Privacy Policy

1. Who We Are

AdSmartly ("AdSmartly," "we," "us," or "our") operates the AdSmartly platform, including the advertiser portal at advertisers.ad-smartly.com, the consumer mobile application, and the sweepstakes entry form at advertisers.ad-smartly.com/enter.

Our mailing address is: Ad-Smartly Inc., Brooklyn, New York. For privacy inquiries: privacy@ad-smartly.com.

2. Information We Collect

2a. Advertisers

When you create an advertiser account and run campaigns, we collect:

• Business name, category, phone number, website, and description
• Business address (city, state, ZIP)
• Email address and password (stored via Supabase Auth — passwords are hashed, never stored in plaintext)
• Payment information (credit card data is processed and stored by Stripe; we never store raw card numbers)
• Campaign content: ad copy, images, video files, quiz questions, and coupon offers you create
• Campaign performance data: impressions, quiz passes, coupon issuances and redemptions, spend

2b. Sweepstakes Entrants (AMOE)

If you submit a free Alternative Method of Entry (AMOE) via the entry form, we collect:

• Full legal name
• Email address (for verification and winner notification)
• Mailing address (street, city, state, ZIP — required to verify residency eligibility)

2c. App Users

For users of the AdSmartly mobile application, we additionally collect:

• Date of birth (to verify you are 18 or older as required by law)
• Geographic location (city/state — to match you to local draw pools)
• Ad interaction data: which ads you watched, watch completion percentage, quiz answers
• Engagement data: streak days, energy balance, entries earned, coupons issued
• Device identifiers (hashed) for fraud detection only
• IP address (hashed) for fraud detection only

2d. Automatically Collected Data

• Browser type and version, operating system
• Pages visited, time on page, referrer URLs
• Error logs and crash reports (via Sentry)
• Product usage events (via PostHog — see Cookies section)

3. How We Use Your Information

• To operate the platform — serving ads to users, processing quiz submissions, issuing draw entries, managing campaigns and budgets
• To process payments — billing advertisers via Stripe, paying out prize winners via Stripe
• To verify eligibility — confirming sweepstakes entrants are 18+, reside in an eligible state, and have not exceeded entry limits
• To issue and track coupons — generating unique coupon codes and tracking redemptions for advertiser ROI reporting
• To prevent fraud — detecting and blocking bot activity, device farms, and coordinated manipulation of draw entries
• To communicate with you — sending transactional emails (entry confirmations, winner notifications, campaign reports) via Resend
• To improve the product — analyzing aggregate usage patterns to improve ad matching, quiz quality, and user experience
• To comply with law — sweepstakes reporting, tax form issuance (IRS Form 1099 for prizes exceeding $600), and responding to lawful requests

4. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

Service Providers

• Supabase — database and authentication hosting (US)
• Stripe — payment processing and prize payouts (US). Stripe's privacy policy governs data shared with them.
• Cloudflare — video delivery for ad content (US/global CDN)
• Resend — transactional email delivery (US)
• Sentry — error monitoring (US)
• PostHog — product analytics (US)

Sweepstakes Requirements

Winners' names and states of residence may be publicly announced as required by applicable sweepstakes law. A list of prize winners is available upon request at winners@ad-smartly.com.

Legal Obligations

We may disclose information when required by law, court order, or governmental authority, or to protect the rights, property, or safety of AdSmartly, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

5. Data Retention

• Advertiser accounts: Retained for the life of the account plus 7 years (tax and financial record requirements)
• Sweepstakes entry records: Retained for 5 years following each draw as required by sweepstakes law
• App user accounts: Retained until account deletion, then anonymized within 30 days (except entries and rewards records retained for legal compliance)
• Payment records: Retained for 7 years per IRS and financial regulations
• Fraud signals: Hashed device IDs and IP hashes retained for 2 years to prevent re-registration

6. Your Rights and Choices

All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Opt-out of marketing: Unsubscribe from marketing emails at any time via the link in any email

California Residents (CCPA)

You have the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (we do not sell personal information). To exercise these rights, email privacy@ad-smartly.com.

EEA / UK Residents (GDPR)

Our primary operations are in the United States. If you are located in the EEA or UK, you have rights including access, rectification, erasure, restriction of processing, and data portability. Our legal basis for processing is contract performance (operating the platform you signed up for) and legitimate interests (fraud prevention, service improvement). Contact privacy@ad-smartly.com to exercise your rights.

7. Cookies and Tracking

We use the following technologies:

• Essential cookies: Supabase session tokens required to keep you logged in. These cannot be disabled.
• Analytics (PostHog): Product usage events to understand how the platform is used. No personally identifiable information is included in event payloads. You may opt out by emailing us.
• Error tracking (Sentry): Captures error stack traces when the application crashes. No sensitive user data is included.

We do not use advertising cookies or third-party tracking pixels.

8. Children's Privacy (COPPA)

9. Security

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest
• Row-level security on all database tables (users can only access their own data)
• Service role keys restricted to server-side Edge Functions only — never exposed to clients
• Payment data handled entirely by Stripe (PCI DSS Level 1 compliant) — we never store raw card numbers
• Hashed (not stored in plaintext) device identifiers and IP addresses used for fraud detection

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@ad-smartly.com.

10. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top and notify active users by email at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions, data requests, or to report a concern: