Privacy Policy

We collect the following types of information when you use Raddivus:

• Account information: Your name and email address, used for account creation and login. Stored in Supabase Auth.
• OAuth tokens: Access tokens for Meta (Facebook) and Google ad platforms, used to manage your ad campaigns via their APIs. Stored encrypted with AES-256-GCM in our database.
• Ad account data: Campaign statistics and account details from connected ad platforms, used to display performance data and execute user-approved changes.
• Brand profiles: Your brand voice, tone, industry, logos, and other brand assets used for AI content generation.
• Generated content: Ad copy and images created by our AI tools on your behalf.
• Usage analytics: Per-tool usage counts and generation history to help you track your activity.
• Team and workspace data: Team members, roles, and invitations for collaborative workspaces.
• Payment information: Subscription billing is handled entirely by Stripe. We do not store your credit card number or payment details on our servers.

We use the information we collect to:

• Provide and operate the Raddivus platform
• Generate AI-powered ad creatives and marketing content based on your brand profile and prompts
• Connect to and manage your ad campaigns on Meta and Google platforms
• Process subscription payments through Stripe
• Send transactional emails related to your account
• Monitor and improve platform performance and reliability
• Enforce our Terms of Service

We share data with the following third-party services solely to operate the platform. We do not sell your data to any third party.

• Supabase: Database, authentication, and file storage. Stores all user data.
• Vercel: Hosting and serverless functions. Processes request data.
• Meta (Facebook): Ad campaign management via Graph API. Receives OAuth tokens and ad account data.
• Google: Ad campaign management (planned). Will receive OAuth tokens and ad account data.
• Google AI (Gemini): AI content generation. Receives prompts and brand context.
• OpenRouter: AI content generation. Receives prompts and brand context.
• Stripe: Payment processing. Receives your email and payment method.
• Sentry: Error monitoring. Receives error stack traces and anonymized user identifiers.

When you connect your Meta or Google ad account, we store OAuth access tokens to interact with those platforms on your behalf. These tokens are:

• Encrypted at rest using AES-256-GCM encryption
• Used only to execute actions you explicitly approve within the Raddivus platform
• Automatically refreshed to maintain your connection
• Revocable at any time. You can disconnect your ad platform accounts from your Settings page, and we will delete the stored tokens immediately.

When you use our AI content generation tools, prompts containing your brand context and instructions are sent to our AI providers (Google AI and OpenRouter) to generate ad copy and images.

Your data is not used to train any AI models. Generated content is stored in your account and belongs to you.

We retain your data for as long as your account is active. If you delete your account:

• Your personal information, brand profiles, and generated content will be permanently deleted within 30 days
• OAuth tokens are deleted immediately upon account deletion
• Anonymized usage analytics may be retained for aggregate reporting
• Billing records may be retained as required by applicable tax and financial regulations

You have the right to:

• Access the personal data we hold about you
• Delete your account and all associated data
• Export your data in a portable format
• Revoke connected ad platform access at any time
• Correct inaccurate personal information

To exercise any of these rights, contact us at support@raddivus.com.

Raddivus uses session cookies strictly for authentication purposes. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required because we do not track you across websites.

We take the security of your data seriously:

• OAuth tokens are encrypted at rest with AES-256-GCM
• Passwords are never stored directly. Authentication is handled by Supabase Auth with industry-standard hashing.
• Row-Level Security (RLS) is enforced on every database table, so users can only access their own data
• All data is transmitted over HTTPS

Raddivus is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child under 16 has provided us with personal data, please contact us at support@raddivus.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice within the application. Your continued use of Raddivus after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, contact Rendivus Solutions:

• Email: support@raddivus.com