Privacy Policy

AdCrime is a brand-protection service operated by Staromeda OÜ, a company registered in Estonia, European Union. For the purposes of the EU General Data Protection Regulation (GDPR), Staromeda OÜ is the data controller responsible for the personal data described in this policy. You can reach us about any privacy matter at mario@adcrime.com.

We collect only what we need to provide the service:

• Account information — your name, work email, the brand name, and the website you register to protect.
• Scan inputs — the keywords and official domains you ask us to monitor.
• Scan results — the advertisements, redirect chains, tracking parameters, and screenshots of publicly accessible ad and landing pages that our scanners capture, together with our fraud classifications.
• Billing information — processed by Stripe. We receive confirmation of payment and subscription status; we never see or store full card numbers.
• Technical data — IP address, browser and device information, and session identifiers needed to keep you signed in and to keep the service secure.

Our scanners only capture content that is publicly visible in search results and on the pages those ads lead to. We do not access private accounts, systems, or credentials.

We process personal data only where the law allows. Our legal bases under Article 6 of the GDPR are:

• Performance of a contract — to create your account, run the scans you request, deliver results, and bill you.
• Legitimate interests — to operate, secure, and improve the service, prevent abuse, and protect our and our customers' rights, balanced against your own interests and rights.
• Consent — to send optional product or marketing emails, which you may withdraw at any time.
• Legal obligation — to keep accounting and tax records as required by Estonian and EU law.

• We do not sell your personal data.
• We do not share your scan inputs or results with third parties for advertising.
• We do not use the data you submit to us to target advertising.

We rely on a small set of vetted providers (sub-processors) to run AdCrime. Each is bound by a data-processing agreement and may only use your data to provide their service to us:

• Supabase — database, authentication, and file storage, hosted in the EU.
• Stripe — payment processing and subscription billing.
• Vercel — application hosting and content delivery.
• Email and infrastructure providers — to send transactional email and operate our scanning fleet.

We keep this list current as the service evolves.

We store data primarily within the European Union. Where a sub-processor processes data outside the European Economic Area, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses — so that your data continues to receive an equivalent level of protection.

We keep account and scan data for as long as your account is active, so that your history remains available to you. If you close your account or ask us to delete your data, we remove it within a reasonable period — except where we are required to retain certain records, such as billing and tax records, for the period set by law.

Under the GDPR you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and the right to data portability. Where our processing is based on consent, you may withdraw that consent at any time. To exercise any of these rights, email mario@adcrime.com and we will respond within the timeframe required by law.

We use only the cookies necessary to operate the service — chiefly to keep you securely signed in. We do not use third-party advertising or cross-site tracking cookies.

Data is held in encrypted systems on EU-compliant infrastructure, protected by access controls and encryption in transit and at rest. No system is ever perfectly secure, but we apply technical and organisational measures appropriate to the sensitivity of the data we hold.

AdCrime is a professional tool intended for business use. It is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16.

We may update this policy as our service or our legal obligations change. When we do, we will revise the “last updated” date above and, for material changes, notify you through the service or by email.