Ad Superpowers

Privacy Policy

Last updated: January 23, 2026

1. Introduction

Welcome to Ad Superpowers ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (encrypted)
  • Organization/company name (if applicable)

2.2 Connected Platform Data

When you connect advertising, analytics, and marketing platforms (Meta Ads, Google Ads, Google Analytics, LinkedIn Ads, TikTok Ads, Shopify, Klaviyo), we access:

  • OAuth access tokens (encrypted at rest)
  • Account IDs and names you select to connect
  • Campaign and ad performance data when you request it
  • Analytics data when you request it

Important: We do not store your advertising data permanently. Data is fetched in real-time when requested by your AI assistant and is not cached beyond temporary API response caching (maximum 30 minutes).

2.3 Usage Information

We collect information about how you use our service:

  • API request logs (tool usage, timestamps)
  • Feature usage patterns
  • Error logs for troubleshooting

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We receive from Stripe:

  • Subscription status
  • Payment history (amounts and dates)
  • Billing email address

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Ad Superpowers service
  • Authenticate your identity and manage your account
  • Connect to your advertising and analytics platforms on your behalf
  • Process your subscription payments
  • Send important service notifications
  • Respond to support requests
  • Improve our services and develop new features
  • Comply with legal obligations

4. Data Security

We implement industry-standard security measures:

  • All OAuth tokens are encrypted at rest using AES-256 encryption
  • All data transmission uses TLS/SSL encryption
  • Database connections are SSL-encrypted
  • API keys are hashed and cannot be retrieved
  • Regular security audits and updates

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Stripe (payments), Supabase (database), Upstash (caching), Resend (email), Railway (hosting), Vercel (frontend hosting), Sentry (error tracking), Klaviyo (email marketing platform integration)
  • Connected platforms: Only to fetch data you request (Meta, Google, LinkedIn, TikTok, Shopify, Klaviyo)
  • Legal requirements: When required by law or to protect our rights

6. Google API Services User Data Policy

Ad Superpowers's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Ad Superpowers commits to the following:

  • Limited use: We only use Google user data to provide and improve the features you explicitly request. Data is fetched on-demand when you use our tools.
  • No third-party transfers: We do not transfer Google user data to third parties except as necessary to provide our service, with your consent, for security purposes, or to comply with applicable law.
  • No advertising use: We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • No human review without consent: Humans do not read your Google user data unless you have given affirmative consent, it is necessary for security purposes (e.g., investigating abuse), or it is required to comply with applicable law.
  • No data selling: We do not sell Google user data to third parties, data brokers, or information resellers.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Disconnect any connected platform at any time
  • Export your data
  • Withdraw consent for data processing

To exercise these rights, contact us at support@adsuperpowers.ai

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Account information is deleted within 30 days
  • OAuth tokens are immediately revoked and deleted
  • Usage logs are retained for 90 days for abuse prevention
  • Payment records are retained as required by law (typically 7 years)

9. Cookies

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)

We do not use advertising or tracking cookies.

10. International Data Transfers

9.1 Data Location

Your data is hosted exclusively within the European Union:

  • Database: EU region (Supabase)
  • Cache: EU region (Upstash)
  • Application servers: EU region (Railway, Vercel)

We do not transfer personal data outside the EU except as required for platform integrations (Meta, Google, LinkedIn, TikTok, Shopify, Klaviyo) which you explicitly authorize.

9.2 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Report the breach to the relevant supervisory authority (Dutch DPA)
  • Provide details of the breach, affected data, and remediation steps

11. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our platform. Your continued use of the service after changes constitutes acceptance of the updated policy.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at support@adsuperpowers.ai

14. Data Protection Contact

For any data protection inquiries or to exercise your GDPR rights, contact:

Data Protection Contact: Nick Ofman

Email: nick@adsuperpowers.ai

Response Time: Within 30 days as required by GDPR

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@adsuperpowers.ai