AdWhip
Log inGet Started

Privacy Policy

Effective date: May 29, 2026

This Privacy Policy explains how AdWhip (“AdWhip,” “we,” “our,” or “us”) collects, uses, and shares information when you use the AdWhip website, web application, and APIs (collectively, the “Service”). By using the Service, you agree to the practices described here. If you don't agree, please don't use the Service.

1. Information we collect

We collect information in three ways:

a) Information you provide

  • Account info: email address, name (optional), and workspace/organization name when you sign up or are invited.
  • Authentication data: hashed passwords (managed by AWS Cognito; we never see them in plaintext) and, if you sign in with Google, the basic profile info Google shares with us (name, email, profile photo).
  • Brand and creative inputs: URLs you enter, files you upload (logos, reference images, brand documents), prompts, edits, comments, and any other content you submit.
  • Billing info: payment is processed entirely by Stripe. We receive limited metadata (customer ID, plan, charge history, last four digits of card, billing address). We never see or store full payment card numbers.
  • Communications: the contents of support requests, sales inquiries, and any other messages you send us.

b) Information collected automatically

  • Usage data: pages viewed, features used, generations run, ad creative dimensions, error logs, and similar telemetry.
  • Device/network data: IP address, browser type and version, operating system, device identifiers, referrer URL, and approximate location derived from IP.
  • Cookies and local storage: we use cookies and browser local storage to keep you signed in, remember preferences, and run lightweight analytics. See “Cookies” below.

c) Information from third parties

  • Identity providers (e.g., Google) when you choose to sign in via OAuth.
  • Stripe when you set up billing or update payment methods.
  • Public web content we retrieve on your behalf when you ask AdWhip to analyze a URL you submit (e.g., your client's website).

2. How we use information

We use information to:

  • Provide, operate, and improve the Service.
  • Generate ad creative, copy, layouts, images, and other outputs you request.
  • Authenticate users, secure accounts, and prevent fraud or abuse.
  • Process payments, manage subscriptions, and send billing notices.
  • Send service emails (sign-in codes, password resets, invite links, billing alerts, important changes).
  • Provide customer support and respond to your questions.
  • Analyze usage to debug, prioritize roadmap, and improve performance/quality.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use the content you upload to train our own foundation models. See “AI processing” below for how third-party AI providers handle your inputs.

3. AI processing and third-party model providers

AdWhip generates ad creative by sending prompts and content you provide to third-party AI APIs, including:

  • OpenAI (large language models for layout, copy, and critique).
  • Google AI / Gemini (image generation and analysis).
  • Firecrawl (fetching the public web pages you ask us to analyze).

When you submit content (URLs, uploads, prompts), the relevant portions are forwarded to these providers under their respective enterprise/API terms. We use API tiers that contractually prohibit our content from being used to train their public models, but you are responsible for ensuring you have the right to share any content you upload or reference.

4. How we share information

We share information only as follows:

  • Service providers who help us run the Service under confidentiality and data-protection obligations. Current primary providers include: Amazon Web Services (hosting, storage, email delivery), Stripe (payments), Resend (email delivery), OpenAI, Google (auth + AI), Firecrawl, and analytics providers.
  • Within your workspace: content and activity in a workspace is visible to other members of that workspace and to the workspace owner/admins.
  • Legal and safety: when required to comply with law, court orders, or to protect the rights, property, or safety of AdWhip, our users, or others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to equivalent privacy protections.

5. Data retention

We keep account data and content for as long as your account is active. After you delete your account or workspace, we delete or de-identify personal data within a commercially reasonable period (generally within 90 days), except where we're required to keep it longer for legal, tax, accounting, or fraud-prevention purposes. Backups may persist for up to an additional 30 days before being overwritten.

6. Security

We use commercially reasonable technical and organizational safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for stored data and backups, scoped access controls, and audit logging. No system is perfectly secure, however, and we can't guarantee absolute security.

7. International transfers

The Service is hosted in the United States (AWS US-East-1). If you access AdWhip from outside the U.S., your data will be transferred to and processed in the U.S. and other countries where our service providers operate. By using the Service you consent to such transfers.

8. Your choices and rights

Depending on where you live, you may have rights to:

  • Access, correct, or delete personal information we hold about you.
  • Object to or restrict certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with a supervisory authority.

To exercise these rights, email us at privacy@adwhip.io. We may need to verify your identity before acting on a request.

California residents (CCPA/CPRA): we do not sell or share your personal information for cross-context behavioral advertising. You may request the categories of personal information we've collected, request deletion, and designate an authorized agent to act on your behalf.

EEA / UK residents (GDPR): our legal bases for processing are: (i) performance of a contract with you, (ii) our legitimate interests in operating and securing the Service, (iii) compliance with legal obligations, and (iv) your consent where required.

9. Cookies and tracking

We use:

  • Essential cookies / local storage to keep you signed in, remember workspace selection, and protect against CSRF.
  • Analytics cookies (e.g., privacy-conscious page analytics) to understand aggregate usage. These can be blocked by your browser without breaking the Service.

We do not use third-party advertising cookies and do not track you across other websites for marketing purposes.

10. Children

AdWhip is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we'll delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you via email or an in-product notice and update the “Effective date” above. Continued use of the Service after changes take effect means you accept the updated policy.

12. Contact us

Questions or requests? Email privacy@adwhip.io or support@adwhip.io.