Privacy Policy

AdRecon Inc. ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered competitive advertising intelligence platform ("Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not access or use the Service. This policy applies to all users of the Service, including paid subscribers and account holders.

We collect information in the following categories: Account Information • Full name, email address, and password (hashed) • Company name and role (optional) • Billing address and payment information (processed by Stripe; we do not store full card numbers) Usage Data • Pages visited, features used, and actions taken within the Service • Report generation history and analysis preferences • Search queries and filter settings • Session duration, frequency, and device information Technical Data • IP address, browser type, and operating system • Device identifiers and screen resolution • Referral source and landing page • Cookies and similar tracking technologies (see Section 7) User-Submitted Content • Ad URLs, brand names, and competitor information you submit for analysis • Custom brand voice profiles and creative preferences • Exported reports and saved analyses AI Interaction Data • Prompts, inputs, and parameters submitted to AI features • AI-generated outputs associated with your account • Feedback on AI-generated content (ratings, corrections)

We use collected information for the following purposes: Service Delivery • Providing, operating, and maintaining the Service • Processing your requests, analyses, and report generation • Managing your account and subscription • Delivering AI-generated content and recommendations Service Improvement • Analyzing usage patterns to improve features and user experience • Training and improving AI models using aggregated, anonymized data • Conducting research and development on new features • Performing analytics and measuring Service performance Communication • Sending transactional emails (account verification, password resets, billing) • Providing product updates, new features, and service announcements • Sending marketing communications (only with your consent; opt-out available) • Responding to support requests and inquiries Security & Compliance • Detecting, preventing, and responding to fraud or security incidents • Enforcing our Terms of Service and acceptable use policies • Complying with legal obligations, court orders, and regulatory requirements • Protecting our rights, property, and the safety of our users

We do not sell your personal information. We may share data in the following limited circumstances: Service Providers We use trusted third-party vendors to operate the Service, including: • Stripe: payment processing • Supabase: database and authentication infrastructure • Vercel: hosting and content delivery • Resend: transactional email delivery • Anthropic: AI model provider (anonymized prompts only) All service providers are contractually bound to protect your data and use it only for the purposes we specify. Legal Requirements We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information. Aggregated Data We may share anonymized, aggregated data that cannot identify individual users for research, marketing, or analytical purposes.

We implement industry-standard security measures to protect your information: • Encryption in transit (TLS 1.3) and at rest (AES-256) • Password hashing with Argon2id (salted, with timing-safe comparison) • Row-level security (RLS) on all database tables • Regular security audits and vulnerability assessments • Access controls and principle of least privilege for all team members • Rate limiting and brute-force protection on authentication endpoints • Automated monitoring for suspicious activity and anomalous access patterns • Secure, httpOnly cookies for session management While we take extensive measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy: • Account data: Retained while your account is active, plus 30 days after deletion • Usage analytics: Retained in anonymized form for up to 24 months • AI interaction data: Retained for up to 12 months for model improvement, then anonymized • Billing records: Retained for 7 years as required by applicable tax and financial regulations • Support tickets: Retained for 24 months after resolution You may request data deletion at any time (see Section 9). Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention.

We use cookies and similar technologies to enhance your experience: Essential Cookies Required for the Service to function. These include authentication tokens, session identifiers, and security cookies. Cannot be disabled. Analytics Cookies Help us understand how the Service is used. We use privacy-focused analytics that do not track across sites. You can opt out of analytics cookies in your account settings. Preference Cookies Store your settings and preferences (theme, language, dashboard layout) to personalize your experience. We do not use third-party advertising trackers. We do not participate in cross-site tracking networks. We do not sell cookie data to third parties. You can manage cookie preferences through your browser settings or your AdRecon account settings. Disabling essential cookies may impair Service functionality.

AdRecon is based in Quebec, Canada. Your information may be processed in Canada and other countries where our service providers operate, including the United States. Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities • Data processing agreements with all third-party service providers • Compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) • Adherence to the Quebec Act respecting the protection of personal information in the private sector (Law 25) For EU/EEA users, transfers are conducted in compliance with the General Data Protection Regulation (GDPR) using approved transfer mechanisms.

Depending on your jurisdiction, you may have the following rights regarding your personal data: All Users • Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate or incomplete data • Deletion: Request deletion of your personal data ("right to be forgotten") • Portability: Request your data in a structured, machine-readable format • Objection: Object to processing of your data for certain purposes • Withdrawal of Consent: Withdraw consent for optional data processing at any time GDPR (EU/EEA Residents) • Right to restrict processing • Right to lodge a complaint with a supervisory authority • Right not to be subject to solely automated decision-making CCPA/CPRA (California Residents) • Right to know what personal information is collected and how it's used • Right to opt-out of the sale of personal information (we do not sell data) • Right to non-discrimination for exercising your privacy rights • Right to limit use of sensitive personal information Quebec Law 25 (Quebec Residents) • Right to de-indexing of personal information • Right to cessation of dissemination of information • Consent must be clear, free, and informed • Right to data portability in a commonly used technological format To exercise any of these rights, contact us at privacy@adrecon.ai. We will respond within 30 days (or sooner as required by applicable law).

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@adrecon.ai.

Our Service uses artificial intelligence to generate reports, recommendations, and analysis. In relation to AI processing: • AI models process your submitted data (ad URLs, brand information) to generate outputs • We do not use your individual data to train shared AI models without your consent • Aggregated, anonymized usage patterns may be used to improve AI quality • You may request human review of any AI-generated output that significantly affects your account • AI processing is performed by our infrastructure and trusted AI service providers with strict data handling agreements We are committed to responsible AI use and continuously monitor our systems for bias, accuracy, and fairness.

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit through links in the Service.

We may update this Privacy Policy from time to time. Material changes will be communicated via: • Email notification to the address associated with your account • A prominent notice within the Service • An update to the "Last updated" date at the top of this page We will provide at least 30 days' notice before material changes take effect. Your continued use of the Service after changes are effective constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: • Privacy inquiries: privacy@adrecon.ai • General support: support@adrecon.ai • Address: Montreal, Quebec, Canada For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@adrecon.ai. We aim to respond to all privacy-related inquiries within 5 business days.