Page.
pages_show_list	Allows accessing the list of Pages a person manages.
pages_manage_ads	Allows managing ads associated with the Page.	✅
pages_manage_posts	Allows creating, editing, and deleting Page posts.
pages_manage_engagement	Allows managing comments posted on the Page.

Slack Scopes for kitchn.io

Scope	Type	Description
chat:write	Bot Token Scope	Send messages as @kitchn.io
channels:read	User Token Scope	View basic information about public channels in a workspace
groups:read	User Token Scope	View basic information about a user’s private channels