AdCreative AI Maestro ("Maestro", "we", "our", "us") is operated by [Your Company Name]. This Privacy Policy explains what personal information we collect when you use our AI-powered ad creative platform, why we collect it, how we keep it secure, and the rights you have over it. By using Maestro you agree to the practices described below.
1. Who is the data controller?
[Your Company Name], [Your Registered Address]. For privacy questions, email advertisermoditas123@gmail.com. EU/UK users have the right to lodge a complaint with their local supervisory authority.
2. Information we collect
Account information
- Email address and password hash (used for sign-in).
- Brand or store name (used to greet you and tag your creatives).
Brand profile
- Brand logo, primary and secondary colors, brand voice, product categories, website URL.
- Used exclusively to keep generated creatives on-brand.
Product & campaign data
- Product names, descriptions, feature lists, target aesthetics, and call-to-action copy that you submit to the Creative Generator.
- Generated ad images, headlines, primary text variations, Maestro Score and verdicts, and recommended A/B test plans.
- Mock performance metrics (impressions, clicks, spend, conversions) generated when you simulate a Meta export.
Technical data
- Session cookies (strictly necessary — see Section 7).
- Server logs (IP address, user agent, timestamp) retained up to 30 days for security and abuse prevention.
3. How we use your information
- Provide the service: generate ad creatives, score them, suggest A/B tests, render your dashboard.
- Send AI requests: your product brief and brand profile are sent to our AI provider (Lovable AI Gateway, which routes to Google Gemini) to generate images and copy. Inputs and outputs are processed transiently and are not used by the model provider to train foundation models.
- Account management & billing: subscription status, free-trial windows, plan limits.
- Security: detect abuse, enforce rate limits, prevent fraud.
- Service communications: transactional emails (sign-up confirmation, password reset, billing).
We do not sell your personal information, your product data, or your generated creatives to anyone.
4. Legal bases (GDPR)
- Contract: we process the data needed to provide Maestro to you.
- Legitimate interests: service security, abuse prevention, product improvement (using aggregated, non-identifying signals only).
- Consent: for any optional analytics or marketing communications (we will ask before enabling these).
- Legal obligation: tax records, responding to lawful requests.
5. Sharing & sub-processors
We use a small number of trusted vendors to operate Maestro:
- Lovable Cloud (hosting, database, file storage, authentication).
- Lovable AI Gateway (routes generation requests to Google's Gemini models).
- Payment processor (when you start a paid subscription — disclosed at checkout).
- Email delivery provider (transactional email only).
Each sub-processor is bound by a data processing agreement and access is restricted to what's necessary to provide their portion of the service.
6. Security
- Encryption in transit: all traffic uses TLS 1.2+ (HTTPS).
- Encryption at rest: databases and file storage are encrypted with AES-256.
- Private file storage: brand logos and ad creatives are stored in private buckets. Only the owning user can read or modify them, enforced by row-level security policies. Files are served via short-lived signed URLs that expire automatically.
- Authentication: passwords are hashed (bcrypt) and checked against the Have I Been Pwned breach corpus on signup and change.
- Tenancy isolation: every database query is scoped to the authenticated user via row-level security; one customer cannot read another customer's data even in the event of an application bug.
- Backups: automated daily database backups, encrypted at rest.
7. Cookies
Maestro uses strictly necessary cookies only — primarily to keep you signed in and to remember your brand profile. We do not use third-party advertising or cross-site tracking cookies. A consent notice is displayed on your first visit. If we add optional analytics in the future, we will obtain explicit opt-in consent.
8. Data retention
- Account & brand profile: kept while your account is active.
- Generated creatives & performance data: kept while your account is active, plus 30 days after deletion to allow recovery.
- Server logs: 30 days.
- Billing records: as required by tax and accounting law (typically 7 years).
You can request deletion at any time (see Section 9). Backups are purged on a rolling 30-day schedule.
9. Your rights
Depending on where you live (GDPR, UK GDPR, CCPA, and similar laws), you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated data ("right to be forgotten").
- Export your data in a portable format (JSON).
- Object to or restrict certain processing.
- Withdraw consent for any processing based on consent.
- (California) Opt out of "sale" or "sharing" — we don't sell or share, but you may still confirm this.
To exercise any of these rights, email advertisermoditas123@gmail.com. We respond within 30 days.
10. International transfers
Our infrastructure is hosted in the United States and the European Union depending on your region. When data leaves your region, we rely on Standard Contractual Clauses or equivalent safeguards approved by the EU Commission and UK ICO.
11. Children
Maestro is built for e-commerce businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
12. Changes to this policy
If we make material changes, we will notify you by email and post an updated version with a revised "Last updated" date. Continued use of Maestro after the effective date constitutes acceptance.
13. Contact
[Your Company Name]
[Your Registered Address]
Email: advertisermoditas123@gmail.com