Adtelieadteliea place to create
Back to Adtelie

Legal

Privacy Policy

This page explains what personal data Adtelie processes, why we process it, who we share it with, and the rights you have under European data-protection law.

Last updated — 13 May 2026

1. Data controller

Data processing on this website and in the Adtelie product is carried out by the website operator:

COOLAGENCY — Lioumpov Kiourtzidou
Immenhofer Str. 25
70180 Stuttgart, Germany
Email: hello@adtelie.com

For the purposes of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), the operator above is the controller of your personal data.

2. Scope of this policy

This policy applies to the Adtelie website at adtelie.com, the Adtelie web application, and any related services we provide (collectively, the “Service”). It does not cover third-party websites we link to — those have their own privacy policies.

3. Data we process

We process the following categories of personal data, depending on how you interact with us:

Account data

  • Email address, name, and (if you sign in with Google) your Google profile picture.
  • A hashed password (we never see or store your actual password) or, for OAuth sign-ins, a stable provider ID.
  • The workspace and role you belong to inside Adtelie.

Usage data

  • Pages and features you visit, action timestamps, and the device, browser and IP address you connect from.
  • Diagnostic logs we keep for up to 30 days to debug crashes and abuse.

Content data

  • The briefs, prompts, brand assets, product references and source files you upload to generate creatives.
  • The creatives Adtelie generates for you and any feedback you leave on them.

Billing data

  • Plan, subscription status, invoices and the last four digits of your payment method.
  • We do not store full card numbers — payments are processed by Stripe (see §6).

4. Purposes & legal bases

Under GDPR we must tell you, for each purpose, the legal basis we rely on.

  • To provide the Service— account creation, authentication, generation of creatives, customer support. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To bill you and prevent fraud— invoicing, dunning, chargeback handling. Legal basis: performance of a contract and our legitimate interest in being paid (Art. 6(1)(b) and 6(1)(f) GDPR).
  • To improve the Service— product analytics, aggregate usage metrics, debugging. Legal basis: legitimate interest in operating and improving a product you pay for (Art. 6(1)(f) GDPR). You can object at any time (see §9).
  • To send transactional email— receipts, password resets, security alerts. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To send product updates and marketing email— only if you opt in. Legal basis: your consent (Art. 6(1)(a) GDPR). You can withdraw consent at any time via the unsubscribe link in any such email.
  • To comply with the law— e.g. tax retention, lawful information requests. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

5. AI generation & your content

When you upload a brief, brand asset or product reference, that content is stored on our infrastructure and sent to AI sub-processors (see §6) so we can generate the creatives you ask for.

  • We do not train our own models on your content, and we use commercial API tiers with our AI providers that contractually forbid them from training their models on the data we send.
  • Generated creatives belong to you. We keep a copy in your workspace so you can re-download or iterate on them later. You can delete any creative at any time.
  • Where you upload third-party brand assets, you confirm you have the right to do so. Adtelie is not the rights-holder of those inputs and does not warrant the rights status of AI-generated outputs — see the Terms of Use for the full split.

6. Sub-processors

We use a small set of vetted vendors to run the Service. Each one has signed a data-processing agreement with us.

  • Supabase Inc.(USA, hosted in the EU region) — database, authentication, file storage.
  • Vercel Inc.(USA, EU edge regions) — web hosting, edge functions, analytics.
  • Stripe Payments Europe Ltd.(Ireland) — subscription billing and payment processing.
  • OpenAI Ireland Ltd.— large-language and image generation models, on no-training commercial tier.
  • Replicate Inc.(USA) — image and video generation models, on no-training commercial tier.
  • Resend, Inc.(USA) — transactional email delivery.

A current sub-processor list is available on request at hello@adtelie.com.

7. International transfers

Some of the sub-processors above are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs), combined with the supplementary technical measures (encryption in transit and at rest) recommended by the EDPB, as the legal mechanism for the transfer.

8. Retention

  • Account data— kept for as long as your account is active, then deleted within 30 days of account closure.
  • Content data— kept for as long as your account is active. You can delete individual creatives or whole workspaces at any time; deletions are permanent within 14 days.
  • Billing data— kept for 10 years after the end of the calendar year of the transaction, as required by German tax law (§ 147 AO).
  • Diagnostic logs— rotated and deleted after 30 days.

9. Your rights

Under GDPR you have the right to:

  • request a copy of the personal data we hold about you (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have your data erased, subject to legal retention obligations (Art. 17);
  • restrict or object to processing based on our legitimate interests (Art. 18 and 21);
  • receive your data in a portable, machine-readable format (Art. 20);
  • withdraw any consent you previously gave, at any time, without affecting prior processing (Art. 7(3));
  • lodge a complaint with a supervisory authority. Our lead supervisory authority is the Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW).

To exercise any of these rights, email hello@adtelie.com. We respond within 30 days.

10. Security

We protect your data with industry-standard measures: TLS 1.2+ for everything in transit, AES-256 at rest, row-level security on the database, short-lived auth tokens, mandatory two-factor authentication for staff accounts, and least-privilege access on production systems. We log access to personal data and review those logs quarterly.

No method is 100% secure. If we ever become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the competent supervisory authority within 72 hours as required by Art. 33 GDPR.

11. Cookies & analytics

We use cookies and similar technologies for three purposes only:

  • Strictly necessary— session cookies that keep you signed in and protect against cross-site request forgery. These cannot be disabled.
  • Preferences— remembering your workspace, theme and language choices.
  • Product analytics— aggregated, privacy-preserving page-view and event counts via Vercel Analytics. We do not use cross-site tracking pixels, advertising cookies, or third-party retargeting.

12. Children

Adtelie is a B2B product not directed at children. We do not knowingly process personal data of anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

13. Changes to this policy

We may update this policy as the product or the law evolves. When we make material changes, we will notify active users by email and post the new version on this page with an updated “Last updated” date at the top.

14. Contact

Questions, requests or complaints about this policy can be sent to hello@adtelie.comor by post to the address in §1.