Privacy Policy

AdFunnel AI is the data controller responsible for your personal data. For questions or requests regarding your data, contact us at privacy@adfunnel.ai.

We collect the following categories of personal data:

• Account data: email address, name, and password (hashed) when you register.
• Google OAuth data: email address and name from Google if you sign in via Google.
• Usage data: searches performed, keywords, countries selected, analyses run, and timestamps.
• Billing data: payment information is processed and stored by Stripe. We store only your Stripe Customer ID and subscription status — we never see or store full card numbers.
• Technical data: IP address, browser type, and access logs for security and abuse prevention.

• To provide and maintain the AdFunnel AI service.
• To manage your account and subscription.
• To process payments via Stripe.
• To send transactional emails (account confirmation, billing receipts).
• To detect and prevent fraudulent or abusive activity.
• To improve our service based on aggregated, anonymised usage patterns.

We process your personal data under the following legal bases:

• Contract performance: to provide the service you signed up for.
• Legitimate interest: security, fraud prevention, and service improvement.
• Legal obligation: where required by law (e.g. tax records).
• Consent: for optional marketing communications (you may opt out at any time).

We do not sell your personal data. We share data with:

• Stripe: for payment processing. Stripe's privacy policy applies to data they handle.
• OpenAI: prompts sent for AI analysis may include anonymised competitor data from public web pages. We do not send your personal data to OpenAI.
• Railway / Vercel: cloud infrastructure providers hosting our backend and frontend under standard data processing agreements.
• Sentry: for error monitoring. Error reports may include technical context but are configured to minimise personal data.

We retain your account data for as long as your account is active. Search and analysis results are retained for 12 months then purged. Billing records are retained for 7 years as required by tax law. You may request deletion of your account at any time.

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Request erasure ("right to be forgotten") where applicable.
• Restrict or object to certain types of processing.
• Data portability (receive your data in a machine-readable format).
• Lodge a complaint with your national data protection authority.

To exercise any of these rights, email privacy@adfunnel.ai.

We use only strictly necessary cookies (session tokens stored in localStorage for authentication). We do not use advertising or tracking cookies. No cookie consent banner is required for our current implementation.

We implement industry-standard security measures: HTTPS encryption in transit, bcrypt password hashing, JWT token rotation, and access controls. No system is 100% secure; in the event of a breach affecting your rights, we will notify you within 72 hours as required by GDPR.

We may update this policy from time to time. Material changes will be notified by email or in-app notice at least 30 days before taking effect.