// SECURITY_AND_PRIVACY

Your data, explained.

No policy wall. Here’s exactly what happens when you use The Ad Bench, in plain language.

// VIDEO_AND_IMAGES

Your files never leave your device.

When you upload a video, your browser extracts the keyframes (JPEG snapshots) locally. Only those compressed images are sent to our servers — the original file stays on your machine. We never receive your raw MP4.

If your video has a voiceover, the audio is sent to OpenAI Whisper for transcription. The audio stream is processed and discarded — it is not stored.

Images are downscaled to 1568px max before upload. Again, the original file never leaves your browser.

// TRACKING

No tracking pixels or ad cookies.

We use Google Analytics 4 for basic traffic measurement — IP addresses are anonymized, and GA4 only loads after you opt in via Privacy Choices in the footer. We honor the Global Privacy Control (GPC) signal to auto-disable analytics.

No Facebook Pixel — zero Meta tracking on this site.

No ad retargeting cookies — we don't place any cross-site advertising cookies.

No Mixpanel or Amplitude — no behavioral analytics beyond opt-in GA4.

No fingerprinting — we don't collect device fingerprints.

// SESSIONS

Signed, encrypted sessions.

When you sign in, we set a session cookie named tab_sess containing a signed JWT (HS256). The cookie is HttpOnly, Secure, and SameSite=Lax. JavaScript can’t read it. It expires after 30 days.

All traffic is TLS 1.2+ with HSTS preloading. The site enforces X-Frame-Options: DENY and a Content Security Policy on every response.

// DATA_RETENTION

Everything has an expiry.

Anonymous keyframes — auto-deleted after 24 hours.

Shared report links — expire after 1 year. You can delete them sooner from My Reports.

Account Value Score results — stored for 90 days.

Saved reports — kept until you delete them or close your account.

Your email address — kept until you request deletion. See Privacy for how.

You can delete individual reports from My Reports, or close your account entirely from the Danger Zone on your account settings page.

// AI_PROCESSING

Your ads go to Anthropic. Not for training.

Ad creative you submit is sent to Anthropic’s Claude API for analysis. Anthropic’s commercial API terms prohibit training on submitted data. We don’t use your ads to train any model.

Keyframes are stored on Vercel Blob at randomized, unguessable URLs — they are not publicly listed or indexed.

// SUB_PROCESSORS

Who handles your data.

Vercel — hosting, edge network, blob storage.

Upstash — Redis — stores sessions, reports, rate-limit state.

Anthropic — Claude API — ad analysis.

OpenAI — Whisper API — audio transcription (not stored).

Resend — transactional email (password reset, auth links).

Mailchimp — marketing email — only if you opt in.

Stripe — payment processing for Pro and Agency plans.

All sub-processors encrypt data at rest and in transit. Full details in the Privacy Policy.

// CONTACT

Security reports.

Found a vulnerability? Email security@theadbench.ai. We aim to respond within 48 hours. We don’t currently run a paid bug bounty, but we take every report seriously.

For general privacy requests (data export, deletion, correction), email legal@theadbench.ai or use the delete controls in your account.