Coming SoonJoin our Discord
FeaturesAboutContact
Legal

Privacy Policy

Last updated: 1 April 2026

Contents

01Introduction02Information We Collect03Generated Content & Images04Lawful Basis05How We Use Your Data06Data Storage & Infrastructure07Data Sharing08Data Retention09Data Security10Your Rights11Children's Privacy12Contact Us

Section 01

Introduction

Adchemy Ltd ("Adchemy", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

This policy applies to all users of the Adchemy platform, including the website at adchemy.com, the dashboard, and all associated services. By using our platform, you agree to the practices described in this policy.

We are registered in England and Wales and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Section 02

Information We Collect

We collect the following categories of personal data when you register and use Adchemy:

Account information

Email addressCollected at registration, used for authentication and communications
UsernameChosen by you at registration, displayed in your dashboard
User ID (UID)A unique identifier assigned by our authentication system (Supabase)
PasswordStored as a secure hash — we never store your plain-text password
Account statusWhether your account is active, suspended, or deleted
Suspension reasonIf your account is suspended, the reason is stored for transparency

Usage & activity data

Credits balanceYour current credit balance and transaction history
Credits usedNumber of credits consumed per generation
Joined dateThe date and time your account was created
Last loginThe date and time of your most recent sign-in
Generation countTotal number of ad creatives you have generated

Technical data

Session tokensAuthentication cookies set by Supabase to keep you signed in
IP addressMay be logged by our infrastructure for security purposes
Browser/deviceBasic device information may be collected by our hosting provider

Section 03

Generated Content & Images

When you use Adchemy to generate ad creatives, we store the following data associated with each generation:

Prompt textThe description you provided for the ad creative
Uploaded imageAny product image you uploaded is sent to Google's Gemini API for processing
Generated imageThe output image is stored in our Supabase Storage bucket
DimensionThe aspect ratio selected (e.g. 1:1, 16:9)
QualityThe resolution selected (2K, 4K, 8K)
Credits usedHow many credits were consumed for the generation
TimestampThe date and time the generation was created

Third-party AI processing: Your prompts and uploaded images are sent to Google's Gemini API (Nano Banana 2 model) for image generation. Google processes this data in accordance with their own privacy policy and terms of service. We do not store your uploaded product images beyond the duration of the API request.

Generated images are stored in a private Supabase Storage bucket and are only accessible to you. You can delete your generated images at any time from your Library.

Section 04

Lawful Basis for Processing

We process your personal data on the following lawful bases under UK GDPR:

ContractProcessing necessary to provide the Adchemy service you have signed up for
Legitimate interestsSecurity monitoring, fraud prevention, and platform improvement
Legal obligationCompliance with applicable laws and regulations
ConsentOptional analytics and marketing cookies, where you have given consent

Section 05

How We Use Your Data

We use your personal data for the following purposes:

  • Creating and managing your Adchemy account
  • Authenticating your identity when you sign in
  • Processing your ad generation requests via the Gemini API
  • Tracking and deducting credits for each generation
  • Storing your generated ad creatives in your Library
  • Displaying your account statistics (credits, join date, last login)
  • Sending transactional emails (e.g. email verification, password reset)
  • Enforcing our Terms of Service, including account suspension
  • Detecting and preventing fraud, abuse, and security threats
  • Improving the platform based on aggregated, anonymised usage data

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects.

Section 06

Data Storage & Infrastructure

Adchemy uses the following third-party infrastructure providers to store and process your data:

SupabaseAuthentication, database (PostgreSQL), and file storage. Data hosted in the EU (AWS eu-west-2)
Google Gemini APIAI image generation. Prompts and uploaded images are processed by Google
VercelWeb hosting and serverless functions. May process request metadata

All data stored in Supabase is encrypted at rest and in transit. Access is controlled via Row Level Security (RLS) policies — you can only access your own data.

Section 07

Data Sharing

We share your data only in the following limited circumstances:

  • Google (Gemini API): Your prompts and uploaded images are sent to Google for AI processing. Google is a data processor acting on our behalf.
  • Supabase: Your account data and generated images are stored on Supabase infrastructure.
  • Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of Adchemy or others.

We do not share your personal data with advertisers, data brokers, or any other third parties for commercial purposes.

Section 08

Data Retention

Account dataRetained for as long as your account is active
Generated imagesStored until you delete them from your Library, or your account is deleted
Generation recordsPrompt text, settings, and metadata retained with your account
Deleted accountsData deleted within 30 days of account deletion request
Suspended accountsData retained for up to 90 days after suspension for legal compliance

You can request deletion of your account and all associated data at any time by contacting us at privacy@adchemy.com.

Section 09

Data Security

We implement the following security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
  • Passwords are hashed using industry-standard algorithms — never stored in plain text
  • Database access is controlled via Row Level Security (RLS) — users can only access their own data
  • Authentication tokens are managed by Supabase with automatic session expiry
  • Generated images are stored in private storage buckets, inaccessible to other users
  • API keys and secrets are stored as environment variables, never exposed to the client

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@adchemy.com.

Section 10

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of accessRequest a copy of all personal data we hold about you
Right to rectificationRequest correction of inaccurate or incomplete data
Right to erasureRequest deletion of your personal data ('right to be forgotten')
Right to restrictionRequest that we limit how we process your data
Right to portabilityReceive your data in a structured, machine-readable format
Right to objectObject to processing based on legitimate interests
Right to withdraw consentWithdraw consent for optional processing (e.g. analytics cookies) at any time

To exercise any of these rights, contact us at privacy@adchemy.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Section 11

Children's Privacy

Adchemy is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has registered an account, please contact us at privacy@adchemy.com and we will delete the account promptly.

Section 12

Contact Us

For any privacy-related queries, data requests, or concerns:

Email: privacy@adchemy.com

Security issues: security@adchemy.com

Post: Data Protection, Adchemy Ltd, London, United Kingdom