Privacy Policy

EFFECTIVEApril 19, 2026·LAST UPDATEDApril 19, 2026

shipads (“shipads,” “we,” “us”) rasterizes designs exported from Claude Design into platform-ready ad creatives. This policy explains what we collect, why we collect it, who we share it with, and how you can control it.

TL;DR. We store your email and plan state. We process the design bundles you upload only long enough to render them — the extracted files auto-delete when the job finishes. We don't train AI on your content. We don't sell data. We use Stripe for payments (they hold the card data, not us), Supabase for the database, and Vercel to host the app.

1. Who we are

shipads is operated by the entity identified at the bottom of this page. You can reach us at privacy@shipads.app for any privacy question or request.

2. Information we collect

Information you give us

Account info: your email address (used as your login identifier via magic link) and the plan you select.
Billing info: when you subscribe to a paid plan, Stripe collects your payment details directly. We never see or store card numbers. We do store a Stripe customer ID and subscription metadata (plan, seat count, renewal date, status) so we can show it to you and gate features.
Uploaded content: the Claude Design handoff bundles, .zip projects, or standalone .html files you provide via URL or direct upload.

Information collected automatically

Export metadata: for each successful export we record the number of ads rendered, total bytes, render duration, source type (URL or upload), and the export settings you chose (format, scale, naming, structure). We do not store the rendered images themselves, the source HTML, or the original bundle contents.
Server logs: like most web services, our hosting provider (Vercel) records basic request metadata — IP address, user-agent string, timestamps, error traces — for security and debugging. These logs are retained for a rolling window (typically 30 days) and then rotated.
Session cookies: see the Cookies section below.

What we don't do with your content

We don't train models on your designs.
We don't share exported images or bundles with third parties.
We don't retain your source HTML, assets, or rendered PNGs/JPGs beyond the render job. Temp directories are deleted when the export finishes or fails.

3. How we use your information

To provide the service: authenticate you, render your designs, deliver the zip.
To meter the free tier and gate paid features against your plan.
To process subscription payments via Stripe and keep your plan in sync.
To send service emails: magic-link sign-in, billing receipts, and critical service notices (e.g. a planned outage). We do not send marketing email without your opt-in.
To debug and improve the service (aggregate usage trends, not individual monitoring).
To comply with legal obligations.

4. Subprocessors and third parties

We rely on a small number of vendors to operate shipads. Each is bound by their own privacy and security commitments:

Supabase (auth + database) — stores your email, plan state, and export metadata. Privacy.
Stripe (payments) — handles all card data and subscription billing. We receive only an opaque customer ID and subscription status. Privacy.
Vercel (hosting + serverless functions) — runs the application and export engine. Privacy.
Resend (transactional email) — delivers your magic-link sign-in emails from m.shipads.app. Privacy.
Anthropic — when you paste a Claude Design handoff URL, our server fetches the bundle from api.anthropic.com on your behalf. We do not share your shipads account identity with Anthropic in that request.

5. Cookies

We use a small number of first-party cookies, all strictly necessary for the service:

sb-<project>-auth-token.* — Supabase auth session cookies. HTTP-only, secure, SameSite=Lax. Required to keep you signed in.

We do not use advertising, tracking, or analytics cookies at this time. If that changes, we'll update this policy and, where required, ask for your consent.

6. Data retention

Uploaded bundles and rendered output: deleted as soon as the export job finishes (or fails). Nothing persists.
Account data (email, plan): retained while your account exists. Deleted within 30 days of you requesting account deletion.
Export metadata: retained while your account exists. You can request deletion at any time.
Billing records: invoices are retained as long as required by tax and accounting law (typically 7 years), stored in Stripe.

7. Your rights

Depending on where you live, you may have some or all of the following rights:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and associated data (right to be forgotten).
Export your data in a portable format.
Object to certain processing, or withdraw consent where we rely on it.
Lodge a complaint with your local data protection authority (EEA/UK residents).

To exercise any of these rights, email us at privacy@shipads.app. We'll respond within 30 days.

8. Security

We take reasonable measures to protect your information: TLS on all network traffic, row-level security in the database, least-privilege access to production systems, signed Stripe webhooks, and an admin key held only by our server. No system is 100% secure — if you believe your account has been compromised, email us immediately at security@shipads.app.

9. International data transfers

Our subprocessors may store data in the United States or other jurisdictions. Where required (e.g. transfers out of the EEA), we rely on the vendors' standard contractual clauses or equivalent mechanisms.

10. Children

shipads is not intended for anyone under 18. We don't knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

11. Changes to this policy

We may update this policy from time to time. When we do, we'll update the “Last updated” date above. Material changes will be announced via email to active account holders at least 14 days before they take effect.

12. Contact

Privacy questions or requests: privacy@shipads.app.
Security issues: security@shipads.app.
Everything else: hello@shipads.app.