ProoflyticsTerms of Use →

Legal

Privacy Policy

Last updated: April 25, 2026

1. Who we are

Prooflytics is operated by Prooflytics OÜ, a private limited company registered in Estonia ("we", "us", "our").

We provide an AI-powered advertising analytics platform for in-house marketing teams ("Service"). This Privacy Policy explains how we collect, use, and protect personal data when you use our Service.

2. Data we collect

Account data

When you sign up, we collect your name, email address, and authentication credentials via Clerk (our identity provider). If you create a workspace, we store your organization name and billing email.

Advertising data

When you connect a Meta Ads or Google Ads account, we retrieve campaign and ad performance metrics (spend, impressions, CTR, CPA, conversions, frequency) via the respective platform APIs. We store this data in our database to power analytics and AI-generated reports. We do not access or store your ad creative assets, personal data of your ad audiences, or any data beyond the metrics needed to operate the Service.

Billing data

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status, but we never receive or store full card numbers. All payment data is processed and stored by Stripe under their own Privacy Policy.

Usage data

We collect anonymized product usage data (page views, feature interactions) via PostHog to improve the Service. We also collect error logs via Sentry. No personal advertising data is included in these logs.

3. How we use your data

  • To provide, operate, and improve the Service
  • To generate AI-powered reports and recommendations using your advertising metrics
  • To send transactional emails (report delivery, sync notifications, billing receipts) via Resend
  • To process payments and manage subscriptions via Stripe
  • To detect and fix errors and security issues
  • To comply with legal obligations

We do not sell your data. We do not use your advertising data to train shared AI models. AI analysis of your data is performed on-demand and the results are stored only in your account.

4. AI processing

The Service uses Anthropic Claude to analyse your advertising metrics and generate insights and recommendations. Anonymised metric data (spend, CTR, CPA, etc.) is sent to Anthropic's API for this purpose. We do not send personally identifiable information of your customers or ad audiences to Anthropic. Anthropic's data usage is governed by their Privacy Policy and API usage terms.

5. Data storage and transfers

Your data is stored in a PostgreSQL database hosted by Neon (AWS us-east-1). The application runs on Vercel (global edge network) and Railway (US region). By using the Service, you consent to your data being processed in these jurisdictions.

We are an Estonian company and operate in compliance with the EU General Data Protection Regulation (GDPR). Where data is transferred outside the EEA, we ensure adequate safeguards are in place (Standard Contractual Clauses or equivalent).

6. Data retention

We retain your account data for as long as your account is active. Advertising metrics are retained for up to 2 years to support trend analysis. You may request deletion of your data at any time (see Section 8). After account deletion, we retain anonymized aggregated data for statistical purposes.

7. Cookies

We use essential cookies for authentication (Clerk session tokens) and preferences (theme). We use analytical cookies via PostHog to understand feature usage. You can opt out of analytical cookies through your browser settings; essential cookies are required for the Service to function.

8. Your rights

If you are in the EU or UK, you have the following rights under GDPR:

  • Access — request a copy of data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Restriction — restrict processing in certain circumstances
  • Portability — receive your data in a portable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@prooflytics.io. We will respond within 30 days.

9. Security

We implement industry-standard security measures including encryption at rest and in transit, access tokens stored encrypted, and regular security reviews. OAuth tokens for Meta Ads and Google Ads are stored encrypted in our database and are never logged or exposed.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related enquiries, contact us at: privacy@prooflytics.io

Prooflytics OÜ · Estonia