Privacy Policy

1. Introduction

Digital Ad Archive, LLC (“Digital Ad Archive,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Digital Ad Archive website, platform, APIs, and related services (collectively, the “Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

A. Information You Provide

• Account information: Name, email address, and password when you create an account.
• Payment information: When you subscribe to a paid plan, payment is processed by Stripe, Inc. We do not store your credit card number, CVV, or full payment card details on our servers. We receive and store your Stripe customer ID, subscription status, and billing history.
• Profile information: Organization name, display name, or academic affiliation you optionally provide.
• Communications: Information you provide when you contact us via email, including DMCA notices and support requests.

B. Information Collected Automatically

• Usage data: Search queries, ad detail views, downloads, filter selections, pages visited, and feature usage. This data is tracked server-side for usage quota enforcement and service improvement.
• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Log data: Server logs that record requests to our Service, including timestamps, URLs accessed, and HTTP status codes.
• API usage data: For API subscribers, we log request endpoints, frequency, response times, and error rates.
• Forensic watermarks: Downloaded images may contain invisible digital watermarks that embed your account identifier. These watermarks are used solely for abuse prevention and to trace unauthorized redistribution of content.

C. Cookies and Similar Technologies

• Authentication tokens:Authentication tokens are stored in your browser’s local storage (via AWS Cognito) to maintain your login state across sessions. You can clear these by logging out or clearing your browser data.
• Image delivery cookies: Signed cookies issued by our servers to enable secure image delivery via our content delivery network (CloudFront). These cookies are HttpOnly, Secure, and expire after your session.
• Bot detection cookies: Cloudflare Turnstile may set cookies (such as cf_clearance and __cf_bm) to distinguish human users from automated traffic. These cookies are essential to the security of the Service and cannot be disabled.
• Analytics cookies: We use Google Analytics 4 (GA4) to understand how visitors use the Service. GA4 sets first-party cookies (such as _ga and _ga_*) to distinguish unique users and track session information. These cookies do not identify you personally. Google Analytics data is aggregated and used solely to improve the Service. We do not enable Google Ads integration, remarketing, or cross-site advertising features. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• We do not use third-party advertising cookies or cross-site tracking cookies.
• Do Not Track:The Service does not currently respond to “Do Not Track” (DNT) browser signals because there is no industry-standard protocol for DNT compliance. We do not track users across third-party websites regardless of DNT settings.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service.
• Process subscriptions, payments, and billing.
• Authenticate your identity and manage your account.
• Enforce usage limits and subscription tier restrictions (e.g., daily view limits for free accounts, download quotas).
• Detect and prevent fraud, abuse, scraping, and unauthorized automated access to the Service.
• Improve and optimize the Service, including search relevance and AI metadata accuracy.
• Communicate with you about your account, subscription changes, service updates, and security alerts.
• Respond to your inquiries, support requests, and DMCA notices.
• Comply with legal obligations and enforce our Terms of Service.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in these limited circumstances:

• Service providers: We use third-party services to operate the platform:
  • Amazon Web Services (AWS): Cloud hosting, authentication (Cognito), database (DynamoDB), image storage and delivery (S3, CloudFront), and search infrastructure (OpenSearch).
  • Stripe, Inc.: Payment processing and subscription management.
  • Cloudflare, Inc.: Bot detection and abuse prevention (Turnstile). Cloudflare may receive your IP address and browser characteristics to distinguish human users from automated traffic.
  • Google LLC:Optional single sign-on authentication (Google OAuth). If you choose to sign in with Google, we receive your name and email address from your Google account. We do not receive your Google password. We also use Google Analytics 4 to collect aggregated, anonymized usage statistics (pages visited, search queries, feature usage). Google may receive your IP address and browser characteristics for this purpose. We do not enable Google advertising features or cross-site tracking. See Google’s privacy policy at policies.google.com/privacy.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• With your consent: We may share information with third parties when you have given us explicit consent to do so.

5. Data Retention

• Account data: Retained for the duration of your account plus 90 days after deletion to allow for account recovery.
• Usage data: Daily usage records are retained for 12 months for quota enforcement and analytics, then aggregated and anonymized.
• Payment records: Retained as required by tax and financial regulations (typically 7 years).
• Server logs: Retained for 90 days for security monitoring and abuse detection, then deleted.
• DMCA records: Retained indefinitely as required for our repeat infringer policy.

