← Back home

Privacy Policy

Last updated: 14 May 2026

elev8ads.io (“elev8ads”, “we”, “us”) operates a SaaS platform that helps advertisers research, generate, and launch Meta ads. This policy explains what we collect, why, and how to control it.

1. Who runs this service

elev8ads is operated by Tijs Honders, the Netherlands. For privacy questions: hello@elev8ads.io.

2. Data we collect

  • Account data — email address, name (if provided), authentication identifiers.
  • Product data — campaign names, competitor domains you enter, AI-generated scripts and videos, ad performance metrics retrieved from your connected Meta account.
  • Meta integration — OAuth access tokens from your Meta ad account, stored AES-256-GCM encrypted at rest. We never share these.
  • Billing data — handled by our payment processor (Lemon Squeezy). We only store the subscription ID and plan status, not card details.
  • Usage telemetry — basic counters (campaigns created, scripts generated, credits consumed) for plan enforcement and product analytics.
  • Server logs — IP address, user agent, timestamps for security and debugging. Rotated within 30 days.

3. How we use it

  • Run the service you signed up for.
  • Generate AI scripts and UGC videos via Anthropic (Claude) and HiggsField on your behalf.
  • Sync ad performance from your Meta ad account every 6–24 hours via Meta Marketing API.
  • Send transactional and product emails via Resend.
  • Enforce plan limits and detect abuse.
  • Improve the product (aggregate, never tied to your account in shared reports).

4. Who we share data with

We share the minimum necessary with these processors, all bound by data processing agreements:
  • Supabase — database, auth, storage (EU region).
  • Vercel — application hosting.
  • Anthropic — Claude AI inference (no data retention beyond 30-day abuse review).
  • HiggsField — UGC video generation.
  • Meta Platforms — when you connect your ad account, we exchange data with Meta on your behalf.
  • Lemon Squeezy — payments and tax (acts as merchant of record).
  • Resend — transactional email delivery.
We do not sell your data to third parties. Ever.

5. Your rights (GDPR)

You can request access to, correction of, or deletion of your data at any time by emailing hello@elev8ads.io. We respond within 30 days. You can also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

6. Data deletion

Cancel your subscription and email us — we'll delete your account and all associated data within 30 days. Encrypted Meta tokens are revoked immediately on cancellation.

7. Cookies

We use first-party cookies for authentication only (Supabase session cookie). No tracking pixels, no third-party analytics on the marketing site.

8. Data security

All data in transit is TLS 1.3 encrypted. Meta access tokens and BYO API keys are AES-256-GCM encrypted at rest. Database access is restricted via IAM roles. We review security quarterly.

9. International transfers

Some processors (Anthropic, HiggsField, Vercel) operate in the US. Transfers happen under SCCs (Standard Contractual Clauses) and equivalent safeguards. EU data is stored primarily in EU (Supabase eu-west-1).

10. Changes

We'll update this page when our practices change and notify active users by email if changes are material.