Privacy Policy

Last Updated: January 7, 2026

Sponsy Ltd. ("Sponsy," "we," "us," or "our") has prepared this Privacy Policy to explain what personal information we collect, how we use and share that information, and your choices concerning our privacy and information practices.

1. Applicability

This Privacy Policy applies to personal information collected through:

  • sponsyai.com - Our marketing website
  • app.sponsyai.com - Publisher Portal
  • api.sponsyai.com - Serving API
  • Our SDK packages (@sponsy/sdk-js, @sponsy/sdk-react)

For Publisher Customers

If you are a Publisher customer, this Privacy Policy applies to data we collect directly from you. Data that we process on your behalf as a service provider is governed by your Publisher Agreement.

2. Information We Collect

Publisher Account Information

When you create an account in the Publisher Portal, we collect:

  • Email address
  • Password (hashed, never stored in plain text)
  • Company name (optional)
  • Workspace names and configurations

Payment Information

For Publishers receiving revenue payouts, we collect:

  • PayPal email address for payouts
  • Minimum payout threshold preferences
  • Auto-payout settings

Waitlist Information

When you join our waitlist, we collect your email address to notify you when we launch.

Automatically Collected Information

  • Device Information: Browser type, device type, operating system, IP address
  • Usage Data: Pages viewed, navigation paths, interactions
  • Log Data: IP addresses, timestamps, request information

3. End User Data Processing

When Publishers integrate our SDK into their chatbots, we process limited information about end users for the purpose of intent detection and ad serving. Our key privacy principles are:

  • No PII Collection: We do not collect names, email addresses, or other personal identifiers of end users
  • Minimal Context: We process only the conversation context necessary for intent detection
  • No Full Transcripts: Complete conversation histories are not stored—only aggregated analytics
  • Session-Based: Data is processed in real-time and not retained beyond the session unless aggregated

What We Process

  • User messages and assistant responses (for intent detection)
  • Anonymous session identifiers
  • Impression, click, and conversion events
  • Device and browser metadata (for analytics)

4. How We Use Information

We use collected information to:

  • Provide and maintain the Sponsy platform
  • Detect commercial intent and serve relevant affiliate recommendations
  • Process Publisher payments and commissions (70/30 revenue split)
  • Generate analytics dashboards (impressions, clicks, CTR, revenue)
  • Send service updates and marketing communications
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

5. Information Sharing

We may share information with:

  • Affiliate Networks: Click and conversion data for attribution
  • Payment Processors: PayPal for Publisher payouts
  • Service Providers: Hosting (Vercel), Database (Supabase), Analytics (ClickHouse, PostHog), Monitoring (Sentry)
  • Legal Requirements: When required by law or legal process

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information:

  • Database: Supabase PostgreSQL with Row Level Security (RLS)
  • Authentication: Supabase Auth with secure password hashing
  • API Keys: Hashed storage, only prefix shown after creation
  • Analytics: ClickHouse Cloud for high-volume event storage
  • Caching: Upstash Redis for serving index and rate limiting

7. Data Retention

We retain data as follows:

  • Account Data: While your account is active and for 30 days after deletion
  • Analytics Events: Aggregated data retained for reporting purposes
  • Payment Records: 7 years for legal and accounting requirements
  • SDK Request Logs: 30 days for debugging, then deleted

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your personal information
  • Export your data (data portability)
  • Object to or restrict processing
  • Withdraw consent
  • Opt-out of marketing communications

To exercise these rights, contact us at contact@sponsyai.com.

9. Cookies and Tracking

We use:

  • Essential Cookies: For authentication and security
  • Analytics: PostHog for product analytics (can be opted out)
  • Performance: To monitor and improve service reliability

You can control cookies through your browser settings.

10. International Transfers

Your data may be processed in countries where our service providers operate, including the United States and European Union. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy and updating the "Last Updated" date.

13. Contact Us

For privacy-related questions or to exercise your rights:

Email: contact@sponsyai.com
Website: sponsyai.com