Privacy Policy

Effective Date: February 25, 2026

Last Updated: February 25, 2026

1. Introduction

AdGPT.com ("AdGPT," "we," "us," or "our") is committed to protecting your privacy and personal data (hereinafter, "Data"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use our platform at adgpt.com, including all associated services, features, APIs, applications, and tools (collectively, the "Platform").

We operate in compliance with applicable privacy and data protection laws, including but not limited to:

  • The General Data Protection Regulation (EU) 2016/679 ("GDPR");
  • The California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA");
  • The Virginia Consumer Data Protection Act ("VCDPA");
  • The Colorado Privacy Act ("CPA");
  • The Connecticut Data Privacy Act ("CTDPA");
  • The Israeli Privacy Protection Law, 5741-1981;
  • Other applicable U.S. state and international privacy regulations.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please discontinue use of the Platform immediately.

2. Scope of This Policy

This Privacy Policy supplements our Terms of Service and applies to:

  • Our web platform at AdGPT.com and all services accessible through it;
  • Our APIs, integrations, and developer tools;
  • Third-party integrations (including Shopify, XML store connections, and social media platforms);
  • Our mobile applications (if applicable);
  • Any communications between you and AdGPT (including email, chat, and support interactions).

AdGPT.com adheres to the Google API Services User Data Policy, including the Limited Use requirements, ensuring responsible use and transfer of data obtained via Google APIs.

3. Data Controller

The controller of personal data is AdGPT.com, a company registered in the Tel-Aviv Trade and Companies Register under number 516959012, with its registered office located at Yaven 30, Tel-Aviv, Israel.

For any questions or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer at:
Email: Support@adgpt.com

4. Types of Data We Collect

We collect the following categories of data depending on how you interact with the Platform:

4.1 Information You Provide Directly

  • Account Information: Name, email address, password, company name, billing address, and phone number;
  • Payment Information: Credit card details, billing address, and transaction history (processed securely via third-party payment processors);
  • Profile Information: Profile picture, job title, and any optional information you choose to provide;
  • Content Data: Ad creatives, images, videos, text, brand assets, and other content you upload or generate using our tools;
  • Communications: Messages, feedback, support tickets, and any other correspondence with our team;
  • Survey & Feedback Data: Responses to surveys, reviews, and feedback forms.

4.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers;
  • Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, and interaction data;
  • Log Data: IP address, access timestamps, error logs, and server request data;
  • Location Data: Approximate geographic location derived from your IP address;
  • Cookie and Tracking Data: Information collected through cookies, pixels, web beacons, and similar technologies (see Section 10).

4.3 Information from Third Parties

  • Social Media Platforms: If you connect social media accounts (e.g., Facebook, Instagram, TikTok), we may receive profile data, ad account data, and analytics as permitted by those platforms;
  • eCommerce Platforms: If you connect your Shopify store or other eCommerce platforms via our integrations, we may receive product catalog data, store analytics, and order data;
  • Google Services: If you authenticate via Google, we receive limited profile information as permitted under the Google API Services User Data Policy;
  • Analytics Providers: Aggregated analytics data from third-party services we use to improve the Platform.

Users who communicate the personal data of a third party must confirm that they have obtained appropriate consent from that third party for the processing, publication, and/or distribution of such data on or through the Platform.

5. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract: Processing necessary for the provision of our services and fulfillment of our contractual obligations to you (e.g., account management, service delivery, billing);
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, optional cookies). You may withdraw consent at any time;
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided they do not override your fundamental rights (e.g., fraud prevention, platform security, product improvement, analytics);
  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings;
  • Vital Interests: In rare circumstances, processing necessary to protect your vital interests or those of another person.

6. Purpose of Data Processing

We process your personal data for the following purposes:

6.1 Service Delivery

  • Account creation, authentication, and management;
  • Providing, operating, and maintaining the Platform and its features;
  • Processing transactions, billing, and subscription management;
  • Generating AI-powered ad creatives, videos, and marketing content;
  • Enabling integrations with third-party platforms (Shopify, social media, etc.).

