Privacy Policy

Equaliser AI processes advertising platform metrics on your behalf. The data we collect is strictly limited to what is necessary for campaign analysis and reporting.

Platform metrics: spend, impressions, clicks, conversions, revenue, ROAS, CPA, and related performance data from Google Ads, Meta Ads, Microsoft Ads, TikTok Ads, and GA4.

Campaign structure: campaign names, ad group names, search terms, product feed attributes, and audience segments.

Account information: your name, email address, organisation name, and role — collected during registration.

Usage data: pages visited, features used, and actions taken within the application (stored in our audit log for security purposes).

We do not collect personal information about your customers. No end-user PII, payment data, or click-stream data ever enters our system.

We process personal data on the following bases:

Performance of a contract (Art. 6(1)(b) UK GDPR) — for delivering the Equaliser AI service to the agency that holds your account: account provisioning, authentication, billing, and the AI-driven analyses, reports and recommendations that are the subject of that contract.

Legitimate interests (Art. 6(1)(f) UK GDPR) — for product analytics that improve service quality (anonymised feature usage), security event logging in our immutable audit log, AI output quality scoring, and detection of fraud or abuse. The legitimate interests pursued are the secure, reliable and continuously improving operation of a paid-media intelligence platform. We have assessed that these interests do not override the rights and freedoms of data subjects given the nature of the data (no end-consumer PII enters our system) and the safeguards applied (RLS isolation, encryption at rest, retention limits).

Compliance with a legal obligation (Art. 6(1)(c) UK GDPR) — for retaining billing records for the period required by HMRC (currently six years), for responding to lawful requests from regulators including the Information Commissioner’s Office, and for breach notification.

Consent (Art. 6(1)(a) UK GDPR) — only where explicitly requested, such as inclusion in product research or beta features. Consent can be withdrawn at any time at privacy@equaliser.co.uk without affecting the service.

Where you connect a paid-media account (e.g. Google Ads, Meta Ads), we process the data we ingest from that account on behalf of the agency that holds the connection — the agency is the controller for that data, and we act as a processor under our Data Processing Agreement.

Performance analysis: aggregating and analysing campaign metrics to surface insights, anomalies, and optimisation opportunities.

AI-powered reporting: generating narrative summaries, diagnostic reports, and strategic recommendations using large language models.

Trend detection: identifying patterns across time periods to support forecasting and budget allocation decisions.

Product intelligence: analysing product feed data to identify performance tiers and supplemental feed opportunities.

All analysis is advisory only. Equaliser AI never makes changes to your ad platform accounts or executes actions on your behalf.

Database: Supabase (EU region), with Row-Level Security policies enforcing organisation-level data isolation. All data encrypted at rest with AES-256.

Data warehouse: Google BigQuery (EU multi-region), used for metric aggregation and view materialisation. Data encrypted at rest and in transit.

Application hosting: Vercel (global edge network), with TLS 1.3 encryption for all connections.

All infrastructure providers maintain SOC 2 Type II certification independently.

Access to production systems is restricted to authorised personnel with multi-factor authentication.

Equaliser AI uses third-party sub-processors for hosting, data warehousing, AI inference, ingestion, monitoring, billing, and email delivery. Every vendor handling customer data is listed in our sub-processor register at /trust/subprocessors with the data they see, the region it sits in, and the contractual safeguard (DPA / SCC / UK IDTA) in place.

The register is the canonical source — it is updated when a vendor is added, removed, or changes region. Customers receive 30 days’ notice before any change takes effect.

No customer data is sold, rented, or shared with any third party for marketing or advertising purposes. AI inference vendors (currently Anthropic) operate under zero-retention contracts and do not train models on customer data.

Active accounts: your data is retained for the duration of your subscription. Historical metric data is retained indefinitely to support trend analysis and year-over-year comparisons.

Cancelled accounts: data is retained for 30 days after account cancellation to allow for reactivation. After 30 days, all data is permanently deleted from our systems, including backups.

Audit logs: retained for 12 months for security and compliance purposes, then automatically purged.

AI-generated outputs (stories, reports, recommendations): retained for the duration of your subscription and deleted with your account.

Right of access: request a complete copy of all data we hold about you and your organisation at any time.

Right to export: download all your data in machine-readable JSON format via your account settings or our data export API (GDPR Article 20 — data portability).

Right to deletion: request complete deletion of your account and all associated data. We will comply within 30 days.

Right to rectification: request correction of any inaccurate data we hold about you.

Right to restrict processing: request that we limit how we process your data while a complaint is being resolved.

To exercise any of these rights, contact privacy@equaliser.ai. We will respond within 30 days.

Equaliser AI uses only essential cookies required for the application to function:

Authentication token: a secure, HTTP-only session cookie that keeps you signed in. Expires when you log out or after 7 days of inactivity.

Theme preference: a local storage value that remembers your light/dark mode choice.

We do not use tracking cookies, advertising cookies, or analytics cookies. We do not use any third-party cookie-based tracking.

Your data may be processed in the European Union, the United States, and other jurisdictions where our infrastructure providers operate.

All international transfers are protected by Standard Contractual Clauses (SCCs) and supplementary technical measures including encryption in transit and at rest.

We will notify you of material changes to this privacy policy via email and an in-app notification at least 14 days before the changes take effect.

Continued use of the service after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or complaints:

Email: privacy@equaliser.ai

Data Controller: Equaliser AI Ltd, United Kingdom

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.