Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect the information you provide through our authentication provider (Clerk), including your name and email address. If you subscribe to a paid plan, payment information is collected and processed by our payment provider (Stripe) — we do not store your full card details.

User-Generated Content

The Service allows you to create and store data such as keyword lists, ad copy, campaign structures, and research sessions. This content is stored in our database (hosted by Supabase) and is associated with your account.

API Keys

You may provide third-party API keys (e.g. OpenAI, Google, Anthropic) to enable certain features. These keys are stored locally in your browser using encrypted local storage. When you use features that require these keys, requests are routed through our servers transiently but we do not persist your API keys on our servers.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, device information, and IP address. This data helps us improve the Service and diagnose issues.

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Process payments and manage subscriptions
• Communicate with you about your account, updates, or support requests
• Analyse usage patterns to improve the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data to train AI models.

3. Third-Party Service Providers

We use trusted third-party providers to help us operate the Service. These providers process your data on our behalf and are bound by their own privacy policies and data protection obligations:

• Clerk — Authentication and user management (privacy policy)
• Supabase — Database and data storage (privacy policy)
• Stripe — Payment processing (privacy policy)
• Vercel — Website hosting (privacy policy)
• OpenAI, Anthropic, Google — AI features, only when you provide your own API keys and use AI-powered tools

When you use AI-powered features, your prompts and data are sent to the relevant AI provider using your own API key. We do not control how these providers handle data sent via your key — please review their privacy policies.

4. Cookies & Local Storage

We use cookies and browser local storage for authentication (via Clerk), storing your preferences, and maintaining your session. These are essential for the Service to function. We do not currently use third-party advertising or tracking cookies.

You can control cookie settings through your browser, but disabling cookies may prevent you from using parts of the Service.

5. Data Storage & International Transfers

Your data is processed and stored on servers located in the United States and the European Union (via our infrastructure providers Vercel and Supabase). By using the Service, you consent to the transfer and processing of your data in these locations.

We rely on our providers' compliance with applicable data protection frameworks to ensure your data is handled appropriately when transferred internationally.

6. Data Retention

We retain your account data and user-generated content for as long as your account is active. If you delete your account, we will delete your personal data and user-generated content within 30 days, except where we are required to retain it for legal or regulatory purposes.

Anonymised, aggregated usage data (which cannot identify you) may be retained indefinitely for analytical purposes.

7. Data Security

We take reasonable measures to protect your data, including using encrypted connections (HTTPS), relying on established infrastructure providers with strong security practices, and storing API keys locally in your browser rather than on our servers.

However, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and are not liable for any unauthorised access that occurs despite our reasonable precautions.

8. Your Rights

Under the Isle of Man Data Protection Act 2018 and applicable data protection laws, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your personal data
• Portability — Request your data in a portable format
• Restriction — Request that we restrict processing of your data
• Objection — Object to our processing of your data
• Withdraw consent — Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us via the Contact page. We will respond within 30 days.

9. Children

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your data rights, please contact us via the Contact page.

Optimise Lab Limited (Company No. 136304C), registered in the Isle of Man.
Registered office: 53 Empress Apartments, Central Promenade, Douglas, Isle of Man, IM2 4EE

The Isle of Man Information Commissioner is the supervisory authority for data protection on the Isle of Man. You have the right to lodge a complaint with the Commissioner if you believe your data has been handled unlawfully.