Privacy Policy
Last updated: April 8, 2026
Effective date: April 15, 2026
1. Information We Collect
1.1 Information You Provide
When you create an account, we collect your name, email address, and password. When you subscribe to a paid plan, we collect billing information through our payment processor Stripe. We also collect any content you voluntarily submit, such as product URLs, ad scripts, and uploaded media assets.
1.2 Information Collected Automatically
When you use the Service, we automatically collect: device information (browser type, operating system), IP address, usage data (pages visited, features used, timestamps), cookies and similar tracking technologies, and log data (server logs, error reports).
1.3 Information from Third Parties
We may receive information from third-party services you connect to Phanes, such as product data from URLs you provide for ad generation. We also receive payment confirmations from Stripe.
2. How We Use Your Information
We use the information we collect to: provide, maintain, and improve the Service; process transactions and send related information; generate AI-powered ad content based on your inputs; send technical notices, updates, and support messages; respond to your comments, questions, and customer service requests; monitor and analyze trends, usage, and activities; detect, investigate, and prevent fraudulent transactions and abuse; and personalize and improve your experience.
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data based on the following legal grounds: (a) Contract performance — to provide the Service you requested; (b) Legitimate interests — to improve our Service, prevent fraud, and ensure security; (c) Consent — for optional features like marketing communications; (d) Legal obligation — to comply with applicable laws and regulations.
4. Data Sharing and Disclosure
4.1 Service Providers
We share data with third-party service providers who assist us in operating the Service: Google Cloud Platform (infrastructure and AI services including Veo and Gemini), Stripe (payment processing), Firebase (authentication and database), and analytics providers. These providers are contractually obligated to protect your data.
4.2 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Phanes, our users, or others.
4.3 No Sale of Personal Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we retain certain data for up to 30 days for backup purposes, and may retain anonymized usage data for analytics. Financial records are retained as required by applicable tax and accounting laws (typically 7-10 years).
6. Your Privacy Rights
6.1 GDPR Rights (EEA Users)
If you are in the European Economic Area, you have the right to: access your personal data; rectify inaccurate data; erase your data (right to be forgotten); restrict processing of your data; object to processing; data portability; withdraw consent at any time; and lodge a complaint with your local data protection authority.
6.2 CCPA Rights (California Residents)
If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal data); and non-discrimination for exercising your privacy rights.
6.3 Exercising Your Rights
To exercise any of these rights, contact us at deniz.sertkan@code.berlin. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
7. Cookies and Tracking Technologies
We use essential cookies required for the Service to function (authentication, session management, security). We use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent parts of the Service from functioning properly.
8. Data Security
We implement industry-standard security measures to protect your data, including: encryption in transit (TLS/SSL) and at rest; secure authentication via Firebase Auth; regular security audits; access controls and least-privilege principles; and secure payment processing through PCI-compliant Stripe. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
9. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will promptly delete it. If you believe we have collected information from a child under 16, please contact us at deniz.sertkan@code.berlin.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States and Germany, where our servers and service providers are located. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated Privacy Policy.
12. Contact Information
If you have any questions about this Privacy Policy or our data practices, please contact us at: Email: deniz.sertkan@code.berlin Address: Abram-Joffe-Strasse 18, 12489 Berlin, Germany Data Protection Officer: deniz.sertkan@code.berlin