Privacy Policy

Effective date: April 25, 2026

This Privacy Policy explains how AI Install Co. ("Company," "we," "us," or "our"), located at 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, collects, uses, shares, and protects your personal information when you use AI Install Ads ("Service"). By using the Service, you consent to the practices described in this policy.

Short version: We collect the minimum we need to run your ad campaigns, we do not sell your data, we do not retarget you, and we only share data with the specific vendors listed below.

1. Information We Collect

Information You Provide

• Account information: Your name, email address, and a bcrypt hash of your password. We never store passwords in plain text.
• Payment information: Billing is handled entirely by Whop. We receive your plan status, invoice history, and subscription metadata. We do not see or store your full credit card number.
• Ad account connections: OAuth tokens for Meta, Google, LinkedIn, TikTok, Pinterest, and X, issued to us via Zernio (our ad-platform integration layer). We receive tokens only, never your ad-platform passwords.
• Campaign data: Websites you submit, campaign structures, ad copy, creative assets, audiences, budgets, and performance metrics your agent builds and manages.
• Communications: Emails or messages you send us for support or feedback.

Information Collected Automatically

• Usage analytics: Pages viewed, buttons clicked, features used, errors encountered, session duration, and referral source. Collected via our first-party analytics script (analytics.js).
• Cookies: We use a minimal cookie consent system. Your login session is stored as a JWT in your browser's localStorage, not as a cookie. Our cookie consent script (cookie-consent.js) manages any optional analytics cookies.
• Device and browser information: Browser type, operating system, screen resolution, and IP address (used for security and abuse prevention).

2. How We Use Your Data

We use your information to:

• Provide the Service: Create and manage your ad campaigns, generate creative assets, connect to ad platforms, and display campaign results.
• Process payments: Manage your subscription and billing through Whop.
• Send service emails: Password resets, account reminders, billing receipts, product updates, and weekly performance reports via Resend.
• Improve the platform: Analyze aggregate usage patterns to fix bugs, improve features, and tune AI performance. We never single out your account for AI training without your explicit consent.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Communicate with you: Respond to support requests and send important service announcements.

3. Third-Party Services

We share data with a specific, limited set of vendors, each performing a single function:

• Whop — Subscription billing and payment processing. Receives your email and payment details.
• Resend — Transactional email delivery. Receives your email address and email content (password resets, account reminders, receipts, reports).
• Zernio — Ad-platform integration layer. Handles OAuth and API calls to Meta, Google, LinkedIn, TikTok, Pinterest, and X on your behalf.
• Meta, Google, LinkedIn, TikTok, Pinterest, X — Ad platforms. Receive campaign data, ad creative, and targeting information when you publish campaigns.
• OpenRouter — AI model routing. Processes campaign-related prompts to generate ad copy, strategy, and suggestions. Receives campaign context; no personally identifiable information is sent unless it appears in your campaign content.
• Pollinations — AI image generation. Generates ad creative images based on campaign prompts. Receives text prompts describing desired images.

What we do not do: We do not sell your data to anyone. We do not share it with advertisers or data brokers. We do not run retargeting pixels on you. If a government subpoena or legal request comes for your data, we will notify you unless legally prohibited from doing so.

4. Cookies & Tracking

We use minimal, privacy-respecting tracking:

• First-party analytics (analytics.js): Collects aggregate product usage data (pages viewed, clicks, errors). No third-party ad or retargeting pixels.
• Cookie consent (cookie-consent.js): Manages your consent preferences for any optional cookies.
• Session storage: Your authentication token is stored in localStorage as a JWT. It is not transmitted as a cookie.

We do not use third-party tracking cookies, advertising pixels, or fingerprinting techniques.

5. Data Retention

• Active accounts: We retain your data for as long as your account is active.
• After cancellation: Your data is retained for 90 days in case you want to reactivate. After 90 days, data is deleted from live systems.
• Backups: Database backups roll off within 180 days of deletion. After that, your data is gone from our infrastructure entirely.
• Early deletion: You can request immediate deletion at any time (see "Your Rights" below). We will process your request within 30 days.

6. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data. You can initiate this from your account settings or by emailing us.
• Right to data portability: Request a structured, machine-readable export of your data. Available via your account settings.
• Right to restrict processing: Request that we limit how we use your data.
• Right to object: Object to processing of your data for certain purposes, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

Our legal bases for processing your data are: performance of a contract (providing the Service), legitimate interests (improving the platform, ensuring security), and consent (where applicable, such as marketing emails).

To exercise any of these rights, email mikee@aiinstall.co. We will respond within 30 days.

7. CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know: Request disclosure of what personal information we collect, use, disclose, and sell.
• Right to delete: Request deletion of your personal information.
• Right to opt-out of sale: We do not sell your personal information. No opt-out is necessary.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a request, email mikee@aiinstall.co. We will verify your identity and respond within 45 days.

8. Children's Privacy

AI Install Ads is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us at mikee@aiinstall.co and we will promptly delete the account and all associated data.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Passwords are hashed with bcrypt (never stored in plain text).
• All connections use HTTPS/TLS encryption in transit.
• Ad-platform OAuth tokens are encrypted at rest in our database.
• Server access is restricted to SSH key authentication only, with firewall rules and automatic security updates.
• Access to production systems is limited to authorized personnel.

No system is perfectly secure. If we discover a data breach that affects your personal information, we will notify you promptly via email with details of what happened and recommended steps.

10. International Data Transfers

Our servers are located in North America. If you access the Service from outside North America, your data will be transferred to and processed in the United States and Canada. By using the Service, you consent to this transfer.

For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required. If you have concerns about international transfers, contact us at mikee@aiinstall.co.

11. Changes to This Policy

We may update this Privacy Policy as the Service evolves. For material changes — anything that affects how we collect, use, or share your data — we will email you at least 30 days before the change takes effect.

Non-material edits (clarifying wording, adding a new vendor category, formatting) will be reflected here with an updated effective date.

12. Contact & Data Protection

For privacy questions, data requests, or any concerns about how we handle your information:

• Email: mikee@aiinstall.co
• Mail: AI Install Co., 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801

We will respond to all privacy-related inquiries within 30 days.