Privacy Policy
Last updated: April 5, 2026
Table of Contents
- Data Controller
- Categories of Personal Data We Collect
- Purposes and Legal Basis for Processing
- Recipients and Third-Party Services
- International Data Transfers
- Data Retention
- Your Rights Under GDPR
- Cookies and Tracking Technologies
- Automated Decision-Making and Profiling
- Children's Privacy
- Data Security
- Changes to This Policy
- Contact Us and Supervisory Authority
1. Data Controller
The data controller responsible for your personal data is:
- Name: Daniel Narilton Gomes Lopes (sole proprietor)
- Operating as: InspectAd AI
- Email: contact@inspectad.com
- Country of establishment: Poland
As the data controller, we determine the purposes and means of processing your personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Polish Act on the Protection of Personal Data (Ustawa o ochronie danych osobowych).
2. Categories of Personal Data We Collect
2.1 Data You Provide Directly
- Account data: Email address, name, and password hash when you register
- Payment data: Billing information processed by Stripe (we do not store full card numbers)
- Content data: Ad text, images, videos, and landing page URLs you submit for analysis
- Communication data: Messages and information you provide when contacting support
2.2 Data Collected Automatically
- Usage data: Features used, number of checks performed, subscription tier
- Technical data: IP address, browser type, operating system, device information
- Log data: Server logs including timestamps, request URLs, and response codes
3. Purposes and Legal Basis for Processing
We process your personal data for the following purposes, each with a specific legal basis under GDPR Article 6(1):
| Purpose | Legal Basis |
|---|---|
| Providing the Service (account management, ad analysis, AI suggestions) | Contract performance (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Contract performance (Art. 6(1)(b)) |
| Sending transactional emails (account confirmations, receipts) | Contract performance (Art. 6(1)(b)) |
| Ensuring security, preventing fraud, and enforcing terms | Legitimate interest (Art. 6(1)(f)) |
| Improving the Service and fixing bugs | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations (tax, accounting) | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.
4. Recipients and Third-Party Services
We share your personal data with the following categories of recipients, solely to the extent necessary to provide the Service:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Authentication, database | Account data, usage data | Frankfurt, Germany (EU) |
| OpenAI | AI-powered analysis and suggestions | Ad text, image descriptions | United States |
| Stripe | Payment processing | Payment and billing data | United States |
| Resend | Transactional emails | Email address, name | United States |
| Upstash | Rate limiting, caching | IP address, usage counters | EU region |
| Vercel | Hosting and deployment | Technical/log data | Europe (EU server) |
Each provider acts as a data processor under GDPR and is bound by data processing agreements. We do not sell your personal data to any third party.
5. International Data Transfers
Some of our service providers (OpenAI, Stripe, Resend) are based in the United States. When your data is transferred outside the EU/EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
- EU-U.S. Data Privacy Framework where the provider is certified
- Additional technical and organizational safeguards, including encryption in transit and at rest
You may request a copy of the safeguards in place by contacting us at contact@inspectad.com.
6. Data Retention
We retain your personal data for no longer than necessary:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account plus 30 days after deletion request |
| Payment and billing records | 5 years (Polish tax/accounting obligations) |
| Ad content submitted for analysis | Processed in real-time; not permanently stored unless you explicitly save results |
| Server logs | 90 days |
| Support correspondence | 2 years after last interaction |
After the retention period, data is securely deleted or anonymized.
7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) — Obtain a copy of your personal data and information about how it is processed
- Right to rectification (Art. 16) — Correct inaccurate or incomplete personal data
- Right to erasure (Art. 17) — Request deletion of your personal data ("right to be forgotten")
- Right to restriction (Art. 18) — Restrict the processing of your personal data
- Right to data portability (Art. 20) — Receive your data in a structured, commonly used, machine-readable format
- Right to object (Art. 21) — Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal
To exercise any of these rights, contact us at contact@inspectad.com. We will respond within 30 days as required by GDPR. If the request is complex, we may extend this by an additional 60 days, with prior notification.
If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (see Section 13).
8. Cookies and Tracking Technologies
InspectAd AI does not use cookies for analytics, advertising, or tracking purposes. We do not use Google Analytics or any similar third-party tracking service.
We store a limited amount of data in your browser. You can manage your preferences at any time via the cookie consent banner displayed when you first visit the site.
8.1 Essential (Always Active)
These are strictly necessary for the Service to function and do not require consent under the ePrivacy Directive (2002/58/EC, Art. 5(3)):
| Name | Purpose | Storage | Duration |
|---|---|---|---|
sb-*-auth-token | Supabase session authentication | Cookie | Session / until logout |
cookie_consent | Stores your cookie preferences | localStorage | Persistent |
8.2 Functional (Optional)
These remember your preferences and UI settings. They are only stored if you consent:
| Name | Purpose | Storage |
|---|---|---|
selectedPlatforms | Remembers your selected ad platforms | localStorage |
platformSelectorExpanded | Remembers expanded/collapsed UI state | localStorage |
inspectad_plan | Caches your subscription tier | localStorage |
activity-view-mode | Remembers grid/list view preference | localStorage |
8.3 Analytics (Optional)
We do not currently use any analytics cookies or tracking technologies. If we add analytics in the future, they will only be activated with your explicit consent.
9. Automated Decision-Making and Profiling
InspectAd AI uses artificial intelligence (OpenAI models) to analyze your ad content and provide compliance suggestions. This constitutes automated processing but does not produce legal effects or similarly significant effects on you within the meaning of GDPR Article 22, because:
- All AI outputs are advisory and non-binding — you make the final decision
- No automated decisions are made about your account status, pricing, or access based on profiling
- AI analysis does not affect your legal rights or obligations
In accordance with the EU AI Act (Regulation (EU) 2024/1689), all AI-generated content in the Service is clearly labeled as such.
10. Children's Privacy
InspectAd AI is a professional advertising compliance tool designed for business use. The Service is not directed at and is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors.
If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly. If you believe a minor has provided us with personal data, please contact us at contact@inspectad.com.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Secure authentication with minimum password requirements
- Rate limiting and abuse prevention
- Regular security reviews of our infrastructure
- Access controls limiting who can access personal data to what is strictly necessary
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at contact@inspectad.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Notify you by email if the changes significantly affect how we process your data
- Display a notice in the Service interface
We encourage you to review this page periodically. Continued use of the Service after the changes take effect constitutes your acknowledgment of the updated policy.
13. Contact Us and Supervisory Authority
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:
- Email: contact@inspectad.com
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Polish supervisory authority:
- Authority: Prezes Urzedu Ochrony Danych Osobowych (UODO)
- Address: ul. Stawki 2, 00-193 Warszawa, Poland
- Website: https://uodo.gov.pl
If you reside in another EU/EEA country, you may also lodge a complaint with the supervisory authority in your country of residence.
Last Updated: April 5, 2026
Version: 2.0 (GDPR-Compliant)