Legal

Privacy Policy

Last updated: March 26, 2026

1. Introduction and Data Controller

Adverdly (“we,” “our,” or “us”) is operated by HIKARI STUDIO S.R.L., a company registered in Romania (Registration No. CUI 51137445, registered office at Iași, Romania). We are the data controller for the personal data processed through the Adverdly web application at adverdly.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using Adverdly, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

2. Information We Collect

Account Information

When you sign in with Google, we request access to your basic profile information (name, email address, and profile picture) through Google OAuth. We do not request access to your Google contacts, calendar, drive, or any other Google services. We do not store your Google password. Our use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements.

Ad Creative Images and Videos

When you upload ad creatives for analysis, images are processed in real-time. For free and Solo/Starter plan users, uploaded files are processed and deleted immediately upon analysis completion — they are not retained on our servers. For video creatives, files may be temporarily stored (typically for seconds) to enable processing, after which they are automatically deleted. For Pro plan users, analysis results are retained for up to 60 days to enable analysis history, after which they are permanently deleted.

Performance Metrics

You may optionally provide ad performance data (CTR, ROAS, CPP, CPC, spend, conversions). This data is used solely to enhance your analysis and is not shared with third parties.

Usage Data

We automatically collect information about how you interact with the service, including pages visited, features used, analysis count, and timestamps. We also collect your IP address for rate limiting and security purposes.

Payment Information

Payments are processed by Lemon Squeezy. We do not store credit card numbers or payment details on our servers. We receive only your subscription status, plan type, and billing email from the payment processor.

3. How We Use Your Information

  • To provide and maintain the Adverdly service
  • To process your ad creative analyses
  • To manage your account, credits, and subscription
  • To generate client-ready PDF reports
  • To enforce rate limits and prevent abuse
  • To communicate service updates, if you opt in
  • To improve the service based on aggregate usage patterns

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance (Article 6(1)(b)): Processing your account data, subscription information, and ad creatives is necessary to provide the service you have requested.
  • Legitimate interest (Article 6(1)(f)): Collecting usage data, IP addresses for rate limiting, and aggregate analytics to improve and secure the service.
  • Consent (Article 6(1)(a)): Optional marketing communications, which you can withdraw at any time.

5. Third-Party Services

We use the following third-party services:

  • Analysis processing: Your ad creative images are processed using artificial intelligence (AI) technology provided by a secure third-party service. Images are analyzed in real-time and are not retained by the third-party provider after analysis is complete. Your inputs are not used to train any AI models. The analysis results are structured and presented through our proprietary Adverdly Method framework.
  • Supabase: Provides authentication and database services. Your account data is stored on Supabase infrastructure.
  • Upstash: Provides rate limiting. Only your IP address (hashed) is stored temporarily.
  • Lemon Squeezy: Processes subscription payments.
  • Vercel: Hosts the web application and provides analytics.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our third-party service providers (Supabase, Lemon Squeezy, and our analysis processing provider). Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's adequacy decisions or certifications. You can contact us at hello@adverdly.com for more details on the specific safeguards applied to your data.

7. Data Retention

  • Free analyses: Images are processed in real-time and not stored after the analysis is complete. Video files may be temporarily stored for seconds during processing, then automatically deleted.
  • Pro plan history: Analysis results are retained for 60 days, then permanently deleted.
  • Account data: Retained as long as your account is active. Upon account deletion, all data is removed within 30 days.
  • Rate limiting data: IP hashes expire automatically after 1 hour.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Request restriction of processing of your personal data
  • Receive your personal data in a structured, commonly used, machine-readable format (data portability)
  • Export your analysis history (Pro plan)
  • Withdraw consent for optional communications at any time
  • Object to processing based on legitimate interest

To exercise any of these rights, contact us at hello@adverdly.com.

You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP — Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal) or with any EU supervisory authority in your country of residence. Website: www.dataprotection.ro

9. Security

We implement industry-standard security measures including encrypted data transmission (TLS), server-side API key management (never exposed to the browser), authenticated API routes, rate limiting, input validation, and access controls on all database operations. However, no method of transmission over the internet is 100% secure.

10. Cookies

Adverdly uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Your theme preference (light/dark mode) is stored in local storage, not as a cookie.

11. Children's Privacy

In accordance with the General Data Protection Regulation (GDPR), Adverdly is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have collected personal data from a child under 16 without parental consent, we will delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@adverdly.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the service after changes constitutes acceptance.

13. Contact

If you have questions about this Privacy Policy, contact us at hello@adverdly.com.

HIKARI STUDIO S.R.L.
Registration No. CUI 51137445
Iași, Romania
Romania