Legal
Privacy Policy
Last updated: May 15, 2026
1. Introduction
Gapscout ("we", "our", or "us") operates the Gapscout platform available at https://gapscout.ai. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.
By accessing or using Gapscout, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the service.
2. Information We Collect
Account information
When you sign up we collect your name, email address, and profile picture through our authentication provider (Clerk). We do not store passwords directly.
Connected platform credentials
When you connect an ad platform (Meta, Google Ads, TikTok, Snapchat, LinkedIn, Pinterest, or X), we receive and store OAuth access tokens and refresh tokens on your behalf. These tokens are encrypted at rest using AES-256 encryption and are used solely to perform actions you explicitly request within Gapscout.
Ad account data
To power campaign management and reporting features, we fetch data from your connected ad accounts including campaign names, ad performance metrics (impressions, clicks, spend, conversions), and account identifiers. This data is stored to provide historical reporting and is not sold or shared with third parties.
Uploaded content
Images and creative assets you upload (product photos, brand logos) are stored securely via Vercel Blob storage and are used only to generate ad creative on your behalf.
Usage data
We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for security monitoring and service improvement. We do not use this data for advertising purposes.
Analytics cookies (Google Analytics 4)
With your consent, we use Google Analytics 4 to measure aggregate site usage — pages viewed, time on page, referral source, and approximate location (country / region). Google Analytics sets first-party cookies that contain a randomly generated client identifier; IP addresses are anonymized before storage. No tracking happens until you accept via the cookie banner on your first visit; if you decline, no analytics cookies are set and only cookieless pings (with no identifier) are sent to Google. You can change your choice at any time by clearing your browser's storage for this site or by contacting us.
3. How We Use Your Information
- To provide, operate, and improve the Gapscout platform
- To authenticate you and maintain your session
- To connect to your ad platform accounts and perform actions on your behalf
- To generate AI-assisted ad creative and copy using Anthropic's Claude API
- To generate AI images using Fal AI on your behalf
- To display cross-platform ad performance reports
- To send transactional emails related to your account (e.g. billing, security alerts)
- To comply with legal obligations
We do not sell your personal data or use it to serve you third-party advertisements.
4. Third-Party Services
Gapscout integrates with the following third-party services to deliver its functionality. Each service operates under its own privacy policy:
We only request the minimum OAuth scopes necessary to perform the actions you initiate. You can revoke Gapscout's access at any time through each platform's own settings page.
5. Data Retention
We retain your account data and connected platform tokens for as long as your account is active. Ad performance snapshot data is retained for up to 24 months to support historical reporting. Uploaded creative assets are retained until you delete them or close your account.
When you delete your account, we delete or anonymize all personal data within 30 days, except where we are required by law to retain it longer.
6. Data Security
We implement industry-standard security measures including:
- AES-256 encryption of OAuth tokens at rest
- TLS 1.2+ encryption for all data in transit
- Role-based access controls — your data is scoped to your user account
- No storage of ad platform passwords — access is OAuth token-based only
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Data portability (receive your data in a machine-readable format)
- Withdraw consent at any time where processing is consent-based
To exercise any of these rights, contact us at ads@gapscout.ai. We will respond within 30 days.
8. Children's Privacy
Gapscout is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. International Data Transfers
Gapscout is operated from the United States. If you are accessing the service from outside the US, your data may be transferred to and processed in the US. By using Gapscout you consent to this transfer. We rely on standard contractual clauses and other appropriate safeguards for transfers from the EEA, UK, or Switzerland.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or by a prominent notice within the app. Continued use of Gapscout after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: