Privacy Policy

Last updated: April 27, 2026

What we collect

Conduit is a media-buying tool used by DTC operators. To deliver the service, we process:

• Account data: name, email, hashed password (via Clerk).
• Brand data: brand name, currency, timezone, guardrail settings.
• Ad-platform data: campaign metadata, performance metrics. We never store ad-account passwords; only encrypted OAuth refresh tokens.
• Conversion-event data from your storefront: hashed PII (email, phone, IP) and click-IDs (fbclid/gclid/etc.). Raw email/phone/IP are never stored.
• Usage telemetry: IP, page views, errors. Used to improve the product and debug issues.

How we use it

• To run the rules engine, attribution models, and anomaly detection on your behalf.
• To dispatch your conversion events to platform CAPIs (Meta, Pinterest, TikTok, Snap, Google).
• To send you transactional emails (rule fires, weekly digests, security notices). You can disable digest emails in Settings.
• To improve the product through aggregated, anonymized analytics.

What we never do

• Sell your data, your customers' data, or your performance numbers to anyone.
• Share your data with other Conduit customers.
• Use your conversion events to train ML models for other customers (each model is per-brand only).

Sub-processors

We rely on the following sub-processors. Each has signed a DPA with us:

• Vercel — application hosting, US
• Neon — Postgres database, US
• Upstash — Redis cache, US
• Clerk — authentication, US
• Anthropic — Copilot LLM, US (only your text prompts; never raw conversion data)
• Resend — transactional email, US
• Cloudflare — edge CDN + worker compute, global

Your rights

You can export all your data, transfer it, or delete your account at any time from Settings. EU/UK/CA residents have additional rights under GDPR/UK-GDPR/CCPA.

Contact

Questions: privacy@conduit.app