Privacy Policy

AdCore AI is a product of Bug Hutch Ltd, a company registered in England and Wales. We operate the website adcoreai.com and the AdCore AI software-as-a-service platform (collectively, the “Service”).

This Privacy Policy explains how we collect, use, store, and share your personal data when you use the Service. It applies to all users worldwide, with specific provisions for individuals in the United Kingdom, European Union, and California (USA).

By using the Service you agree to the practices described in this Policy. If you do not agree, please discontinue use.

Account data: When you register, we collect your name, email address, company name, and password (hashed).

Google Ads data: With your explicit authorisation via OAuth, we access your Google Ads account data including campaign names, spend figures, impressions, clicks, conversions, and bid settings. We use this data solely to provide the Service. We do not sell, share, or use it for any purpose beyond operating AdCore AI on your behalf.

Billing data: Payment is processed by Stripe. We do not store full card numbers. We retain billing records (amounts, dates, plan tier) for legal and accounting purposes.

Usage data: We collect logs of actions taken within the Service (e.g. guardrail changes, page views) for debugging and product improvement.

Communication data: If you contact us via the contact form or email, we retain that correspondence.

Cookies and tracking: See our Cookie Policy for full details.

• To provide, operate, and improve the Service
• To process payments and manage your subscription
• To send transactional emails (receipts, alerts, password resets)
• To respond to support requests
• To detect fraud, abuse, and security incidents
• To comply with legal obligations

We do not use your data for advertising, and we do not sell your data to any third party.

For users in the UK and EU, we process personal data under the following lawful bases:

• Contract — processing necessary to deliver the Service you have subscribed to
• Legitimate interests — fraud prevention, security, product improvement
• Legal obligation — compliance with applicable laws
• Consent — where we ask for it explicitly (e.g. marketing emails)

We use the following sub-processors to operate the Service:

• Supabase — database and authentication infrastructure (data stored in EU region)
• Stripe — payment processing (PCI DSS compliant)
• Resend — transactional email delivery
• Google LLC — Google Ads API access, as authorised by you
• Vercel — hosting and edge delivery

Each sub-processor is subject to a data processing agreement and appropriate safeguards. We do not authorise sub-processors to use your data for their own purposes.

We retain your personal data for as long as your account is active. Upon account deletion we remove identifiable data within 30 days, except where retention is required by law (e.g. billing records retained for 7 years under UK accounting rules).

Google Ads data snapshots are retained for up to 12 months and are permanently deleted on account closure.

If you are located in the UK or EU, you have the following rights under the UK GDPR / EU GDPR:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your personal data
• Restriction — ask us to limit processing in certain circumstances
• Portability — receive your data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent

To exercise any of these rights, email support@adcoreai.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

• Know — the categories and specific pieces of personal information we collect
• Delete — request deletion of your personal information
• Opt-out of sale — we do not sell personal information
• Non-discrimination — we will not discriminate against you for exercising your rights

To submit a CCPA request, email support@adcoreai.com with the subject line “CCPA Request”. We will verify your identity and respond within 45 days.

Categories of personal information collected in the past 12 months: identifiers (name, email), commercial information (subscription history), internet activity (usage logs), and professional information (company name).

Bug Hutch Ltd is based in the UK. If your data is transferred to countries outside the UK or EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK ICO or EU Commission.

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. Continued use of the Service after that date constitutes acceptance of the updated Policy.

Bug Hutch Ltd
Email: support@adcoreai.com
Website: adcoreai.com