Privacy Policy

Effective Date: February 26, 2026

Catch It First ("we," "us," or "our") operates the Catch It First web application (the "Service"). This Privacy Policy explains how we collect, use, store, and share information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider, Clerk.

Ad Platform Data

When you connect your advertising accounts (Meta/Facebook), we collect:

  • OAuth access tokens and refresh tokens (stored encrypted)
  • Ad account identifiers
  • Ad creative content, including headlines, descriptions, body text, display URLs, destination URLs, and call-to-action text
  • Campaign names and identifiers
  • Ad creative images submitted for text extraction and verification

User-Generated Content

We store custom word lists (whitelists and blacklists) you create, verification run history, and flagged word results.

Technical Data

We collect error logs and performance data for service reliability, and rate-limiting information to prevent abuse.

2. How We Use Your Information

3. How We Store and Protect Your Information

All data is stored in a Supabase-hosted PostgreSQL database with row-level security policies ensuring you can only access your own data. OAuth tokens are encrypted at rest using AES-256-GCM. We enforce HTTPS and apply security headers including Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options.

4. Third-Party Services

We use the following third-party services to operate:

Each third-party service processes data in accordance with its own privacy policy. We encourage you to review those policies.

5. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your ad content, account data, or verification results with any advertisers, ad platforms, or other third parties beyond the service providers listed above that are necessary to operate the Service. Your data is never used to inform, target, or optimize advertising for any third party. We may use anonymized, aggregated data that cannot be used to identify any individual user or company for purposes such as improving the Service or producing industry insights.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Upon account deletion, we will remove your personal data, ad data, word lists, and verification history from our systems.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, withdraw consent for data processing, or request a copy of your data. To exercise any of these rights, contact us at the email below.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: support@catchitfirst.com