Privacy Policy

Last updated: June 22, 2026

Privacy Policy

This Privacy Policy explains how Spyvero collects, uses, discloses, retains, and protects personal information when you visit our website, create an account, use our application, submit audits, use monitors, join or manage an organization, buy credits, subscribe to a plan, contact us, or otherwise use our products and services (collectively, the "Service").

"Spyvero," "we," "us," and "our" refer to the operator of the Service. "You" means any visitor, account holder, customer, organization member, administrator, or other person who uses the Service.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, Refund Policy, and any plan, checkout, order, data processing, or written agreement that applies to your use of the Service. If you use the Service on behalf of a company, agency, client, or other organization, you are responsible for making sure that you have authority to provide personal information to us and that all required notices, permissions, and lawful bases are in place.

1. Scope of This Policy

This Privacy Policy applies to personal information that we process in connection with the Service. It does not apply to websites, services, payment portals, social platforms, public ad libraries, advertiser websites, or other third-party properties that we do not own or control.

The Service is intended for business use. It is not intended for children or for the submission of sensitive personal information, protected health information, government identifiers, payment card numbers outside approved checkout flows, biometric data, precise geolocation, or other regulated information unless we expressly agree in writing.

2. Personal Information We Collect

We collect personal information from you, from your organization, from your use of the Service, from public or third-party sources, and from service providers that help us operate the Service.

Information you provide

We may collect:

Account information, such as name, email address, password or password hash, profile image, login method, authentication provider, and account preferences.
Organization and team information, such as organization name, website, logo, industry, team size, organization type, role, invitations, members, administrators, onboarding answers, and billing ownership details.
Contact and support information, such as name, email address, company, messages, support requests, feedback, survey responses, and communications with us.
Audit, monitor, and workflow inputs, such as search queries, competitor names, domains, URLs, countries, platforms, filters, audit depths, monitor schedules, uploaded input images, comments, settings, and API requests.
Files and media you upload, such as profile images, organization logos, screenshots, input images, or other files submitted through the Service.
Billing-related information, such as plan selection, credit purchases, billing frequency, subscription status, transaction identifiers, Paddle customer and subscription identifiers, tax-related information, billing contact details, and payment status. We do not intentionally store full payment card numbers on our own systems; payment information is handled by Paddle.

Information collected automatically

When you use the Service, we and our service providers may collect:

Device and browser information, such as browser type, operating system, device type, language, referring URLs, pages viewed, links clicked, and approximate location inferred from IP address.
Usage information, such as login times, session information, audit activity, monitor activity, credit usage, plan limits, feature interactions, API usage, errors, diagnostics, and performance data.
Security information, such as IP address, authentication events, session tokens, verification tokens, magic link events, failed login attempts, suspicious activity indicators, and audit logs.
Cookies and similar technologies, as described in our Cookie Policy.

Public and third-party advertising data

Spyvero helps users search, organize, analyze, cluster, score, monitor, and reference publicly available advertising data and related third-party data. Depending on the audit, monitor, public source, and provider output, this may include public ad text, public creative media, advertiser or page names, public profile images, ad identifiers, public page IDs, page URLs, landing page URLs, platform labels, activity dates, impressions ranges, ad categories, calls to action, media hashes, embeddings, cluster scores, and analytical signals.

Some public advertising data may incidentally include names, images, likenesses, usernames, page information, or other information that relates to people or businesses. We process that information to provide ad intelligence, research, monitoring, scoring, clustering, storage, search, and reporting features. We do not claim ownership of third-party content displayed through the Service.

Information from third-party providers

We may receive information from providers that support authentication, payments, scraping, hosting, storage, analytics, error monitoring, email delivery, infrastructure, security, and customer support. Examples may include Google authentication data, payment processor customer IDs, webhook events, email delivery events, cloud storage metadata, scraping run IDs, and error or performance telemetry.

