Privacy Policy

RektAds ("we", "us", "our") operates the RektAds platform at rektads.app. We are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable privacy laws.

Data controller contact: privacy@rektads.app

Account data: name, email address, phone number, company, address — provided by you.

Meta Ads data: ad creatives, impressions, clicks, spend, ROAS, CTR — fetched from your Meta account via the Meta Marketing API.

Usage data: pages visited, features used, credits consumed — collected automatically.

Billing data: subscription status, payment history — processed by Stripe. We never store card numbers.

AI-generated content: copy, briefs, and analysis results produced by our platform.

• To provide, operate, and improve the Service.
• To analyse your ad creatives and detect fatigue signals.
• To generate AI-powered copy and creative recommendations.
• To process payments and manage your subscription.
• To send you account notifications, reports, and product updates (you can opt out).
• To comply with legal obligations.

• Contract performance — to deliver the Service you subscribed to.
• Legitimate interests — product improvement, security, fraud prevention.
• Consent — marketing emails (you can withdraw at any time).
• Legal obligation — tax records, compliance.

We do not sell your data. We share data only with:

• Anthropic — AI analysis (creative data sent for processing, no retention).
• Stripe — payment processing.
• Supabase — database hosting (EU region).
• Vercel — application hosting.
• Legal authorities when required by law.

• Account data is retained while your account is active and for 30 days after deletion.
• Creative and analysis data is retained for your plan's history window (7 days Free, 90 days paid).
• Billing records are retained for 7 years as required by French tax law.

You have the right to:

• Access — request a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your account and data.
• Portability — receive your data in a machine-readable format.
• Object — opt out of processing based on legitimate interests.
• Restriction — limit how we process your data.

To exercise these rights, email privacy@rektads.app. We will respond within 30 days.

We use a single httpOnly session cookie (rektads_session) for authentication. We do not use tracking cookies or third-party advertising pixels.

Passwords are hashed with bcrypt. Data is encrypted in transit (TLS) and at rest. Access to production data is restricted to authorised personnel only.

The Service is not directed to children under 18. We do not knowingly collect data from minors.

We may update this Privacy Policy. We will notify you by email at least 14 days before material changes take effect.

Questions? Email privacy@rektads.app. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr.