← Back to Home

Privacy Policy

Last updated: April 14, 2026

1. Information We Collect

We collect the following types of information when you use Vorstead:

  • Business information — company name, address, phone number, and contact details provided during onboarding.
  • Ad account data — campaign performance metrics, spend data, and audience information from connected Meta and Google accounts.
  • Lead data — names, phone numbers, email addresses, and job details of leads generated through your ad campaigns.
  • Usage analytics — how you interact with the Vorstead dashboard, feature usage, and session data to improve our platform.

2. How We Use Your Information

We use collected information to:

  • Run and optimize your Meta and Google ad campaigns.
  • Generate performance reports and actionable recommendations.
  • Manage your leads through the Vorstead CRM.
  • Improve the platform, fix bugs, and develop new features.
  • Communicate with you about your account, campaigns, and service updates.

3. Third-Party Services

Vorstead integrates with the following third-party services to deliver our platform:

  • Meta (Facebook/Instagram) — for running and managing social media ad campaigns.
  • Google Ads — for running search and display advertising campaigns.
  • Stripe — for processing subscription payments securely.
  • Supabase — for database hosting, authentication, and real-time data services.

Each third-party service has its own privacy policy. We encourage you to review them.

4. Data Ownership

You own all of your data. Vorstead acts as a data processor on your behalf. Your business information, ad accounts, lead data, and creative assets belong to you. We do not sell, rent, or share your data with third parties for their marketing purposes.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide our services. If you cancel your account, we will delete your data within 30 days of cancellation. You may request earlier deletion at any time by contacting us.

6. Security

We take security seriously and implement the following measures:

  • All data is encrypted in transit (TLS) and at rest.
  • Database access is controlled via Supabase Row Level Security (RLS) policies.
  • Authentication tokens are stored securely and rotated regularly.
  • We conduct regular security reviews and are working toward SOC 2 compliance.

7. Cookies

Vorstead uses session cookies strictly for authentication purposes. We do not use tracking cookies, third-party advertising cookies, or any form of cross-site tracking. Your browsing activity on our platform is not shared with advertisers.

8. Your Rights (CCPA / GDPR)

Depending on your jurisdiction, you may have the following rights:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to delete — request deletion of your personal data from our systems.
  • Right to portability — receive your data in a structured, commonly used format.
  • Right to opt out — we do not sell personal data, but you may opt out of non-essential data processing at any time.

To exercise any of these rights, contact us at the email address below.

9. Contact Us

If you have questions about this privacy policy or want to exercise your data rights, contact us at hello@vorstead.com.