3. How We Use Personal Information

We use personal information for the following purposes:

Provide, operate, maintain, secure, and improve the Service.
Create and manage accounts, sessions, organizations, workspaces, roles, invitations, and permissions.
Process audits, monitors, reports, alerts, scores, clusters, exports, downloads, API requests, and related workflows.
Persist ad media, uploaded files, audit history, monitor history, and other Service data according to product functionality and retention practices.
Process subscriptions, credits, renewals, top-ups, invoices, taxes, refunds, disputes, fraud checks, and billing support through Paddle and related billing records.
Send transactional messages, including login links, verification emails, invitations, security alerts, billing notices, service updates, legal notices, and support responses.
Send marketing communications where permitted, and honor opt-out requests for non-essential marketing messages.
Monitor usage, enforce plan limits, meter credits, prevent abuse, detect fraud, protect security, debug errors, and maintain service reliability.
Analyze and improve product performance, features, user experience, infrastructure, pricing, and business operations.
Comply with legal obligations, enforce our terms, resolve disputes, respond to lawful requests, and protect our rights, users, customers, service providers, and the public.
Create aggregated, de-identified, or anonymized information that does not reasonably identify you.

We do not use your payment card information to make unrelated marketing profiles. We do not intentionally collect sensitive personal information for the purpose of inferring characteristics about you.

4. Legal Bases for Processing

Where privacy law requires a legal basis, we process personal information under one or more of the following bases:

Contract: to provide the Service, manage accounts and organizations, process billing, deliver purchased features, and perform our agreements with you.
Legitimate interests: to secure, maintain, improve, analyze, market, and protect the Service, prevent abuse, enforce terms, and develop business operations in ways that are not overridden by your privacy rights.
Consent: where you give consent, such as for certain optional cookies, marketing communications, or optional integrations.
Legal obligation: to comply with tax, accounting, consumer protection, sanctions, security, legal process, and other legal requirements.
Public interest or other lawful bases: where applicable law permits processing of public or third-party advertising data for business intelligence, research, security, or compliance purposes.

You may withdraw consent where processing is based on consent, but withdrawal will not affect processing that occurred before withdrawal or processing that is based on another lawful basis.

We may disclose personal information to the following categories of recipients:

Infrastructure, hosting, database, storage, and compute providers that help run the Service.
Authentication and identity providers that help you sign in or connect accounts.
Paddle and related payment, billing, banking, tax, fraud-prevention, and dispute-resolution providers.
Email, notification, support, analytics, logging, and error-monitoring providers.
Scraping, public data, media processing, background job, and workflow providers that help process audits and monitors.
Organization owners, administrators, and members, according to their roles and permissions.
Professional advisors, such as lawyers, accountants, auditors, insurers, and consultants.
Law enforcement, regulators, courts, government authorities, or other parties where we believe disclosure is required or permitted by law.
Parties involved in a merger, acquisition, financing, corporate reorganization, bankruptcy, sale of assets, or transfer of all or part of our business.
Other parties with your direction, consent, or as necessary to provide a feature you request.

We do not sell personal information for money. We do not knowingly share personal information for cross-context behavioral advertising as defined by California privacy law. If our practices change, we will update this Privacy Policy and provide any required choices.

6. Third-Party Services

The Service may use or integrate with providers such as Supabase or other database providers, Backblaze B2 or other S3-compatible storage providers, Inngest, Apify, Sentry, Resend or other email providers, Google for authentication, Crisp for support chat when configured, Paddle for supported payment and billing flows, hosting providers, analytics or diagnostic providers, and other operational services.

These providers process information under their own terms and privacy policies. We are not responsible for third-party websites, platforms, payment portals, advertiser pages, public ad libraries, or services that we do not control.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate the website and application, maintain sessions, remember preferences, secure accounts, measure usage, diagnose issues, and improve the Service. Some cookies are necessary for the Service to work. Other cookies may be optional, depending on how the Service is configured.

For more information, review our Cookie Policy. You can also adjust browser settings to block or delete cookies, but some parts of the Service may not work properly without them.

8. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and protect the Service.

Retention periods vary depending on the type of information and the reason we use it:

Account, organization, billing, credit, and subscription records may be retained while the account or organization is active and for a reasonable period afterward.
Audit and monitor records may be retained to provide history, reports, scoring, troubleshooting, abuse prevention, and paid features.
Public ad media and related archived media may be retained according to product functionality, technical limits, storage policies, and the retention periods described in the Service or applicable plan materials. The intended MVP retention window for downloaded ad media is 30 days, after which media may be archived, deleted, or otherwise limited according to storage policy and technical constraints.
Logs, security records, and diagnostics may be retained for a limited period unless needed for security, fraud prevention, legal compliance, or dispute resolution.
Contact, support, and legal communications may be retained as needed to respond to you and maintain business records.

When information is no longer needed, we may delete, anonymize, aggregate, archive, or restrict it. Backups and logs may persist for a limited time before deletion occurs in the ordinary course of business.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include access controls, authentication, encryption in transit, secure cloud infrastructure, logging, provider security controls, and limited access based on business need.

