← Back to Adi

Privacy Policy

Effective date: May 7, 2025 · Last updated: May 7, 2025

Adi ("Adi," "we," "us," or "our") operates the platform available at hiadi.co (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Information We Collect

1.1 Account Information

When you register we collect your name, email address, and a hashed password. We never store plaintext passwords.

1.2 Ad Platform Credentials

To connect your Meta or Google Ads accounts you authorize us through each platform's official OAuth flow. We store only the resulting access tokens — encrypted at rest with AES-256-GCM — and never your platform username or password. You can revoke access at any time from your settings or directly from the platform.

1.3 Advertising Performance Data

Once connected, Adi retrieves campaign, ad set, and ad-level performance metrics (impressions, clicks, spend, conversions, ROAS, etc.) on your behalf. This data belongs to you; we process it solely to provide the Service.

1.4 Business Information

During onboarding you may provide your business name, industry, target customer description, primary growth goal, and average deal value. This context is used to personalise AI analysis and recommendations.

1.5 Usage Data

We collect standard server logs (IP address, browser/device type, pages visited, timestamps) and product analytics events through PostHog to understand how the Service is used and to improve it. We do not sell this data.

1.6 Payment Information

Billing is handled by Stripe. We never see or store full card numbers. We retain your Stripe customer ID and subscription status to manage your plan.

2. How We Use Your Information

  • Provide, operate, and improve the Service.
  • Run AI-powered analysis, hypothesis generation, and experiment management on your ad accounts.
  • Send transactional emails (account creation, experiment results, billing receipts).
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not use your advertising data to train general AI models, sell to third parties, or share with other Adi customers.

3. AI Processing & Third-Party Sub-Processors

Adi uses large language models to generate insights and recommendations from your data. Your ad performance data and business context may be sent to the following sub-processors as part of that analysis:

Sub-processorPurposeLocation
Anthropic (Claude)AI reasoning & recommendationsUSA
Google (Gemini)Image & video analysisUSA
NeonDatabase hostingUSA
VercelApplication hosting & CDNUSA / Global
StripePayment processingUSA
ResendTransactional emailUSA
PostHogProduct analyticsUSA / EU
SentryError monitoringUSA
UpstashRate limitingUSA / Global

Each sub-processor is bound by data processing agreements consistent with applicable privacy law.

4. Data Retention

We retain your account data for as long as your account is active. Ad performance data is retained for up to 24 months to support trend analysis. When you delete your account we delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or tax purposes.

5. Security

We use industry-standard safeguards: TLS in transit, AES-256-GCM for stored platform tokens, bcrypt for passwords, and role-based access controls. No system is perfectly secure. We will notify affected users of a confirmed breach as required by law.

6. Your Rights

Depending on where you live, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data in machine-readable format (available in Settings → Export).
  • Object to or restrict certain processing.
  • Withdraw consent at any time (including revoking ad platform access).

To exercise any right, email us at privacy@hiadi.co. We will respond within 30 days.

7. Cookies

We use a single session cookie to keep you logged in. We use PostHog's first-party analytics cookie to understand product usage. We do not use advertising or tracking cookies and do not participate in cross-site tracking.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it promptly.

9. International Transfers

Adi is operated from Israel and the United States. If you are located in the EU/EEA, your data may be transferred to and processed in countries that do not provide the same level of protection as your home jurisdiction. We rely on Standard Contractual Clauses and sub-processor DPAs for such transfers.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email at least 14 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Questions, requests, or complaints about this policy:
privacy@hiadi.co