6. Data Security

We implement industry-standard security measures to protect your information:

• All data in transit is encrypted via TLS/HTTPS.
• Authentication tokens are stored in browser storage and automatically expire. Signing out clears all stored credentials.
• Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified).
• Image access is controlled through signed cookies with short expiration periods.
• AWS WAF (Web Application Firewall) provides rate limiting and bot protection.
• Server-side usage tracking prevents client-side tampering with quotas.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Breach notification: In the event of a data breach that compromises your personal information, we will notify affected users by email and/or by posting a notice on the Service within 72 hours of becoming aware of the breach (or as soon as reasonably practicable), in accordance with applicable state and federal law. Where required, we will also notify the relevant regulatory authorities.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Opt-out: Opt out of non-essential communications at any time via your account settings or by contacting us.
• Restrict processing: Request that we limit the processing of your personal information in certain circumstances (e.g., while we verify the accuracy of your data).
• Object: Object to processing of your personal information based on our legitimate interests, where applicable.
• Lodge a complaint: If you are located in the EEA or United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority.

Account deletion: You may delete your account at any time through the self-service option in your Account Settings page. This will immediately and permanently delete your account, cancel any active subscription, and remove your saved ads and download history. Alternatively, you may request deletion by emailing privacy@digitaladarchive.com with the subject line “Account Deletion Request” and we will process your request within 30 days. Some data may be retained as described in Section 5 (Data Retention) and as required by law.

To exercise any other rights listed above, contact us at privacy@digitaladarchive.com. We will respond within 30 days (or sooner if required by applicable law). We may request verification of your identity before fulfilling your request.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) provides you with additional rights regarding your personal information.

Categories of Personal Information Collected

We do not collect sensitive personal information as defined by the CPRA (e.g., Social Security numbers, financial account credentials, precise geolocation, racial/ethnic origin, health data, or biometric data).

Your California Privacy Rights

• Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we shared it.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements).
• Right to correct: You may request correction of inaccurate personal information we hold about you.
• Right to opt-out of sale/sharing: We do not sell or share personal information for cross-context behavioral advertising, so this right does not apply. We have not sold or shared personal information in the preceding 12 months.
• Right to limit use of sensitive PI: We do not collect sensitive personal information beyond what is necessary to provide the Service.
• Non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To submit a CCPA/CPRA request, email privacy@digitaladarchive.com with the subject line “California Privacy Request.” We will verify your identity before processing your request and respond within 45 days as required by law.

9. Nevada Privacy Rights

As a Nevada-based company, we comply with Nevada SB 220. Nevada residents may submit a request directing us not to sell their personal information. As stated above, we do not sell personal information. To submit such a request, contact privacy@digitaladarchive.com.

10. Automated Decision-Making

The Service uses automated systems for the following purposes:

• Rate limiting and abuse detection: Automated systems monitor request patterns and may temporarily or permanently restrict access to users who exceed usage limits or exhibit patterns consistent with scraping or automated access. These restrictions are applied based on IP address, account activity, and request frequency.
• Subscription tier enforcement: Your access to features, image resolutions, metadata fields, and download limits is automatically determined by your subscription tier.
• AI metadata generation: Our VINTELLI AI℠ system automatically generates metadata about archive materials. This processing does not involve your personal data.

None of these automated processes produce legal effects or similarly significant effects concerning you. If you believe an automated decision has been applied to your account in error, you may contact us at support@digitaladarchive.com for a human review.

11. International Users

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your country.

If you are located in the European Economic Area (EEA), United Kingdom, or other region with data protection laws, we process your data based on the following legal bases:

• Contract performance: Processing necessary to provide the Service you requested (account management, search functionality, image delivery, subscription billing).
• Legitimate interests: Processing necessary for our legitimate business interests, including service improvement, fraud prevention, abuse detection, and security (where these interests are not overridden by your data protection rights).
• Legal obligation: Processing necessary to comply with applicable laws (e.g., tax record retention, responding to legal requests).
• Consent: Where you have given explicit consent for specific processing activities (e.g., optional marketing communications). You may withdraw consent at any time.

International data transfers: Our service providers (including AWS, Stripe, Cloudflare, and Google) maintain appropriate safeguards for international data transfers, including the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), and/or equivalent mechanisms as required by applicable law. By using the Service, you acknowledge that your data will be processed in the United States.

12. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@digitaladarchive.com.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. The “Last updated” date at the top of this page indicates the most recent revision.

15. Contact Information

For questions or concerns about this Privacy Policy or our data practices: