GDPR

Overview

AdsBuddy is built and operated by Fluxer Labs, S.L., established in the EU. We comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page summarizes how that works and complements our Privacy Policy.

Controller and processor roles

For your AdsBuddy account information (name, email), we act as a data controller. For the advertising and revenue data we read from the accounts you connect, and the changes we apply on your instruction, we act as a data processor acting on your documented instructions. A Data Processing Addendum (DPA) reflecting this is available on request at info@fluxerlabs.com.

Lawful bases

We process personal data on these bases: performance of our contract with you (to provide the service you signed up for); your consent (for optional communications such as email digests, which you can withdraw at any time); and our legitimate interests (to secure, operate and improve the service), balanced against your rights.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time without affecting prior processing.

To exercise any of these, email info@fluxerlabs.com; we respond within the timeframes the law requires. You also have the right to lodge a complaint with your local data protection supervisory authority.

Sub-processors

We use a small set of vetted sub-processors strictly to run the service: Supabase (database hosting, EU region), Vercel (application hosting and basic analytics), Anthropic (the AI model that turns your data into recommendations), Resend (transactional and digest email) and Stripe (subscription billing). Each processes data under its own GDPR commitments. We don't sell your data or use it for advertising.

International transfers

Your core data is hosted in the EU. Where a sub-processor processes data outside the EEA/UK, that transfer is covered by an appropriate safeguard such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision.

Security

Per-tenant API credentials are encrypted at rest with AES-256-GCM; the master key lives only in server environment configuration. Every customer's data is isolated with database row-level security scoped to your account. Access to production data is limited to what's needed to operate and support the service.

Retention

We keep personal data while your account is active. You can disconnect an integration at any time to stop further collection from that source. On account deletion we remove your personal data and connected-account credentials, retaining only what law requires.

Contact

For any GDPR request or to obtain our DPA, email info@fluxerlabs.com.