Privacy Policy

We process content provided by you (Ad copy, headlines, URLs, assets) through our Compliance Framework. This processing is necessary to generate the risk reports requested by you. We do NOT use your proprietary ad copy or campaign data to train public models. Your content is used exclusively for the report generation and stored only as per your organizational history settings.

To provide our service, we use a small set of named sub-processors: Vercel (application hosting), Supabase (database & auth, EU/Dublin region), Paddle (payment processing as Merchant of Record, handles PCI-DSS), Resend (transactional email, sending domain verified for auditsocials.com), Google Analytics (aggregated usage), and OpenAI (AI-assisted features). These sub-processors are bound by data protection agreements. The full list is maintained at /security.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We utilize localized server environments where possible to comply with regional data laws such as GDPR (EU) and CCPA (USA).

As a user, you have the right to access, rectify, or delete your data history at any time. Under the EU Digital Services Act (DSA), we provide transparency regarding how our compliance team generates risk assessments. You may request a human-readable summary of the methodology behind any specific risk score.

Unless you choose to save an analysis to your 'Risk History', content inputs are automatically purged from our temporary processing buffers after 24 hours.