Privacy Policy

Last updated: 28 June 2026 · This document is a template and should be reviewed by legal counsel before launch.

This Privacy Policy explains how Ecom Vision LTD ("Adfure", "we", "us") collects, uses and protects personal data when you use the Adfure platform and website (the "Service"). We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR).

1. Data we collect

Account data — name, email, company, and authentication details when you sign up.
Billing data — handled by Stripe. We receive subscription status and limited metadata; we never store full card numbers.
Connected-platform data — when you connect an ad account (Meta, Google, TikTok, LinkedIn) via OAuth, we access advertising performance data and store an encrypted access token. We do not receive your platform password.
Usage data — actions in the app, logs, and diagnostics used to operate and improve the Service.
Business inputs — information you enter (briefs, rules, assets, economics).

2. How we use data

To provide the Service — analysis, alerts, creative generation and reporting on your connected accounts.
To operate billing, support and security.
To improve the Service (aggregated/diagnostic use). We do not use your account data to train AI models.

3. Legal bases (GDPR)

We process personal data under: performance of a contract (providing the Service), legitimate interests (security, product improvement), consent (cookies/marketing where applicable), and legal obligation (accounting/tax).

4. Sub-processors

We use carefully selected providers to run the Service, which may include: Stripe (payments), Anthropic and OpenAI (AI processing, on commercial terms with no training on your data), Hetzner and Cloudflare (hosting/CDN), Resend (transactional email), and optional analytics/support tools. AI requests are sent under commercial terms; where available we use zero-retention options.

5. International transfers

Where data is processed outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Retention

We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymize it except where retention is legally required (e.g. invoicing). You can request export or deletion at any time.

7. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with your supervisory authority (in Bulgaria, the CPDP). To exercise these, contact us at privacy@adfure.com.

8. Security

We apply layered safeguards: encrypted token storage (AES-256-GCM), per-tenant isolation, access controls, prompt-injection and output filtering, rate limiting, and approval-gated actions. No system is perfectly secure, but security is core to how Adfure is built.

9. Children

The Service is for businesses and is not directed to individuals under 18.

10. Changes & contact

We may update this policy and will post the new date above. Questions: privacy@adfure.com · Ecom Vision LTD, Bulgaria, EU.