Privacy Policy

We process content provided by you (Ad copy, headlines, URLs, assets) through our Compliance Framework. This processing is necessary to generate the risk reports requested by you. We do NOT use your proprietary ad copy or campaign data to train public models. Your content is used exclusively for the report generation and stored only as per your organizational history settings.

To provide our service, we use a small set of named sub-processors: Vercel (application hosting), Supabase (database & auth, EU/Dublin region), Paddle (payment processing as Merchant of Record, handles PCI-DSS), Resend (transactional email, sending domain verified for auditsocials.com), Google Analytics (aggregated usage), and OpenAI (AI-assisted features). These sub-processors are bound by data protection agreements. The full list is maintained at /security.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We utilize localized server environments where possible to comply with regional data laws such as GDPR (EU) and CCPA (USA).

Separately from optional marketing analytics, we maintain a security audit log that records account and request events — for example sign-up, log-in (successful and failed), password and settings changes, plan changes, page requests, and account deletion — together with the associated account email, IP address, user agent, and timestamp. This audit log is processed under our legitimate interests (GDPR Article 6(1)(f); equivalent legitimate-interest / legal-obligation grounds under the UK GDPR, CCPA, and Türkiye's KVKK) for fraud and abuse prevention, account security, debugging, and service integrity. Because it is necessary for the security and proper operation of the service, this logging operates independently of cookie or marketing-analytics consent and cannot be opted out of while you use the service. It is strictly separate from the consent-gated marketing analytics (Google Analytics and aggregated product metrics), which remain subject to your cookie choices.

As a user, you have the right to access, rectify, or delete your data history at any time. Under the EU Digital Services Act (DSA), we provide transparency regarding how our compliance team generates risk assessments. You may request a human-readable summary of the methodology behind any specific risk score. The security audit log (Section 4) is retained for security and accountability purposes; where you exercise a deletion right, we may retain the minimum audit records required to meet our security and legal obligations, after which they are purged.

Unless you choose to save an analysis to your 'Risk History', content inputs are automatically purged from our temporary processing buffers after 24 hours. Security audit log records are retained only as long as necessary for the security, fraud-prevention, and accountability purposes described in Section 4, and are then deleted.