Privacy Policy

Last updated: April 19, 2026

Overview

Lictor ("we", "our", "the app") is an advertising management platform that helps sellers create and manage ad campaigns across multiple advertising platforms. This policy explains how we collect, use, and protect your information.

Information We Collect

Account information

• Email address and name (provided during sign-up).
• Authentication credentials managed by Supabase Auth.

Product information

• Product photos, titles, descriptions, and pricing you upload to create ad campaigns.
• AI-generated ad creatives based on your product photos.

Platform credentials

• OAuth access and refresh tokens for connected advertising platforms (Facebook, Instagram, TikTok, Pinterest, Google Ads, Snapchat, Reddit, X, Microsoft Ads, Amazon Ads).
• Tokens are encrypted at rest with AES-256-GCM and used solely to manage ad campaigns on your behalf.

Ad campaign data

• Campaign configurations, targeting settings, and budgets.
• Performance metrics (impressions, clicks, spend, reach) synced from connected platforms.

Payment information

• Stripe customer and Stripe Connect account identifiers for purchases and payouts.
• We do not store credit card numbers — all payment processing is handled by Stripe.

How We Use Your Information

• Ad campaign management: creating, publishing, pausing, and optimizing campaigns on your connected platforms.
• AI creative generation: using your product photos and briefs to generate ad creatives via AI models.
• Performance analytics: displaying campaign metrics and insights in your dashboard.
• Account management: authenticating your identity and managing your preferences.

Third-Party Services

We integrate with the following services:

• Supabase — database, authentication, storage
• Stripe — payment processing, Connect payouts
• Meta, TikTok, Pinterest, Google, Snapchat, Reddit, X, Microsoft, Amazon — ad campaign management APIs
• Google Vertex AI / Gemini, Anthropic Claude, Fal.ai — AI-powered creative generation
• Railway, Vercel — application hosting

Each third-party service has its own privacy policy. We share only the minimum data necessary for each service to function.

Data Storage and Security

• All data is stored in Supabase (hosted on AWS).
• Platform access tokens are encrypted at rest using AES-256-GCM.
• All network communication uses HTTPS/TLS.
• Server-side access to tokens is audit-logged.
• We do not sell your personal information to third parties.

Data Retention

• Account data is retained while your account is active.
• You may delete your account and all associated data at any time from Settings → Account.
• Campaign data and metrics are retained for analytics while your account is active.

Your Rights

You have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your account and data.
• Export your data.
• Revoke platform connections at any time through Settings.

Contact

For privacy-related questions or data requests, contact us at privacy@getlictor.com.

Changes

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.