← Back to home

Privacy Policy

Last updated: April 18, 2026

1. Data Controller

Adam Perliński (sole proprietorship)
NIP: PL9552557691
ul. Powstańców Wielkopolskich 54/50
70-130 Szczecin, Poland
Email: [email protected]

2. Information We Collect

  • Account Data: Email address, name, profile picture (from authentication provider)
  • Ad Creatives: Screenshots and ad copy you upload for analysis
  • Analysis Results: AI-generated audit reports, scores, and rewrite suggestions
  • Usage Data: Number of analyses, feature usage, timestamps
  • Technical Data: IP address, browser type, device information
  • Billing Data: Subscription status, payment history (processed by Creem as Merchant of Record)

3. How We Use Your Data

  • Contract Performance: To provide the ad auditing service you requested
  • Service Improvement: To improve AI analysis quality (legitimate interest)
  • Billing: To manage your subscription and enforce usage limits
  • Communication: To send service-related emails (account, billing, product updates)

4. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance — Core service (ad analysis, account management)
  • Legitimate interest — Service improvement, fraud prevention, analytics
  • Consent — Marketing communications (opt-in only)
  • Legal obligation — Tax/accounting records retention

5. Third-Party Data Processors

We share data with the following processors:

  • Google (Gemini AI) — AI ad analysis (USA, DPF certified)
  • OpenAI — AI fallback provider (USA, DPF certified)
  • Cloudflare R2 — Image storage (EU/Global)
  • Creem — Payment processing, Merchant of Record (EU)
  • Logto — Authentication (self-hosted, Hetzner Germany)
  • Hetzner — Server hosting (Germany)

6. International Data Transfers

Your data is primarily stored in the EU (Hetzner, Germany). Some data is transferred to the USA for AI processing (Google, OpenAI). These transfers are protected by the EU-US Data Privacy Framework (DPF) certification and/or Standard Contractual Clauses (SCCs).

7. Data Retention

  • Ad images: Retained while your account is active, deleted within 90 days of account deletion
  • Analysis results: Retained while your account is active + 30 days after deletion
  • Account data: Retained while active + 30 days after deletion request
  • Billing records: 5 years (Polish tax law, Ordynacja podatkowa)

Backup retention: For disaster recovery purposes, your data may persist in encrypted database backups for up to 90 days after deletion from the live system. Backups are stored securely in Cloudflare R2 (EU jurisdiction) and are only accessed in the event of a system failure. This retention is based on our legitimate interest in ensuring data integrity and service continuity (GDPR Art. 6(1)(f) and Art. 17(3)(e)).

8. Your Rights (GDPR Art. 15-22)

You have the right to: access, rectify, erase, restrict processing, data portability, object, and withdraw consent at any time.

To exercise these rights, email [email protected] or visit our GDPR Rights page.

9. Cookies

We use only essential cookies strictly necessary for authentication and security (e.g. session tokens from Logto). We do not use tracking, advertising, or third-party cookies. No consent banner is required for essential cookies under ePrivacy Directive Art. 5(3).

10. Analytics (Umami, self-hosted)

We use Umami, a privacy-first, cookieless analytics tool that we self-host on our own infrastructure (Hetzner, Germany). No data is shared with third parties.

What Umami collects when you visit AdsDetective:

  • Page URL path visited (e.g. /pricing) and the referring domain
  • Device type (mobile / tablet / desktop), browser, and operating system
  • Approximate country (no precise location, no raw IP stored)
  • Anonymous event triggers (e.g. which CTA button was clicked)

What Umami does NOT do:

  • No cookies, no localStorage, no persistent tracker
  • No cross-site tracking or fingerprinting
  • No personal data (name, email, user ID)
  • No data sold or shared with third parties

Visitors are counted via an anonymous daily session identifier that resets every 24 hours — someone visiting on two consecutive days is counted as two separate sessions. There is no persistent identity across days.

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — understanding product usage to improve the service. No cookie consent is required under Polish UKE and ePrivacy Directive rules for cookieless, first-party, privacy-preserving analytics.

Retention: Individual page-view events are retained for up to 24 months; aggregated statistics (counts, trends) are retained indefinitely since they contain no personal data.

Opt-out: You can block Umami by enabling "Do Not Track" in your browser, using an ad blocker, or blocking the domain analytics.adsdetective.com. This will not affect the functionality of the site.

11. AI Processing

Your uploaded ad creatives are processed by AI models to generate analysis reports. This is automated processing for informational purposes only. AI outputs are labeled as AI-generated.

12. Children's Privacy

AdsDetective is for users aged 18+. We do not knowingly collect data from children.

13. Supervisory Authority

Complaints: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa. uodo.gov.pl

14. Changes

Significant changes notified via email 30 days in advance.

15. Contact

[email protected]