No method of transmission or storage is completely secure. You are responsible for keeping your credentials, devices, API keys, magic links, and organization access secure. Notify us promptly if you believe your account, organization, API key, or credentials have been compromised.

10. International Transfers

We and our service providers may process personal information in the United States, the European Economic Area, the United Kingdom, Ukraine, and other countries where we or our providers operate. These countries may have privacy laws that differ from those in your location.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, data processing terms, standard contractual clauses, transfer risk assessments, or other lawful mechanisms.

11. Your Choices and Rights

Depending on your location and applicable law, you may have rights to:

Access personal information we hold about you.
Correct inaccurate or incomplete personal information.
Delete personal information.
Restrict or object to certain processing.
Receive a portable copy of certain personal information.
Withdraw consent where processing is based on consent.
Opt out of certain marketing communications.
Appeal a privacy-rights decision where applicable law provides that right.
Lodge a complaint with a data protection authority or regulator.

You can update certain account and organization information inside the Service. To exercise rights that are not available in the Service, contact us using the details below. We may need to verify your identity, authority, location, and relationship to the account or organization before fulfilling a request.

Some information may be exempt from deletion, access, or correction where retention or processing is required or permitted for security, legal compliance, billing, dispute resolution, fraud prevention, public-interest archiving, freedom of expression, or other lawful reasons.

12. California and Other U.S. State Privacy Notices

If a U.S. state privacy law applies to your personal information, this section supplements the rest of this Privacy Policy.

We may collect the following categories of personal information:

Identifiers, such as name, email address, IP address, account ID, customer ID, and authentication identifiers.
Commercial information, such as subscriptions, plans, purchases, credit usage, billing status, and transaction records.
Internet or electronic network activity, such as log data, device data, pages viewed, feature usage, session data, and interaction data.
Professional or business information, such as company name, organization role, industry, team size, and business contact information.
User content and customer inputs, such as queries, messages, uploaded files, audit settings, monitors, and support communications.
Inferences and analytics, such as plan usage, feature usage, risk indicators, preferences, and product analytics.
Publicly available or third-party advertising information, such as public advertiser names, page information, ad content, ad metadata, and analytical signals.

We collect, use, disclose, and retain these categories for the purposes described in this Privacy Policy. We disclose these categories to the recipients described in Section 5. We do not knowingly sell personal information or share it for cross-context behavioral advertising. We do not knowingly collect personal information from children under 13.

Subject to applicable law, you may have the right to know, access, correct, delete, obtain a copy of, or opt out of certain uses or disclosures of personal information, and the right not to be discriminated against for exercising privacy rights.

13. European Economic Area, United Kingdom, and Switzerland

If GDPR, UK GDPR, Swiss data protection law, or similar law applies, Spyvero acts as a controller for personal information we process to operate our website, manage accounts, provide the Service, handle billing, communicate with you, secure the Service, and run our business.

For information that you or your organization submits to the Service for processing on your behalf, we may act as a processor or service provider depending on the context and applicable agreement. Your organization is responsible for determining whether it needs a separate data processing agreement.

You may have rights to access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority. You may contact us to exercise those rights.

14. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. The Service is intended for users who are at least 18 years old. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it where required.

15. Marketing Communications

You may opt out of non-essential marketing emails by using the unsubscribe link in the email or contacting us. Even if you opt out of marketing messages, we may still send transactional, administrative, billing, legal, security, and account-related communications.

16. Public Outputs, Exports, and Customer Responsibilities

Some Service features may allow you to export, download, share, publish, or otherwise use reports, ad data, public creative references, links, screenshots, files, or other outputs. You are responsible for how you use, store, secure, disclose, and lawfully process any exported or shared information.

If you submit information about another person, invite team members, upload files, use the Service for a client, or connect third-party accounts, you represent that you have provided required notices and obtained required permissions or lawful bases.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "last updated" date above. If changes are material, we will try to provide additional notice where practical or legally required.

Changes are effective when posted unless a later date is stated. Your continued use of the Service after the updated Privacy Policy becomes effective means you acknowledge the updated policy.

18. Contact

Questions, requests, or complaints about this Privacy Policy or our privacy practices may be sent to:

help@spyvero.com

Please do not send payment card numbers, passwords, government identifiers, or other sensitive information by email.

