Privacy Policy

This Privacy Policy describes how PandaAds ("we", "our", or "us") collects, uses, and protects your personal information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Username
• Name (if provided)
• Password (stored securely using industry-standard encryption)

1.2 API Keys

If you choose to add an OpenRouter API key to use our AI features, we:

• Store your API key using AES-256-GCM encryption
• Never display your full API key back to you
• Only use your API key to make requests to OpenRouter on your behalf
• Track usage statistics (token counts, costs) for your reference

1.3 Content You Create

We store the following content you create in our service:

• Companies: Company names, descriptions, website URLs, scraped website content (markdown), and AI-generated company summaries
• Writing Styles: Custom writing styles you create, including style names, descriptions, and style guides
• Style Clones: Content samples you provide for style analysis, and the resulting style guides generated by AI
• Ads: Ad titles, content, and metadata you generate using our service
• Folders: Folder names and organization structure for your ads

1.4 Usage Data

We track:

• API usage logs (model used, token counts, costs) for analytics and billing transparency
• Last login timestamps
• Account creation and update timestamps

1.5 Technical Information

We may collect technical information such as:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information
• Usage patterns and interactions with our service

2. How We Use Your Information

We use your information to:

• Provide and maintain our service
• Process your requests and generate ads using AI
• Authenticate your account and ensure security
• Track API usage and costs for your reference
• Improve our service and develop new features
• Communicate with you about your account or our service
• Comply with legal obligations

3. Data Storage and Security

3.1 Data Storage

Your data is stored in:

• PocketBase: User authentication data (email, username, password hash)
• PostgreSQL: All other application data (companies, ads, writing styles, API keys, etc.)

3.2 Security Measures

We implement security measures to protect your data:

• API keys are encrypted using AES-256-GCM encryption
• Passwords are hashed using secure algorithms
• Data is transmitted over HTTPS
• Access to your data requires authentication
• Regular security audits and updates

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We use third-party services (OpenRouter API) to provide AI functionality. Your API key is used to authenticate requests to OpenRouter, but we do not share your personal data with them.
• Legal Requirements: We may disclose your information if required by law or to protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or sale, your information may be transferred to the new entity.

5. Your Rights

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct your personal information
• Deletion: Request deletion of your account and associated data
• Export: Export your data in a machine-readable format
• Objection: Object to certain processing of your data

To exercise these rights, please contact us using the information provided below.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

7. Cookies and Tracking

We use localStorage to store authentication tokens and user preferences. We do not use cookies for tracking or advertising purposes.

8. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children.

9. International Data Transfers

Your data may be stored and processed in servers located outside your country of residence. By using our service, you consent to the transfer of your data to these locations.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Company: Buro Ops AS
• VAT: 832405612
• Address: Ullevålsveien 12, 0171 Oslo, Norway