Privacy Policy

Last updated: April 17, 2026

1. Introduction

AYTADA ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our AI-powered ad generation platform. This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Hashed password (managed by Supabase Auth)

2.2 Content You Provide

  • Product names, descriptions, and target audience information
  • Product images you upload
  • Creative preferences (business type, industry, ad style, tone)

2.3 Automatically Collected Information

  • Usage data (pages visited, features used, generation history)
  • Device and browser information
  • IP address
  • Error and performance logs (via Sentry)

2.4 Payment Information

We do not store credit card numbers or payment credentials. Payments are processed securely by PayPal and Paystack. We only store transaction references, amounts, and credit balances.

3. How We Use Your Information

  • Service delivery: To generate AI-powered ad content based on your inputs.
  • Account management: To maintain your account, credit balance, and project history.
  • Service improvement: To monitor performance, fix bugs, and improve generation quality.
  • Communication: To send transactional emails (account verification, payment receipts) and, with your consent, product updates.
  • Security: To detect and prevent fraud, abuse, and unauthorized access.
  • Legal compliance: To comply with applicable laws and respond to lawful requests.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: Authentication and database hosting (EU/US data centers).
  • OpenRouter: AI script generation via large language models.
  • fal.ai: AI video, image, audio, and vision generation.
  • ElevenLabs: AI voiceover synthesis.
  • Shotstack: Cloud video stitching and rendering.
  • PayPal: Payment processing (USD).
  • Paystack: Payment processing (ZAR).
  • Vercel: Application hosting and deployment.
  • Upstash: Rate limiting via Redis.
  • Sentry: Error monitoring and performance tracking.

Each third-party service has its own privacy policy. We only share the minimum data necessary for each service to function (e.g., product descriptions sent to AI models for generation).

5. AI-Generated Content

  • Product information you provide is sent to AI models to generate ad content.
  • We do not use your content to train AI models. Third-party AI providers may have their own data usage policies.
  • Generated content (scripts, videos, voiceovers) is stored in your account and accessible only to you.

6. Data Storage & Security

  • Your data is stored in Supabase-managed PostgreSQL databases with encryption at rest.
  • Row-Level Security (RLS) ensures users can only access their own data.
  • All connections use HTTPS/TLS encryption in transit.
  • Authentication is managed via secure, httpOnly cookies.
  • We implement rate limiting, input validation, and security headers to protect against common attacks.

7. Data Retention

  • Account data is retained as long as your account is active.
  • Generated content (videos, scripts) is retained in your account until you delete it or your account is terminated.
  • Payment transaction records are retained for legal and accounting purposes.
  • Error logs are retained for up to 90 days.

8. Your Rights

Under POPIA and applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your account and associated data.
  • Objection: Object to the processing of your personal information for direct marketing.
  • Data portability: Request your data in a structured, machine-readable format.
  • Withdraw consent: Withdraw consent for optional data processing at any time.

To exercise these rights, contact us at privacy@aytada.com. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or tracking cookies.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries outside South Africa where our third-party service providers operate. We ensure appropriate safeguards are in place for such transfers in compliance with POPIA and other applicable laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

For privacy-related inquiries, contact our Information Officer at privacy@aytada.com.