FeaturesPricingBlogDocs
Log InStart Free

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Crushlytics ("we", "us", or "our") operates the crushlytics.com website and the Crushlytics application (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a salted hash). If you upgrade to a paid plan, our payment processor (Stripe) collects your billing information. We do not store your full credit card number on our servers.

2.2 Ad Platform Data

When you connect a Google Ads or Meta Ads account, we access campaign performance data (such as spend, impressions, clicks, and conversions) through the respective platform APIs. This data is used solely to generate your reports. We do not sell, share, or use your ad platform data for any purpose other than providing the Service.

2.3 Usage Data

We automatically collect certain technical information when you use the Service, including your IP address, browser type, operating system, referring URL, pages viewed, and the date and time of your visit. This data helps us improve the Service and diagnose technical issues.

3. How We Use Your Information

  • To provide and maintain the Service, including generating reports and AI summaries
  • To process payments and manage your subscription
  • To send transactional emails such as account confirmations, billing receipts, and security alerts
  • To improve the Service through aggregated, anonymized analytics
  • To respond to support requests and communicate with you about your account
  • To comply with legal obligations and enforce our Terms of Service

4. Data Storage and Security

Your data is stored on servers provided by Supabase and hosted within the United States. We use industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256), and role-based access controls. While no system is 100% secure, we take reasonable precautions to protect your data from unauthorized access, alteration, or destruction.

5. Third-Party Services

We share information with third-party service providers only to the extent necessary to operate the Service:

  • Stripe for payment processing
  • Supabase for database hosting and authentication
  • Vercel for application hosting
  • Anthropic for AI summary generation (only aggregated campaign metrics are sent; no personally identifiable information is included)
  • Google Ads API and Meta Marketing API for retrieving your campaign data

We do not sell your personal information to any third party. We do not share your data with advertisers or data brokers.

6. Cookies

We use strictly necessary cookies to maintain your session and remember your authentication state. We use one analytics cookie (anonymized page views) to understand how the Service is used. We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser settings, but doing so may prevent parts of the Service from functioning correctly.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention obligations)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes

To exercise any of these rights, contact us at privacy@crushlytics.com. We will respond within 30 days.

8. Data Retention

We retain your account information for as long as your account is active. Ad platform data used for report generation is cached temporarily and is not stored beyond what is needed to produce your reports. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain certain records (for example, billing records for tax purposes).

9. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@crushlytics.com