6.2 Communication & Support

  • Responding to inquiries, support requests, and feedback;
  • Sending service-related notifications (account updates, security alerts, policy changes);
  • Providing onboarding assistance and product guidance.

6.3 Improvement & Analytics

  • Analyzing usage patterns to improve Platform features and user experience;
  • Conducting A/B testing, performance monitoring, and quality assurance;
  • Developing new products, features, and services;
  • Generating aggregated, anonymized analytics and business intelligence.

6.4 Marketing & Engagement

  • Sending newsletters, promotional materials, and product updates (with your consent where required);
  • Personalizing content and recommendations;
  • Conducting satisfaction surveys and collecting user feedback;
  • Facilitating referral and affiliate programs.

6.5 Security & Compliance

  • Detecting, preventing, and investigating fraud, abuse, and security incidents;
  • Enforcing our Terms of Service and other policies;
  • Complying with applicable laws, regulations, and legal requests;
  • Managing disputes and legal proceedings.

7. Data Protection & Security Measures

We implement robust technical and organizational measures to protect your data:

7.1 Encryption

  • All data in transit is protected using TLS 1.2+ (SSL/TLS encryption);
  • All data at rest is encrypted using AES-256 encryption;
  • Payment data is processed in compliance with PCI-DSS standards.

7.2 Access Controls

  • Role-based access control (RBAC) ensures only authorized personnel access sensitive data;
  • Multi-factor authentication (MFA) is enforced for administrative access;
  • Comprehensive audit logging tracks all access to sensitive systems;
  • Principle of least privilege is applied across all systems.

7.3 Infrastructure Security

  • Regular penetration testing and vulnerability assessments;
  • Continuous security monitoring and intrusion detection;
  • Regular security audits and compliance reviews;
  • Incident response plan with defined procedures and escalation paths;
  • Employee security awareness training.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

  • Account Data: Retained for the duration of your account and up to 30 days after account deletion to allow for reactivation;
  • Transaction & Billing Data: Retained for up to 7 years as required by tax and accounting regulations;
  • Usage & Analytics Data: Retained in identifiable form for up to 24 months; anonymized data may be retained indefinitely;
  • Marketing Consent Records: Retained for as long as the consent is valid plus 3 years after withdrawal;
  • Support Communications: Retained for up to 3 years after resolution;
  • Google User Data: Retained for up to 12 months, unless a longer period is required by law;
  • Log Data: Retained for up to 12 months for security and debugging purposes.

8.2 Data Deletion

  • You may request deletion of your personal data at any time by contacting us at Support@adgpt.com;
  • Deletion requests are processed within 30 days of receipt;
  • Upon account deletion, your personal data will be securely erased or anonymized, except where retention is required by law;
  • Backup copies may persist for up to 90 days before complete removal.

9. Data Sharing & Recipients

We do not sell your personal data to third parties. We may share your data with the following categories of recipients only when strictly necessary:

9.1 Service Providers

  • Cloud infrastructure providers (e.g., Amazon Web Services);
  • Payment processors and billing services;
  • Email and communication service providers;
  • Analytics and monitoring tools;
  • Customer support platforms.

9.2 Third-Party Integrations

  • Social media platforms (Facebook/Meta, Instagram, TikTok, Google, etc.) when you connect your accounts;
  • eCommerce platforms (Shopify, etc.) when you use our integration features;
  • Advertising platforms for ad deployment and performance tracking.

9.3 Legal & Compliance Disclosures

  • Law enforcement or government authorities when required by law, subpoena, or court order;
  • Legal counsel in connection with legal proceedings or dispute resolution;
  • Regulatory bodies in response to lawful requests or audits.

9.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

All third-party service providers and partners are bound by data processing agreements that require them to protect your data in accordance with applicable law and this Privacy Policy.

