Privacy Policy.

01Introduction

DeepAd Limited ("DeepAd", "we", "our", or "us") takes privacy seriously. This Privacy Policy explains what personal data we collect when you visit our website, request a demo, sign in to the platform, or otherwise interact with us — and what we do with it.

DeepAd is an independent ad-intelligence platform. We monitor and analyse search ads in public results pages; we do not access your advertising accounts, your campaigns, or any data on the platforms whose ads we observe. This policy concerns information about you, not the search ads our crawlers see on the open web.

We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR") and the Maltese Data Protection Act, Chapter 586 of the Laws of Malta.

02Who we are

The data controller responsible for your personal data is DeepAd Limited, a private limited company incorporated in Malta. You can reach us at the address below or by writing to our Data Protection Officer.

03Information we collect

We collect information in three ways:

• Information you give us. Your name, work email, company, role, and country when you request a demo or otherwise contact us. If you become a customer we also collect billing details, account credentials, and the configuration you create inside the platform (monitor names, prompts, scope settings).
• Information collected automatically. When you visit our site or use the platform we receive your IP address, approximate location, device and browser type, language, referring URL, the pages you view, and timestamps. This is standard server-log and product-analytics information.
• Information from third parties. We may receive limited business-context data from publicly available sources (e.g. company directories) to help route your enquiry to the right team.

We do not intentionally collect special-category data (health, religion, biometrics, etc.) and we ask that you do not include any in messages you send us.

04How we use your information

• To respond to enquiries, schedule demos, and provide customer support.
• To create and administer your account, authenticate sign-ins, and operate the platform.
• To bill you and keep accounting records as required by Maltese law.
• To improve the platform — measure feature adoption, debug issues, and prioritise the roadmap.
• To send service notices (security, billing, material policy changes). You can't unsubscribe from these while you're a customer.
• To send marketing emails about DeepAd, where we have a lawful basis to do so. You can opt out at any time.
• To detect, prevent, and investigate fraud, abuse, and security incidents, and to comply with legal obligations.

05Legal bases for processing

Under GDPR Article 6 we process personal data on one of the following bases:

• Performance of a contract — to deliver the services you've signed up for and respond to pre-contract requests.
• Legitimate interests — to run, secure, and improve our business, where those interests are not overridden by your rights and freedoms.
• Consent — for non-essential cookies and any direct marketing where consent is required. You can withdraw consent at any time.
• Legal obligation — to keep records, respond to lawful requests, and meet tax, accounting, or anti-money-laundering duties.

06Sharing and processors

We do not sell personal data. We share it only with vetted service providers who help us run the business, and only to the extent necessary. Categories of recipient include:

• Cloud hosting and infrastructure providers (e.g. Amazon Web Services in the EU).
• Email and CRM providers used to handle enquiries and customer communications.
• Product analytics (PostHog, EU-hosted), error tracking, and customer-support tooling.
• Bot-protection and content-delivery providers (e.g. Cloudflare, for demo-form anti-abuse and site delivery).
• Payment processors and accountants.
• Professional advisors (lawyers, auditors) under duty of confidentiality.
• Authorities, regulators, and courts where we are legally required to disclose.

Each processor is bound by a written agreement that meets the requirements of GDPR Article 28 and processes your data only on documented instructions from us.

07International transfers

Our infrastructure is hosted in the European Economic Area (EEA). Some of our service providers are based outside the EEA. Where personal data is transferred outside the EEA we rely on a valid transfer mechanism — typically an adequacy decision by the European Commission, or the European Commission's Standard Contractual Clauses with appropriate supplementary measures. For example, our bot-protection and content-delivery provider (Cloudflare) may process limited connection data in the United States under such clauses.

08How long we keep data

We keep personal data only for as long as we need it for the purposes set out in this policy, or as required by law. Indicative retention periods:

• Demo and contact-form submissions — 24 months from last contact, then deleted or anonymised.
• Active customer account data — for the duration of the contract, plus the period required to settle obligations.
• Billing and tax records — 10 years, as required by Maltese law.
• Server and security logs — typically 12 months.
• Marketing preferences — until you unsubscribe, plus a short suppression-list period to honour your choice.

09Security

We use technical and organisational measures appropriate to the risk: encryption in transit and at rest, role-based access controls, principle of least privilege, regular backups, documented incident response, and staff training. No system is perfectly secure — if you believe your account or data has been compromised, please email [email protected].

10Cookies and tracking

We use a small set of cookies and similar technologies, grouped as follows:

• Strictly necessary — required to remember your cookie choices and to protect forms (such as demo requests) from automated abuse. Always on.
• Analytics — a single tool, PostHog (EU-hosted, IP-anonymised), used to measure aggregate site usage so we can improve the Site. Off by default; enabled only if you consent. We do not use Google Analytics, Meta Pixel, LinkedIn pixels, or any other marketing tracker on this Site.

You can change your cookie choices at any time from the cookie banner or by clearing cookies in your browser. We do not use third-party advertising or cross-site tracking cookies.

11Your rights

Subject to the conditions set out in the GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase data that we no longer have a lawful basis to hold.
• Restrict or object to certain types of processing, including direct marketing.
• Data portability — receive your data in a structured, commonly used machine-readable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with a supervisory authority. In Malta this is the Information and Data Protection Commissioner (IDPC). You can also lodge a complaint with the supervisory authority of the EU Member State where you live or work.

To exercise any of these rights, email [email protected]. We will respond within one month, as required by law. There is no fee unless your request is manifestly unfounded or excessive.

12Children

DeepAd is a B2B service. It is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a child, please contact us and we will delete it.

13Changes to this policy

We may update this policy from time to time to reflect changes in our practices, our services, or applicable law. When we make a material change we'll update the "Last updated" date above and, where appropriate, notify you by email or with a notice in the platform. Previous versions are available on request.

14Contact us

If you have any questions about this policy or how we handle your personal data, please contact our Data Protection Officer: