Privacy Policy
Last updated: April 20, 2026
Data controller: Exorous Technologies (trading as Exorous), a company operating the Exorous platform at exorous.com. For privacy-related matters contact privacy@exorous.com.
1. Information We Collect
We collect information in the following ways:
- Account information: Name, email address, and organization details when you sign up.
- Usage data: Pages visited, features used, and actions taken within the platform.
- Payment information: Billing details processed securely through Paddle. We do not store credit card numbers.
- Brand kit data: Logos, colors, and fonts you upload for variation generation.
- Connected ad account data: Ad creative metadata, campaign performance metrics, and account identifiers obtained via Meta Business Platform when you connect your ad accounts.
2. How We Use Your Information
- Provide and improve the Service
- Process payments and manage subscriptions
- Send transactional emails (scan results, billing receipts)
- Analyze usage patterns to improve the product
- Provide customer support
- Contribute anonymized, aggregated performance metrics to industry benchmarks (opt-out available in Settings ’ Privacy)
3. Data Sharing & Subprocessors
Exorous Technologies does not sell your personal data. We share data only with the service providers listed below, each engaged under a Data Processing Agreement where required by GDPR.
| Subprocessor | Purpose | Data types received | Location |
|---|---|---|---|
| Anthropic (Claude API) | Ad copy analysis, creative intelligence | Ad creative text, headlines, descriptions — no PII unless present in ad copy | USA |
| Google (Gemini API) | Agent proposals, image generation, multimodal analysis | Ad images, structured ad data — no PII unless present in ad creative | USA |
| Meta Business Platform | Ad account sync, campaign data retrieval | Meta access tokens, ad account IDs, campaign metrics, ad creative metadata | USA |
| Supabase | Data storage and authentication | All user data at rest | USA (AWS) |
| Paddle | Payment processing and billing | Name, email, billing address, payment method tokens | UK / USA |
| Vercel | Application hosting and edge delivery | Request metadata, IP addresses (not persisted) | USA / Global edge |
| Resend | Transactional email delivery | Name, email address | USA |
| Sentry | Error tracking | Stack traces, request context (PII stripped) | USA |
| PostHog | Product analytics (consent-gated) | Pseudonymous usage events | EU / USA |
4. Data Retention
- Raw ad scan data: Automatically deleted after 3 days
- AI analyses: Retained while your account is active
- Generated variations: Retained while your account is active
- Account data: Deleted within 30 days of account deletion
- Billing and tax records: Retained 7 years as required by law
5. Your Rights (GDPR)
You have the right to:
- Access your personal data
- Export your data in a portable format
- Request correction of inaccurate data
- Request deletion of your account and data
- Object to processing for analytics purposes
- Opt out of benchmark data contribution (Settings ’ Privacy)
Exercise these rights from your account settings, via our Data Deletion page, or by contacting privacy@exorous.com.
6. Cookies
We use essential cookies for authentication and session management. Analytics cookies (PostHog) are only enabled after your consent via the cookie consent banner.
7. Security
We implement industry-standard security measures including encrypted connections (TLS), row-level security in our database, hashed API keys, and regular security audits.
8. International Transfers
Some subprocessors listed above process data in the United States. Where required, transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission. Contact us for a copy of applicable transfer mechanisms.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.
10. Contact
For privacy-related questions, contact Exorous Technologies at privacy@exorous.com.