Privacy Policy

Spy-Rival is the operator of the Services and acts as the data controller for the personal data described in this Policy that we collect to operate, provide, secure, and improve the Services — for example, your account details, billing information, and usage data. This means we determine how and why that personal data is processed, and we are responsible for it under the EU General Data Protection Regulation (GDPR) and applicable national data-protection law.

For questions about this Policy or to exercise your rights, contact us at the details in Section 15.

Rival is a competitor advertising intelligence tool. Its core function is to retrieve and analyze publicly available advertising data that advertising platforms (such as Meta, Google, TikTok, LinkedIn, Pinterest, and Snapchat) publish themselves through their official ad transparency libraries ("Public Ad Data").

Public Ad Data is information about advertisements and the brands running them — it is business and marketing information, not personal data that we solicit from you about yourself. Where Public Ad Data incidentally contains personal data (for example, the name of an individual who appears in or is named within an ad that an advertiser has chosen to make public), we process it only to provide the analytical Services, on the basis of our legitimate interest in operating a competitive-intelligence tool over already-public advertising material, and in a manner consistent with applicable law. This Privacy Policy primarily concerns the personal data of you, our users — not the contents of the public ads you analyze.

We do not knowingly collect special categories of sensitive personal data (such as health, biometric, or government-identifier data) about our users, and you should not submit such data to the Services.

We use personal data only where we have a lawful basis to do so under the GDPR. The purposes and corresponding legal bases are:

• To provide the Services — creating and managing your account, delivering the platform's features, and retrieving and analyzing the competitors you track. Legal basis: performance of our contract with you.
• To process payments, billing, and renewals — charging your payment method, issuing invoices, handling refunds, and preventing payment fraud. Legal basis: performance of our contract; compliance with legal obligations (e.g., tax/accounting); and our legitimate interests in preventing fraud.
• To operate, secure, troubleshoot, and improve the Services — monitoring performance, diagnosing problems, ensuring security and quality, and developing new features. Legal basis: our legitimate interests in running and improving a reliable, secure service.
• To communicate with you — sending service-related messages (such as your weekly digest, account notices, security alerts, and policy updates) and responding to your enquiries. Legal basis: performance of our contract and our legitimate interests in supporting you.
• To send marketing communications — where permitted, telling you about features, offers, or related products. Legal basis: your consent where required, or our legitimate interests in marketing to existing customers. You can opt out at any time (see Section 9).
• To comply with law and protect rights — meeting legal and regulatory obligations, enforcing our Terms, and establishing, exercising, or defending legal claims. Legal basis: compliance with legal obligations and our legitimate interests in protecting our business and users.

Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may ask us about this assessment using the contact details in Section 15.

The Services use automated systems and artificial intelligence to analyze Public Ad Data and produce insights (such as angle classification, funnel-stage tagging, activity scores, and recommendations). This automated processing operates on advertising data and account/usage data; it does not make decisions that produce legal or similarly significant effects about you as an individual. We may use aggregated and de-identified data derived from use of the Services to improve our models and the Services, as described in Section 6.

We may create aggregated, anonymized, or de-identified data from personal data and usage data — data that does not identify you or any individual. This may include statistics about how the Services are used, performance metrics, and analytical benchmarks. Such data is not personal data, and we may use and share it for any lawful purpose, including improving and promoting the Services. We will not attempt to re-identify de-identified data.

We do not sell your personal data. We share personal data only as described below:

• Service providers (processors) — trusted third parties that perform services on our behalf, such as cloud hosting and infrastructure, payment processing, the scraping/data-retrieval infrastructure that powers the Services, AI/LLM providers used for analysis, email delivery, error monitoring, and analytics. These providers are bound by contracts requiring them to protect personal data and use it only as we instruct.
• Legal and safety — regulators, law-enforcement, courts, or other authorities where required by law or where reasonably necessary to comply with a legal obligation, enforce our Terms, or protect the rights, property, or safety of Rival, our users, or others.
• Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which case personal data may be transferred subject to this Policy.
• With your direction or consent — where you ask us to share information or otherwise agree to it.

We may engage sub-processors to deliver the Services. You may request information about the categories of sub-processors we use by contacting us at the details in Section 15.

We use cookies and similar technologies on the Website to keep you logged in, remember your preferences, keep the Service secure, and understand how the Service is used so we can improve it. Some cookies are strictly necessary for the Service to function; others are used for analytics or preferences.

Where required by law, we will ask for your consent before setting non-essential cookies. You can manage or block cookies through your browser settings, but some features of the Service may not work properly if you do. For more detail, see our Cookie Policy, or contact us.

We do not currently respond to browser "Do Not Track" signals, as there is no common industry standard for them.

If we send you marketing emails, you can opt out at any time by using the unsubscribe link in the email or by contacting us. Opting out of marketing does not stop service-related messages that are necessary to operate your account (such as billing notices, security alerts, or important changes to the Services).

We are based in the European Union, and we aim to store and process personal data within the European Economic Area (EEA) where practicable. However, some of our service providers may process personal data outside the EEA, including in the United States.

Where we transfer personal data outside the EEA to a country that has not been recognized by the European Commission as providing an adequate level of protection, we put appropriate safeguards in place, such as the European Commission's Standard Contractual Clauses, together with any additional measures required to protect the data. You may request more information about these safeguards using the contact details in Section 15.

We retain personal data for as long as your account is active and for as long as reasonably necessary to: provide the Services; comply with our legal, tax, and accounting obligations; resolve disputes and enforce our agreements; and establish, exercise, or defend legal claims.

When personal data is no longer needed for these purposes, we will securely delete it or anonymize it. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except for any data we are required or permitted to retain by law or for the legitimate purposes described above (for example, billing records kept for tax compliance, or limited backup copies retained for a short period before secure deletion).

If you are in the EEA, the United Kingdom, or another jurisdiction granting equivalent rights, you have the following rights in relation to your personal data, subject to conditions and exceptions under applicable law:

• Access — to be told whether we process your personal data and to receive a copy of it.
• Rectification — to have inaccurate or incomplete personal data corrected.
• Erasure — to have your personal data deleted in certain circumstances (the "right to be forgotten").
• Restriction — to ask us to limit how we use your personal data in certain circumstances.
• Objection — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
• Portability — to receive certain personal data you provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
• Withdraw consent — where we rely on your consent, to withdraw it at any time, without affecting processing already carried out.
• Lodge a complaint — to complain to a data protection supervisory authority. If you are in Lithuania, this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija); you may also contact the authority in your country of residence.

To exercise any of these rights, contact us using the details in Section 15. We may need to verify your identity before acting on a request. We will respond within the time required by applicable law (generally one month, extendable where permitted). We do not charge a fee for handling a request unless it is manifestly unfounded or excessive.

The Services are intended for businesses and professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us, and we will take appropriate steps to delete it.

Security. We maintain reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.

Breach notification. If we become aware of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected individuals, within the timeframes required by applicable law.

Third-party links. The Website and Services, including landing-page previews and links derived from Public Ad Data, may link to third-party websites we do not control. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

To contact us about this Privacy Policy, or to exercise any of your rights, reach us at:

• Spy-Rival
• Website: spy-rival.com
• Email: hello@spy-rival.com

Please include enough detail for us to understand and respond to your request. We may ask you to verify your identity before we act on it.

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by email or by posting a notice within the Service or on spy-rival.com, and we will update the "Last updated" date above. We will not use your personal data in a materially different way than stated at the time of collection without an appropriate legal basis or, where required, your consent. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy, to the extent permitted by law.