Privacy Policy
Effective Date: February 26, 2026
Catch It First ("we," "us," or "our") operates the Catch It First web application (the "Service"). This Privacy Policy explains how we collect, use, store, and share information when you use our Service.
1. Information We Collect
Account Information
When you create an account, we collect your name and email address through our authentication provider, Clerk.
Ad Platform Data
When you connect your advertising accounts (Meta/Facebook), we collect:
- OAuth access tokens and refresh tokens (stored encrypted)
- Ad account identifiers
- Ad creative content, including headlines, descriptions, body text, display URLs, destination URLs, and call-to-action text
- Campaign names and identifiers
- Ad creative images submitted for text extraction and verification
User-Generated Content
We store custom word lists (whitelists and blacklists) you create, verification run history, and flagged word results.
Technical Data
We collect error logs and performance data for service reliability, and rate-limiting information to prevent abuse.
2. How We Use Your Information
- To provide the Service: syncing your ads, verifying ad copy against word lists and dictionaries, and generating compliance reports.
- To authenticate your identity and secure your account.
- To monitor, diagnose, and fix technical issues.
- To enforce rate limits and prevent abuse.
- To extract and verify text from ad creative images using optical character recognition (OCR).
- We do not use your ad data to build advertising profiles, target ads, or provide data to advertisers.
- We do not share your company-specific ad verification results with other users or third parties.
- Ad creative images sent for OCR processing are transmitted to Google Cloud Vision API for text extraction only and are not retained by Google or used for any other purpose.
3. How We Store and Protect Your Information
All data is stored in a Supabase-hosted PostgreSQL database with row-level security policies ensuring you can only access your own data. OAuth tokens are encrypted at rest using AES-256-GCM. We enforce HTTPS and apply security headers including Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options.
4. Third-Party Services
We use the following third-party services to operate:
- Clerk — authentication and user management.
- Supabase — database hosting and storage.
- Upstash Redis — rate limiting.
- Sentry — error tracking and performance monitoring.
- Meta (Facebook) Graph API — to read your Meta ad creatives.
- Google Cloud Vision API — to extract text from ad creative images for verification.
Each third-party service processes data in accordance with its own privacy policy. We encourage you to review those policies.
5. Data Sharing
We do not sell, rent, or trade your personal information. We do not share your ad content, account data, or verification results with any advertisers, ad platforms, or other third parties beyond the service providers listed above that are necessary to operate the Service. Your data is never used to inform, target, or optimize advertising for any third party. We may use anonymized, aggregated data that cannot be used to identify any individual user or company for purposes such as improving the Service or producing industry insights.
6. Data Retention and Deletion
We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon account deletion, we will remove your personal data, ad data, word lists, and verification history from our systems.
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, withdraw consent for data processing, or request a copy of your data. To exercise any of these rights, contact us at the email below.
8. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.
10. Contact Us
If you have questions about this Privacy Policy, contact us at: support@catchitfirst.com