Privacy Policy

Last updated: June 22, 2026

Privacy Policy

"Spyvero," "we," "us," and "our" refer to the operator of the Service. "You" means any visitor, account holder, customer, organization member, administrator, or other person who uses the Service.

1. Scope of This Policy

2. Personal Information We Collect

We collect personal information from you, from your organization, from your use of the Service, from public or third-party sources, and from service providers that help us operate the Service.

Information you provide

We may collect:

Account information, such as name, email address, password or password hash, profile image, login method, authentication provider, and account preferences.
Organization and team information, such as organization name, website, logo, industry, team size, organization type, role, invitations, members, administrators, onboarding answers, and billing ownership details.
Contact and support information, such as name, email address, company, messages, support requests, feedback, survey responses, and communications with us.
Audit, monitor, and workflow inputs, such as search queries, competitor names, domains, URLs, countries, platforms, filters, audit depths, monitor schedules, uploaded input images, comments, settings, and API requests.
Files and media you upload, such as profile images, organization logos, screenshots, input images, or other files submitted through the Service.
Billing-related information, such as plan selection, credit purchases, billing frequency, subscription status, transaction identifiers, Paddle customer and subscription identifiers, tax-related information, billing contact details, and payment status. We do not intentionally store full payment card numbers on our own systems; payment information is handled by Paddle.

Information collected automatically

When you use the Service, we and our service providers may collect:

Device and browser information, such as browser type, operating system, device type, language, referring URLs, pages viewed, links clicked, and approximate location inferred from IP address.
Usage information, such as login times, session information, audit activity, monitor activity, credit usage, plan limits, feature interactions, API usage, errors, diagnostics, and performance data.
Security information, such as IP address, authentication events, session tokens, verification tokens, magic link events, failed login attempts, suspicious activity indicators, and audit logs.
Cookies and similar technologies, as described in our Cookie Policy.

Public and third-party advertising data

Information from third-party providers

3. How We Use Personal Information

We use personal information for the following purposes:

Provide, operate, maintain, secure, and improve the Service.
Create and manage accounts, sessions, organizations, workspaces, roles, invitations, and permissions.
Process audits, monitors, reports, alerts, scores, clusters, exports, downloads, API requests, and related workflows.
Persist ad media, uploaded files, audit history, monitor history, and other Service data according to product functionality and retention practices.
Process subscriptions, credits, renewals, top-ups, invoices, taxes, refunds, disputes, fraud checks, and billing support through Paddle and related billing records.
Send transactional messages, including login links, verification emails, invitations, security alerts, billing notices, service updates, legal notices, and support responses.
Send marketing communications where permitted, and honor opt-out requests for non-essential marketing messages.
Monitor usage, enforce plan limits, meter credits, prevent abuse, detect fraud, protect security, debug errors, and maintain service reliability.
Analyze and improve product performance, features, user experience, infrastructure, pricing, and business operations.
Comply with legal obligations, enforce our terms, resolve disputes, respond to lawful requests, and protect our rights, users, customers, service providers, and the public.
Create aggregated, de-identified, or anonymized information that does not reasonably identify you.

4. Legal Bases for Processing

Where privacy law requires a legal basis, we process personal information under one or more of the following bases:

Contract: to provide the Service, manage accounts and organizations, process billing, deliver purchased features, and perform our agreements with you.
Legitimate interests: to secure, maintain, improve, analyze, market, and protect the Service, prevent abuse, enforce terms, and develop business operations in ways that are not overridden by your privacy rights.
Consent: where you give consent, such as for certain optional cookies, marketing communications, or optional integrations.
Legal obligation: to comply with tax, accounting, consumer protection, sanctions, security, legal process, and other legal requirements.
Public interest or other lawful bases: where applicable law permits processing of public or third-party advertising data for business intelligence, research, security, or compliance purposes.

You may withdraw consent where processing is based on consent, but withdrawal will not affect processing that occurred before withdrawal or processing that is based on another lawful basis.

We may disclose personal information to the following categories of recipients:

Infrastructure, hosting, database, storage, and compute providers that help run the Service.
Authentication and identity providers that help you sign in or connect accounts.
Paddle and related payment, billing, banking, tax, fraud-prevention, and dispute-resolution providers.
Email, notification, support, analytics, logging, and error-monitoring providers.
Scraping, public data, media processing, background job, and workflow providers that help process audits and monitors.
Organization owners, administrators, and members, according to their roles and permissions.
Professional advisors, such as lawyers, accountants, auditors, insurers, and consultants.
Law enforcement, regulators, courts, government authorities, or other parties where we believe disclosure is required or permitted by law.
Parties involved in a merger, acquisition, financing, corporate reorganization, bankruptcy, sale of assets, or transfer of all or part of our business.
Other parties with your direction, consent, or as necessary to provide a feature you request.

