Privacy Policy
Last updated: 13 May 2026
admeistr ("admeistr", "we", "us") provides multi-tenant marketing analytics for agencies and in-house brand teams. This policy describes what we collect, why, how we store it, who processes it on our behalf, and what choices you have. By creating an account or using the service, you agree to this Policy.
1. Who controls your data
You control your customers' data. When you upload campaign data, brand assets, or content into a workspace, you remain the data controller for any personal data it contains. admeistr is the data processor.
We control your account data. Name, email, login credentials, and audit logs of your activity on admeistr are processed by us to operate the service.
2. What we collect
Account information
- Name, email address, hashed password (or OAuth identity if you sign in with Google).
- Workspace and organisation membership; permission levels; brand-approver grants.
- Profile picture and display name, if you provide them.
Workspace content
- Campaign data you upload (CSVs from Meta, Google, TikTok and similar ad platforms).
- Media plans, brand profiles, content calendars, AI-generated reports.
- Files you upload (brand guidelines PDFs, logos, sample creatives).
Operational telemetry
- Server logs (timestamp, route, HTTP status, IP truncated to /24 for IPv4).
- Authentication events (sign-in, sign-out, failed attempts).
- AI agent usage metrics (model used, token counts, cost per generation) for billing and quality monitoring.
What we don't collect
- Payment-card details. If we add paid plans, payments are processed by a PCI-DSS compliant provider and we never store full card numbers.
- Browser fingerprinting beyond what's needed for session continuity.
- Cross-site tracking cookies for advertising.
3. How we use it
- To operate the platform: render dashboards, run reports, send invites, deliver emails.
- To enforce permissions: workspace membership, brand-approver grants, content access.
- To provide AI features: brand profiles, generated reports, content drafts.
- To debug, monitor, and secure the platform: logs, error reports, abuse detection.
- To communicate transactional notices (invites, approvals, security alerts).
We do not sell your data. We do not use your workspace content to train third-party foundation models, beyond the per-request use described under "AI features" below.
4. Sub-processors
admeistr uses these third-party services to operate. Each is bound by an appropriate contract; brief role:
| Service | Role | Region |
|---|---|---|
| Supabase | Postgres database + authentication + file storage | EU/US (depends on project) |
| Railway | Backend application hosting | US |
| Vercel | Frontend application hosting + CDN | Global edge |
| Anthropic | AI inference for report and content agents (Claude family) | US |
| Resend | Transactional email delivery | US |
| OAuth sign-in (if you choose it) | Global |
We will update this table when sub-processors change. Material changes are emailed to workspace owners ahead of switch-over.
5. AI features
When you use the Report Agent or Content Agent, the relevant context (brand profile, campaign data summaries, document excerpts) is sent to Anthropic's API to generate output. Anthropic processes this data under their commercial API terms; per those terms, your data is not used to train their models.
Generated output is stored in your workspace until you delete it. Token counts and cost per run are logged for billing and monitoring.
6. International transfers
Some of our sub-processors are based in the United States. Where we transfer personal data outside its origin region, we rely on appropriate safeguards (e.g. Standard Contractual Clauses). Specific mechanisms vary by sub-processor.
7. Retention
- Account data: kept while your account is active and for 12 months after deletion to satisfy legal and accounting obligations, then permanently deleted.
- Workspace content: kept while your workspace is active. Owners may delete it at any time via the UI; on deletion, backups containing the data are purged within 30 days.
- Logs: 90 days rolling.
- Audit trails (uploads, approvals): retained for the lifetime of the workspace.
8. Your rights
Depending on where you live (GDPR, CCPA, etc.), you may have rights to access, correct, export, or delete the personal data we hold about you. To exercise these rights, email privacy@admeistr.com. We respond within 30 days.
9. Security
- All traffic is encrypted in transit (TLS 1.2+).
- Data at rest is encrypted via the underlying cloud providers (Supabase / Vercel).
- Passwords are hashed using bcrypt at the auth provider.
- Workspace isolation is enforced at the API and database query layers; every
permissioned endpoint scopes by
(organization, workspace). - Approval gates (brand approvers, workspace admins) prevent unauthorised changes to approved artefacts.
10. Children
admeistr is a B2B platform. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We will post any material change here with a revised "Last updated" date and email workspace owners. Continued use after the change date is acceptance.
12. Contact
Questions or requests: privacy@admeistr.com.