Privacy Policy

Who We Are

Mediacrater is a Chrome extension that scans video and image ads for policy violations across platforms including Meta, TikTok, YouTube, Pinterest, and X. We are operated as Mediacrater and can be reached at hello.mediacrater@gmail.com.

What Data We Collect

We collect only what is necessary to operate the service. Below is a complete list of the data we collect, why we collect it, and how it is stored.

Account Data (unencrypted)

• Email address — collected at registration to identify your account and communicate with you about your service. Stored securely via Supabase.
• Token balance — the number of scan tokens available on your account. Updated after each scan and each purchase. Stored via Supabase.
• Purchase records — when you make a purchase, we store the session ID, number of tokens purchased, and purchase amount. This is used to credit your account correctly and to support refund requests. Stored via Supabase.
• Scan metadata — when you run a scan, we log the timestamp, tokens consumed, platform selected, content type (video or image), and analysis duration. No ad content, video files, or images are ever stored. This data is used solely to diagnose technical issues and to evaluate refund requests. Stored via Supabase.

Account Data (encrypted)

• Password — your password is encrypted using Supabase's authentication system. We cannot view, access, or modify your password at any time.
• Authentication tokens — session tokens used to keep you logged in are stored locally on your device via Chrome's secure storage API. They are never transmitted to or stored on our servers beyond what Supabase requires for session management.

Payment Data

• Credit card and billing information — all payment processing is handled exclusively by Stripe. We never receive, store, or have access to your card details. Stripe is PCI-DSS compliant and maintains its own security standards.
• Purchase and transaction records — retained for 6 years from the end of the tax year in which the transaction occurred, as required by the Canada Revenue Agency for tax and accounting compliance. This applies even if you delete your account.

Creative Assets (video and image files)

• Video and image files — files you submit for scanning are transmitted to our servers solely for policy analysis. They are permanently and automatically deleted the moment your scan results are returned to the extension. We do not store, retain, review, or use your creative assets for any purpose beyond the scan you requested.

How We Use Your Data

• To authenticate you and maintain your account session
• To scan your ad content and return a policy compliance report
• To manage your token balance accurately across purchases and scans
• To process payments and evaluate refund requests
• To diagnose technical issues using anonymised scan metadata
• To improve Mediacrater's accuracy and features over time
• To respond to support requests sent to our email

Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Data is shared only with the third-party service providers listed below, and only to the extent necessary to operate the service.

Third-Party Services

We use the following third-party services to operate Mediacrater:

• Supabase — user authentication, account data storage, and database management. Supabase stores your email, token balance, purchase records, and scan metadata on our behalf.
• Stripe — payment processing. Stripe handles all credit card and billing data. We do not store payment details.
• Hostinger — server infrastructure. Your ad files pass through our Hostinger-hosted server for scanning and are immediately deleted after results are returned.
• Netlify — website hosting and infrastructure for mediacrater.com.
• Netlify Analytics — anonymous usage analytics for our website. No personally identifiable information is collected.
• OpenRouter — our analysis infrastructure routes content through OpenRouter for processing. Files are not retained by this provider beyond the duration of the request.

Each provider maintains their own privacy policies and security standards.

Data Retention

• Creative assets — deleted immediately and automatically after scan results are delivered.
• Account data — retained for as long as your account is active.
• Scan metadata — retained for as long as your account is active and used solely for diagnostics and refund evaluation.
• Purchase records — retained for as long as your account is active for billing and refund purposes.

You may request deletion of your account and all associated data at any time by emailing us.

Your Rights

You have the right to:

• Request a copy of the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Withdraw consent at any time by closing your account
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at hello.mediacrater@gmail.com.

We will action all valid deletion requests within a reasonable timeframe. We reserve the right to decline requests that are manifestly unfounded, repetitive, or made in bad faith, in accordance with applicable data protection law.

Cookies and Local Storage

We use only essential cookies and Chrome local storage required for authentication and session management. Your login session is stored locally on your device via Chrome's secure storage API. We do not use advertising, tracking, or analytical cookies within the extension.

Changes to This Policy

If we make material changes to this policy, we will update the effective date above and, where appropriate, notify you by email. Continued use of Mediacrater after changes constitutes acceptance of the updated policy.