6. Third-Party Services

7. Cookies and Similar Technologies

For more information, review our Cookie Policy. You can also adjust browser settings to block or delete cookies, but some parts of the Service may not work properly without them.

8. Data Retention

Retention periods vary depending on the type of information and the reason we use it:

Account, organization, billing, credit, and subscription records may be retained while the account or organization is active and for a reasonable period afterward.
Audit and monitor records may be retained to provide history, reports, scoring, troubleshooting, abuse prevention, and paid features.
Public ad media and related archived media may be retained according to product functionality, technical limits, storage policies, and the retention periods described in the Service or applicable plan materials. The intended MVP retention window for downloaded ad media is 30 days, after which media may be archived, deleted, or otherwise limited according to storage policy and technical constraints.
Logs, security records, and diagnostics may be retained for a limited period unless needed for security, fraud prevention, legal compliance, or dispute resolution.
Contact, support, and legal communications may be retained as needed to respond to you and maintain business records.

9. Security

10. International Transfers

11. Your Choices and Rights

Depending on your location and applicable law, you may have rights to:

Access personal information we hold about you.
Correct inaccurate or incomplete personal information.
Delete personal information.
Restrict or object to certain processing.
Receive a portable copy of certain personal information.
Withdraw consent where processing is based on consent.
Opt out of certain marketing communications.
Appeal a privacy-rights decision where applicable law provides that right.
Lodge a complaint with a data protection authority or regulator.

12. California and Other U.S. State Privacy Notices

If a U.S. state privacy law applies to your personal information, this section supplements the rest of this Privacy Policy.

We may collect the following categories of personal information:

Identifiers, such as name, email address, IP address, account ID, customer ID, and authentication identifiers.
Commercial information, such as subscriptions, plans, purchases, credit usage, billing status, and transaction records.
Internet or electronic network activity, such as log data, device data, pages viewed, feature usage, session data, and interaction data.
Professional or business information, such as company name, organization role, industry, team size, and business contact information.
User content and customer inputs, such as queries, messages, uploaded files, audit settings, monitors, and support communications.
Inferences and analytics, such as plan usage, feature usage, risk indicators, preferences, and product analytics.
Publicly available or third-party advertising information, such as public advertiser names, page information, ad content, ad metadata, and analytical signals.

13. European Economic Area, United Kingdom, and Switzerland

14. Children

15. Marketing Communications

16. Public Outputs, Exports, and Customer Responsibilities

17. Changes to This Privacy Policy

Changes are effective when posted unless a later date is stated. Your continued use of the Service after the updated Privacy Policy becomes effective means you acknowledge the updated policy.

18. Contact

Questions, requests, or complaints about this Privacy Policy or our privacy practices may be sent to:

help@spyvero.com

Please do not send payment card numbers, passwords, government identifiers, or other sensitive information by email.

Privacy Policy

1. Scope of This Policy

2. Personal Information We Collect

Information you provide

Information collected automatically

Public and third-party advertising data

Information from third-party providers

3. How We Use Personal Information

4. Legal Bases for Processing

5. How We Share Personal Information

6. Third-Party Services

7. Cookies and Similar Technologies

8. Data Retention

9. Security

10. International Transfers

11. Your Choices and Rights

12. California and Other U.S. State Privacy Notices

13. European Economic Area, United Kingdom, and Switzerland

14. Children

15. Marketing Communications

16. Public Outputs, Exports, and Customer Responsibilities

17. Changes to This Privacy Policy

18. Contact

Privacy Policy

1. Scope of This Policy

2. Personal Information We Collect

Information you provide

Information collected automatically

Public and third-party advertising data

Information from third-party providers

3. How We Use Personal Information

4. Legal Bases for Processing

5. How We Share Personal Information

6. Third-Party Services

7. Cookies and Similar Technologies

8. Data Retention

9. Security

10. International Transfers

11. Your Choices and Rights

12. California and Other U.S. State Privacy Notices

13. European Economic Area, United Kingdom, and Switzerland

14. Children

15. Marketing Communications

16. Public Outputs, Exports, and Customer Responsibilities

17. Changes to This Privacy Policy

18. Contact