Data Security Information
How we protect your data, your copy, and your business.
Your data is yours — always.
Your business ideas, copy inputs, and generated content are private to your account. We do not sell your data, share it with advertisers, or use it to train AI models.
Encryption at Rest & In Transit
All data stored in AdCopyWizards is encrypted at rest using AES-256 encryption via Supabase (built on PostgreSQL). All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Your copy, inputs, and account details are never sent or stored in plain text.
Payment Security
AdCopyWizards does not store, process, or transmit your credit card information directly. All payments are handled exclusively by Stripe — a PCI DSS Level 1 certified payment processor. This is the highest level of payment security certification available. We never see your full card number.
Authentication & Access Control
User authentication is managed through Supabase Auth, which supports industry-standard secure login, session management, and password hashing (bcrypt). Each user can only access their own account, outputs, and billing data. Admin access is restricted to verified owner accounts via server-side role checks.
AI & Your Copy Inputs
When you use a wizard, your inputs (offer details, audience information, etc.) are sent to an AI language model (OpenAI or Anthropic) to generate your copy. These inputs are used solely to produce your requested output — they are not used to train AI models, shared with third parties for marketing, or retained by AI providers beyond the request lifecycle per their data processing agreements.
Data Isolation
Every user's data is logically isolated. Your generated copy, wizard inputs, and account information are tied to your unique user ID and cannot be accessed by other users. Row-level security (RLS) is enforced at the database level — not just in application code — ensuring unauthorized access is blocked even in edge cases.
Data Retention
We retain your account data and generated content for as long as your account is active. If you cancel your account and request deletion, we will permanently remove your personal data and generated content within 30 days, except where retention is required by law (e.g., billing records). You may request your data or deletion at any time via our contact page.
Third-Party Infrastructure
AdCopyWizards is built on trusted, enterprise-grade infrastructure: Supabase (database & auth), Stripe (payments), OpenAI & Anthropic (AI generation), Vercel/Replit (hosting), and Google Analytics & Microsoft Clarity (anonymized analytics). Each provider is contractually bound to handle your data in accordance with applicable privacy laws.
Compliance
AdCopyWizards is committed to compliance with applicable data protection laws including GDPR (for EU users) and CCPA (for California users). You have the right to access, correct, export, or delete your personal data at any time. See our Privacy Policy for full details on your rights.
Security Incident Response
In the event of a confirmed data breach that affects your personal information, we will notify affected users within 72 hours of discovery — or as required by applicable law — via the email address on your account. We will describe the nature of the breach, what data was affected, and the steps we are taking to mitigate the impact.
Your Responsibilities
You are responsible for keeping your login credentials confidential. Use a strong, unique password and do not share your account. If you suspect unauthorized access, reset your password immediately and contact us. We will never ask for your password via email or chat.
Have a security concern?
If you discover a potential vulnerability or have a data-related concern, please contact us directly. We take all reports seriously and respond promptly.
Contact Our Team