Legal

Privacy policy.

Last updated: May 2026

01Who we are

Ad Spy is operated by Value Marketing (Greece). For privacy questions, contact k.t.kotsigiannis@value.marketing.

02What we collect

From you, when you sign up and use the Service:

  • Account information: name, email address, password (hashed with bcrypt), organization
  • Competitor URLs you scan and country preferences
  • Usage logs (timestamps, scan history) — for billing and abuse prevention

From third-party transparency libraries:

  • Public ad data about advertisers you choose to scan
  • Ad creative URLs, run dates, placement information
  • EU DSA reach metrics where exposed by the source platform

We do not collect personal data about end-users of the advertisers being scanned. We only store publicly available ad-library metadata.

03How we use it

  • To provide the Service (display scan results, compute spend estimates, send digests)
  • To improve the Service (aggregate usage statistics)
  • To bill you and prevent abuse
  • To contact you about service updates (you can opt out)

04Sub-processors

We use these third-party services to operate Ad Spy:

  • Railway — hosting and Postgres database
  • Resend — transactional email
  • Public ad libraries we query: Meta Ad Library API, Google Ads Transparency Center, TikTok Commercial Content API, LinkedIn Ad Library

05Data retention

Account data is retained while your account is active. Scan results are retained as long as you keep the competitor in your dashboard; deleting a competitor removes its stored ads. You can request full deletion of your account by emailing us — we'll process it within 30 days.

06Your rights (GDPR)

If you're in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Object to processing
  • Data portability
  • Lodge a complaint with your local data protection authority (in Greece: the Hellenic Data Protection Authority)

To exercise any of these rights, email k.t.kotsigiannis@value.marketing.

07Security

All traffic is encrypted via HTTPS. Database access is restricted to the application service. Passwords are hashed with bcrypt; session cookies are HttpOnly and SameSite=Lax. Secrets (API tokens, database credentials) are stored in our hosting provider's encrypted environment.

08Cookies

We use a single functional cookie for authentication (ads_session) and localStorage to remember your country / lookback preferences. No advertising or third-party tracking cookies.

09Changes

We'll notify active users of material changes to this policy by email at least 14 days before they take effect.