10. Cookies & Tracking Technologies

10.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the Platform to function (e.g., authentication, security, session management). These cannot be disabled;
  • Performance & Analytics Cookies: Help us understand how users interact with the Platform (e.g., Google Analytics, Mixpanel);
  • Functional Cookies: Remember your preferences and settings to enhance your experience;
  • Marketing & Advertising Cookies: Used to deliver relevant advertisements and measure campaign effectiveness (e.g., Facebook Pixel, Google Ads).

10.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may impact the functionality of the Platform.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

10.3 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, but we respect your choices through the cookie management options described above.

11. Your Rights

11.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you;
  • Right to Rectification: Request correction of inaccurate or incomplete data;
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain conditions;
  • Right to Restriction of Processing: Request that we limit the processing of your data;
  • Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format;
  • Right to Object: Object to the processing of your data based on legitimate interests or for direct marketing;
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent;
  • Right to Lodge a Complaint: File a complaint with your local Data Protection Authority.

11.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA/CPRA:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it;
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions;
  • Right to Correct: Request correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism;
  • Right to Limit Use of Sensitive Personal Information: Request that we limit the use of sensitive personal information to what is necessary for providing the services;
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

11.3 Rights Under Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have similar rights, including the right to access, correct, delete, and opt out of certain processing activities. Please contact us to exercise these rights.

11.4 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

We will verify your identity before processing your request. We aim to respond to all legitimate requests within 30 days. In certain cases, we may need up to 60 additional days, in which case we will notify you of the extension and the reason.

12. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and Israel. We ensure that such transfers are conducted in compliance with applicable data protection laws through the following safeguards:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers of personal data from the EU/EEA to countries that have not received an adequacy decision;
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission;
  • Data Processing Agreements: All service providers and partners handling personal data are bound by contractual obligations that provide an equivalent level of protection;
  • Supplementary Measures: We implement additional technical and organizational measures (e.g., encryption, pseudonymization) where necessary to ensure adequate protection.

Our primary data storage is on Amazon Web Services (AWS) servers located in the European Union (Ireland), ensuring compliance with EU data residency requirements.

13. Children's Privacy

The Platform is not intended for individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such data.

If you believe that we have collected data from a child, please contact us immediately at Support@adgpt.com.

14. Automated Decision-Making & AI Processing

AdGPT uses artificial intelligence and machine learning technologies to generate ad creatives, optimize content, and provide personalized recommendations. Specifically:

  • AI-generated content (ads, videos, images) is created based on inputs you provide (product data, brand guidelines, preferences);
  • We may use automated analysis to improve service quality and detect abuse;
  • No solely automated decisions are made that produce legal effects or similarly significant effects on you without human oversight.

You have the right to request human review of any automated decision and to contest decisions that significantly affect you.

15. Third-Party Links & Services

The Platform may contain links to third-party websites, services, or applications that are not operated by AdGPT. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing your personal data.

16. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR;
  • Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms;
  • Provide clear information about the nature of the breach, the data affected, the measures taken, and recommendations for protecting yourself;
  • Document all breaches in our internal breach register, regardless of severity.

17. Google API Services Compliance

AdGPT's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data for the purposes described in this Privacy Policy and as necessary to provide and improve our services;
  • We do not transfer Google user data to third parties except as necessary to provide the service, as required by law, or with explicit user consent;
  • We do not use Google user data for advertising purposes beyond the core functionality of our ad creation services;
  • Human access to Google user data is limited to what is necessary for debugging, security, compliance, or providing support at the user's request.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Post the updated Privacy Policy on this page with a revised "Last Updated" date;
  • Notify you via email and/or a prominent notice on the Platform before the changes take effect;
  • Where required by law, obtain your consent before implementing material changes.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

For EU/EEA residents, you also have the right to lodge a complaint with your local Data Protection Authority. A list of EU Data Protection Authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.