Wilburads
Log inTry Wilbur
SOC 2 Aligned

Privacy Policy

Last updated: January 30, 2026

Access Your Data
Export Anytime
Request Deletion
Encrypted Data

1. Introduction

Wilbur Ads ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered ad generation platform.

We are committed to SOC 2 Type II compliance principles and adhere to GDPR, CCPA, and other applicable data protection regulations.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Payment Information: Billing details processed securely through Stripe (we do not store full card numbers)
  • Website URLs: URLs you submit for ad generation
  • Custom Context: Any additional context or brand information you provide
  • Support Communications: Messages you send to our support team

2.2 Information Collected Automatically

  • Usage Data: Features used, generation history, and interaction patterns
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed
  • Cookies: Essential and analytics cookies (see our Cookie Policy)

2.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google, we receive your name and email
  • Ad Platform Integrations: When you connect Meta or Google Ads, we access account data as authorized

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our ad generation services
  • Process your transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

We do NOT: Sell your personal data, use your content to train AI models without consent, or share your data with third parties for their marketing purposes.

4. Data Retention

We retain your data according to the following schedule:

Account DataUntil account deletion + 30 days
Generated Ads90 days after generation
Payment Records7 years (legal requirement)
Security/Audit Logs1 year
Analytics Data26 months (anonymized)

5. Data Security (SOC 2 Aligned)

We implement industry-standard security measures aligned with SOC 2 Trust Service Criteria:

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Controls

Role-based access with principle of least privilege, MFA required

Infrastructure

Hosted on Vercel and Supabase with SOC 2 Type II certified infrastructure

  • Monitoring: 24/7 security monitoring and anomaly detection
  • Incident Response: Documented incident response procedures with 72-hour breach notification
  • Vendor Management: All sub-processors vetted for security compliance
  • Audit Logging: Comprehensive audit trails for all data access and modifications

6. Your Rights

GDPR Rights (EU/EEA/UK)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities

CCPA Rights (California Residents)

  • Know: What personal information is collected and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out: Opt out of sale of personal information (we do not sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights: Email privacy@wilburads.com or use the data controls in your account settings. We respond to all requests within 30 days.

7. International Data Transfers

We process data in the United States. For transfers from the EU/EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA) for UK transfers
  • Adequacy decisions where applicable

8. Sub-processors

We use the following vetted sub-processors:

Vercel Inc.Hosting & CDN (USA)
Supabase Inc.Database & Auth (USA)
Stripe Inc.Payments (USA)
OpenAI LLCAI Processing (USA)
Fal.aiImage Generation (USA)

Subscribe to sub-processor updates: privacy@wilburads.com

9. Cookies

We use essential cookies for authentication and security, and optional analytics cookies to improve our service. See our full Cookie Policy for details and controls.

10. Children's Privacy

Wilbur Ads is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email at least 30 days before they take effect. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

Privacy Inquiries: privacy@wilburads.com

Data Protection Officer: dpo@wilburads.com

General: hello@wilburads.com

EU/UK residents may also lodge a complaint with your local data protection authority.