Privacy Policy
Last updated: June 12, 2026
1. Introduction
AdRecon ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered competitive advertising intelligence platform ("Service").
By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not access or use the Service.
This policy applies to all users of the Service, including paid subscribers and account holders.
2. Information We Collect
We collect information in the following categories:
Account Information
• Full name, email address, and password (hashed)
• Company name and role (optional)
• Billing address and payment information (processed by Stripe; we do not store full card numbers)
Usage Data
• Pages visited, features used, and actions taken within the Service
• Report generation history and analysis preferences
• Search queries and filter settings
• Session duration, frequency, and device information
Technical Data
• IP address, browser type, and operating system
• Device identifiers and screen resolution
• Referral source and landing page
• Cookies and similar tracking technologies (see Section 7)
User-Submitted Content
• Ad URLs, brand names, and competitor information you submit for analysis
• Custom brand voice profiles and creative preferences
• Exported reports and saved analyses
AI Interaction Data
• Prompts, inputs, and parameters submitted to AI features
• AI-generated outputs associated with your account
• Feedback on AI-generated content (ratings, corrections)
Uploaded Files
• When you upload a PDF or text file to your Knowledge Vault, we extract the text content and store only the extracted text
• The original file is never stored on our servers
Meeting Transcripts & Integrations
• If you connect Fathom, Fireflies, Zoom, or Google Meet, we automatically sync meeting transcripts from that provider into your Knowledge Vault while the integration is connected (including a backfill of recent transcripts and newly created ones, up to your plan limits)
• You are responsible for ensuring you have the right to import transcripts that include other participants
• Imported transcripts are stored in your vault and can be deleted by you at any time
Affiliate Program Data
• If you join our affiliate program, we collect payout information and tax documentation (such as W-9/W-8BEN) through Stripe Connect
3. How We Use Your Information
We use collected information for the following purposes:
Service Delivery
• Providing, operating, and maintaining the Service
• Processing your requests, analyses, and report generation
• Managing your account and subscription
• Delivering AI-generated content and recommendations
Service Improvement
• Analyzing usage patterns to improve features and user experience
• Training and improving AI models using aggregated, anonymized data
• Conducting research and development on new features
• Performing analytics and measuring Service performance
Communication
• Sending transactional emails (account verification, password resets, billing)
• Providing product updates, new features, and service announcements
• Sending marketing communications (only with your consent; opt-out available)
• Responding to support requests and inquiries
Security & Compliance
• Detecting, preventing, and responding to fraud or security incidents
• Enforcing our Terms of Service and acceptable use policies
• Complying with legal obligations, court orders, and regulatory requirements
• Protecting our rights, property, and the safety of our users
4. Data Sharing & Disclosure
We do not sell your personal information. We may share data in the following limited circumstances:
Service Providers
We use trusted third-party vendors to operate the Service, including:
• Stripe: payment processing and affiliate payouts via Stripe Connect
• Supabase: database, authentication, and file storage
• Railway: application hosting
• Resend: transactional email delivery
• Anthropic, OpenAI, and Groq: AI processing of your content - brand profiles, vault content, and competitor data are processed by these providers to generate analysis and scripts; they do not train on this data per their API terms
• Sentry: error monitoring
• Upstash: rate limiting infrastructure
• Cloudflare: bot protection on signup and login
When you connect Fathom, Fireflies, Zoom, or Google Meet, we sync meeting transcripts from those providers into your Knowledge Vault while the integration is connected.
Some features also query public data sources on your behalf (for example Brave Search, Perplexity, Reddit, Hacker News, and GitHub for content research, and web search for competitor mentions). These queries may include your research topics or a competitor's name, but never your account identity.
All service providers are contractually bound to protect your data and use it only for the purposes we specify.
Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your information.
Aggregated Data
We may share anonymized, aggregated data that cannot identify individual users for research, marketing, or analytical purposes.
5. Data Security
We implement industry-standard security measures to protect your information:
• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Passwords are hashed with industry-standard one-way algorithms by our authentication provider (Supabase)
• Row-level security (RLS) on all database tables
• Regular security audits and vulnerability assessments
• Access controls and principle of least privilege for all team members
• Rate limiting and brute-force protection on authentication endpoints
• Automated monitoring for suspicious activity and anomalous access patterns
• Secure, httpOnly cookies for session management
While we take extensive measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.
In the event of a confidentiality incident involving your personal information, we will notify you and the relevant authorities as required by applicable law.
6. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:
• Account data: Retained while your account is active. Account deletion is immediate and irreversible. You can export your data from Settings before deleting your account.
• Usage analytics: Retained in anonymized form for up to 24 months
• AI interaction data: Retained for up to 12 months for model improvement, then anonymized
• Billing records: Retained for 7 years as required by applicable tax and financial regulations
• Support tickets: Retained for up to 24 months after resolution
You may request data deletion at any time (see Section 9). Some data may be retained longer if required by law or for legitimate business purposes such as fraud prevention.
8. International Data Transfers
AdRecon is based in Quebec, Canada. Your information may be processed in Canada and other countries where our service providers operate, including the United States.
Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place:
• Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
• Data processing agreements with all third-party service providers
• Compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
• Adherence to the Quebec Act respecting the protection of personal information in the private sector (Law 25)
For EU/EEA users, transfers are conducted in compliance with the General Data Protection Regulation (GDPR) using approved transfer mechanisms.
9. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
All Users
• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a structured, machine-readable format. A self-serve data export is available in your Settings page at any time.
• Objection: Object to processing of your data for certain purposes
• Withdrawal of Consent: Withdraw consent for optional data processing at any time
GDPR (EU/EEA Residents)
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority
• Right not to be subject to solely automated decision-making
CCPA/CPRA (California Residents)
• Right to know what personal information is collected and how it's used
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your privacy rights
• Right to limit use of sensitive personal information
Quebec Law 25 (Quebec Residents)
• Right to de-indexing of personal information
• Right to cessation of dissemination of information
• Consent must be clear, free, and informed
• Right to data portability in a commonly used technological format
To exercise any of these rights, contact us at privacy@tryadrecon.com. We will respond within 30 days (or sooner as required by applicable law).
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.
If you believe a child has provided us with personal information, please contact us at privacy@tryadrecon.com.
11. AI & Automated Processing
Our Service uses artificial intelligence to generate reports, recommendations, and analysis. In relation to AI processing:
• AI models process your submitted data (ad URLs, brand information) to generate outputs
• We do not use your individual data to train shared AI models without your consent
• Aggregated, anonymized usage patterns may be used to improve AI quality
• You may request human review of any AI-generated output that significantly affects your account
• AI processing is performed by our infrastructure and trusted AI service providers with strict data handling agreements
We are committed to responsible AI use and continuously monitor our systems for bias, accuracy, and fairness.
12. Third-Party Links
The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
We encourage you to review the privacy policies of any third-party sites you visit through links in the Service.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
• Email notification to the address associated with your account
• A prominent notice within the Service
• An update to the "Last updated" date at the top of this page
We will provide at least 30 days' notice before material changes take effect. Your continued use of the Service after changes are effective constitutes acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
• Privacy inquiries: privacy@tryadrecon.com
• General support: support@tryadrecon.com
• Address: Montreal, Quebec, Canada
For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@tryadrecon.com.
We aim to respond to all privacy-related inquiries within 5 business days.