AdsRun

Privacy Policy

Last updated: 2026-04-17

Overview

AdsRun helps you plan, draft, schedule, and analyze social media content through an AI-powered workspace. This policy explains what personal data we collect when you use the AdsRun website and dashboard at adsrun.ai (the "Service"), how we use it, who we share it with, and the rights you have over it.

By creating an account you accept this policy. If you don't agree with it, don't use the Service — you can close an account at any time from the Billing tab.

We are based outside the United States. If you're in the European Economic Area, the United Kingdom, or a country with equivalent data-protection laws, the rights described in "Your rights" below apply to you.

What we collect

We collect three categories of data:

1. Account data you give us — your name, email, password hash (never the plaintext), preferred locale, country, and any information you type into workspace fields (brand voice notes, campaign briefs, posts, etc.).

2. Connected-account data — when you authorize a social platform (Facebook Page, Instagram Business, LinkedIn profile, etc.) we receive an OAuth access token and basic profile metadata scoped to the permissions you approved. Tokens are encrypted at rest with AES-256-GCM.

3. Usage data — page views, button clicks, approximate IP address, browser user-agent, and timestamps of agent actions. We retain this for debugging and abuse prevention for up to 13 months.

We do NOT collect: payment card numbers (handled by Stripe), biometric data, precise location, or the content of your social-platform inbox beyond what the scoped OAuth permissions make visible.

How we use it

We use your data to:

- Operate the Service — authenticate sessions, route requests to the right workspace, and persist content you create. - Run the AI agent — your prompts and relevant workspace context (brand voice, scoped entities) are sent to our model providers (OpenAI, Anthropic) to generate responses. Providers process data under their respective DPAs; they do not train on your API traffic. - Send transactional email — verification, password reset, invoice receipts, important security notices. - Protect the Service — rate limiting, fraud detection, abuse pattern matching. - Improve the product — aggregate, anonymized analytics (no personal identifiers).

We do NOT sell your data, rent it to advertisers, or use it for ad targeting. We do NOT train our own foundation models on your content.

Who we share it with

Limited, contractually-bound subprocessors help us deliver the Service:

- Hosting + database: OVH (Europe). - LLM inference: OpenAI, Anthropic. - Payments: Stripe (for customers on paid plans). - Transactional email: Resend. - Error monitoring: Sentry (scrubs PII by default).

We don't share your data with any other third party except when required by law, by a legal process we're compelled to honor, or with your explicit written consent.

If AdsRun is ever acquired or merged, your data transfers under the acquiring entity subject to the same protections described here. We will email you in advance if this happens.

Where we store it

Data is hosted in the European Union on OVH infrastructure. Database backups are encrypted at rest and retained for 14 days. OAuth tokens are encrypted with AES-256-GCM using a master key stored in the server environment — the key is not in version control and not exposed through logs.

You can export your workspace data at any time from Settings → Export. Account deletion wipes all personal data within 30 days of the deletion request, except where we're required by law to retain certain records (tax invoices under Stripe's retention policy, for example).

Your rights

You have the right to:

- Access — request a copy of your data. - Correct — update any data you see is wrong (most of it is editable directly in the dashboard). - Delete — erase your account and associated data. - Export — download your workspace content in a machine-readable format. - Object — restrict how we use your data for a specific purpose. - Withdraw consent — for any processing we do based on consent.

Requests go to privacy@adsrun.ai. We respond within 30 days. If you're not satisfied with the response you may contact your local data-protection authority.

Cookies + local storage

We use a small set of first-party cookies and local storage keys:

- Session cookie — to keep you signed in. - Workspace cookie — to remember which team workspace is active. - CSRF cookie — to protect sign-in forms. - Theme + locale preferences — stored locally in your browser.

We do not use marketing cookies, cross-site trackers, or analytics cookies that identify you personally. The cookie banner only appears when we introduce a new category; today there are none.

Children

AdsRun is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, email privacy@adsrun.ai and we'll delete it promptly.

Changes to this policy

If we materially change this policy we'll email registered users at least 30 days before the changes take effect. Minor clarifications are updated inline with a new "Last updated" date.

Contact

Questions about this policy or any data we hold about you? Email privacy@adsrun.ai. For legal or subpoena requests, use legal@adsrun.ai.

Privacy Policy · AdsRun | AdsRun