Privacy Policy

AdZhi Ltd · Last updated: January 2026 · Effective from launch

1. Who we are

AdZhi Ltd is a company registered in England and Wales. We provide acoustic creative intelligence software for video advertisements. Our registered address and data controller contact: privacy@adzhi.co.uk.

2. What data we collect

• Account data: Email address, hashed password, plan type, billing history. Required to provide the service.
• Video and audio files: Files you upload for analysis. These are processed by our pipeline and stored temporarily on Render's infrastructure. Raw files are deleted after analysis completes. Derived analysis results (acoustic scores, transcript, metrics) are stored in your account.
• Usage data: Analysis history, feature usage, login timestamps. Used to improve the product and trigger relevant lifecycle emails.
• Payment data: Handled entirely by Stripe. We do not store card numbers. We store Stripe customer IDs and subscription status.
• Analytics: We use Plausible Analytics — a privacy-first, cookieless analytics provider. No personal data is transmitted. No cookies are set. No cross-site tracking.

3. How we use your data

• To provide acoustic analysis of the video files you upload
• To manage your subscription and billing via Stripe
• To send transactional emails: account confirmation, analysis complete, billing events, plan limit alerts
• To send marketing emails where you have not opted out: re-engagement, annual plan offers, product updates
• To improve our acoustic analysis models using aggregated, anonymised signal data — only where you have explicitly opted in (off by default; see Section 5)

4. Email communications and unsubscribe

We send two types of email:

• Transactional emails (always sent): account confirmation, analysis complete notification, billing receipts, plan limit warnings. These are necessary to provide the service.
• Marketing emails (opt-out available): re-engagement after inactivity, annual plan offers, product updates. You can unsubscribe from these at any time.

To unsubscribe from marketing emails: click the unsubscribe link in the footer of any marketing email, or email privacy@adzhi.co.uk. Unsubscribing from marketing emails does not affect transactional emails.

5. Data retention

• Raw video/audio files: Deleted immediately after analysis completes (typically within minutes of upload; no longer than 24 hours in any case). Your uploaded creative is never persisted to long-term storage.
• Analysis results: Retained for the life of your account. Deleted within 30 days of account deletion.
• Account data: Retained for the life of your account plus 90 days for billing dispute purposes.
• Anonymised acoustic signal data: Only collected where you have explicitly opted in (Account → Data & Privacy). If opted in, numeric feature vectors (no audio, no transcript, no PII) are retained indefinitely. To request deletion, email privacy@adzhi.co.uk.

6. Your rights (UK GDPR)

As a UK data subject, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated personal data
• Portability: Request your analysis data in a machine-readable format
• Objection: Object to processing for marketing purposes (see Section 4)
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, email privacy@adzhi.co.uk. We will respond within 30 days.

7. Third parties

• Render: Infrastructure and hosting (EU/US). Processes video files during analysis.
• Stripe: Payment processing. Subject to Stripe's privacy policy.
• Anthropic (Claude API): LLM analysis of ad transcripts. Prompts include transcript text only — no personal data.
• Resend: Transactional and marketing email delivery.
• Plausible Analytics: Cookieless, privacy-first web analytics. No personal data transmitted.
• AssemblyAI (optional): Fallback transcription for complex audio. Processes audio files where Whisper confidence is insufficient.

8. Cookies

We do not use tracking cookies. Plausible Analytics is cookieless. We use browser localStorage for session preferences (dismissed UI banners, theme settings) only. No cross-site tracking. No advertising cookies.

9. Security

Passwords are hashed using bcrypt. API communications use HTTPS. Database connections are encrypted. Access tokens use JWT with HS256 signing. We do not log passwords, reset tokens, or OAuth tokens. Database access is restricted to the application layer.

10. Changes to this policy

We will notify registered users of material changes by email. Continued use of the service after notification constitutes acceptance.