Privacy Policy

Last updated: April 22, 2026

AiAdsCenter ("we", "us", "our") operates the web platform at aiadscenter.com and the connected apps at app.aiadscenter.com, pages.aiadscenter.com and video.aiadscenter.com (together, the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and the choices you have.

If you have questions about this policy or want to exercise your rights, email legal@aiadscenter.com.

1. Who is the data controller

AiAdsCenter is the data controller for personal data processed through the Service. Business location: Israel. Contact: legal@aiadscenter.com.

2. Data we collect

Account data — email, user identifier, authentication tokens, language preference.

Usage data — pages visited, features used, clicks, generation counts, error logs, referrer, approximate location derived from IP, device metadata (browser, OS, screen size).

Content data — briefs, uploaded photos, generated ads, landing pages and videos, campaign metadata, domains you connect.

Billing data — plan, credits, invoice metadata. Card details are processed by our payment provider and are not stored by us.

Cookies and similar technologies — see Section 6.

3. Legal basis for processing (GDPR)

• Contract — to provide the Service you requested (account, generations, publishing).
• Legitimate interest — to secure the Service, prevent abuse, fix bugs, measure aggregate performance.
• Consent — for non-essential cookies (analytics, marketing), optional email communication. You can withdraw consent at any time.
• Legal obligation — to comply with applicable law (tax, anti-fraud, court orders).

4. How we use data

• Operate the Service — sign-in, generation jobs, saving work, publishing.
• Improve the Service — aggregate analytics, feature usage, error triage.
• Security — detect fraud, abuse, unauthorized access.
• Communication — transactional emails you need (account, billing). Marketing emails only with your consent.
• Legal compliance — tax, audits, regulator requests.

We do not use your uploaded content to train public AI models. Third-party generation providers act on our instructions under their own terms.

5. Third-party processors and sub-processors

Depending on the features you use, the Service may share data with:

• Supabase — database, file storage, authentication (data stored in EU region).
• Google Cloud Run, Google Cloud Storage — hosting and storage.
• Google Analytics 4 — web analytics (only with your analytics-cookie consent; IP anonymized).
• Fal.ai, OpenAI, and other AI providers — generation jobs you trigger.
• Meta, TikTok, YouTube — when you explicitly connect accounts to publish ads.
• Namecheap — when you use our custom-domain feature.
• Payment processor — billing and invoicing.

Processors outside the EU/EEA process data under Standard Contractual Clauses or equivalent safeguards.

6. Cookies

We use three cookie categories:

• Strictly necessary — session, language, authentication. Always on. Cannot be disabled.
• Analytics — Google Analytics 4 (_ga, _ga_*). Only set after you accept analytics cookies.
• Marketing — ad-platform pixels (Meta, TikTok) used to measure campaign performance. Only set after you accept marketing cookies.

You can change your choice any time using the Cookie preferences link in the footer. Your choice is stored in a first-party cookie named cc_cookie.

7. Data retention

• Account data — while your account exists, plus up to 12 months after deletion for legal and dispute resolution.
• Content data (generations, landing pages) — while you keep them or until you delete them. Hard-deleted content is purged within 30 days.
• Billing data — retained as required by applicable tax law (typically up to 7 years).
• Logs — up to 90 days.

8. Your rights

If you are in the EU/UK (GDPR), California (CCPA/CPRA), Brazil (LGPD), Canada (PIPEDA) or a comparable jurisdiction, you have the right to:

• Access — a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and associated personal data.
• Portability — receive your content in a machine-readable format.
• Restriction / Objection — limit or object to specific processing.
• Withdraw consent — for analytics/marketing cookies or email marketing, at any time.
• Non-discrimination (California) — we will not discriminate against you for exercising your rights.
• Do Not Sell / Share (California) — we do not sell personal data. Marketing cookie consent controls any sharing for cross-context behavioral advertising.

To exercise any right, email legal@aiadscenter.com. We verify identity before acting and respond within 30 days (45 days max under GDPR if extended).

EU residents also have the right to lodge a complaint with their local supervisory authority.

9. International data transfers

Our hosting is in the EU (Google Cloud europe-west1, Supabase eu-west-1). When we transfer personal data to processors outside the EU (for example, US-based generation providers), we rely on Standard Contractual Clauses and adequacy decisions where available.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has given us personal data, email legal@aiadscenter.com and we will delete it.

11. Security

We use HTTPS, access controls, encrypted storage at rest (provider level), audit logs and scoped tokens. No system is perfectly secure; to report a vulnerability, email security@aiadscenter.com or see security.txt.

12. Changes to this policy

We may update this policy when the Service changes, when providers change, or when law requires. Material changes are announced by updating the date at the top of this page and, where required, by email.

13. Contact

• Privacy and data requests: legal@aiadscenter.com
• Security: security@aiadscenter.com
• General support: support@aiadscenter.com