Privacy Policy

Last updated: April 29, 2026

Who we are

adfly.ai ("we", "us") provides AI-powered affiliate link tracking and analytics. Contact: support@adfly.ai.

What data we collect

• Account data: name, email, hashed password.
• Billing data: handled entirely by Stripe; we store only customer/subscription IDs.
• Click data: hashed IP (SHA-256), country, city, referrer, user-agent, device type, timestamp.
• Usage data: AI credit consumption, feature usage analytics.

What we don't collect

• Raw IP addresses are never stored — only their SHA-256 hash.
• We do not store the contents of your destination URLs beyond the URL string itself.
• We do not track end-user identities across sites.

Cookies

We use only essential cookies (session, CSRF, auth) and a single consent cookie. We do not run third-party analytics on visitor browsers without consent. Click here to learn how to manage your consent at any time via the banner.

Third-party processors

• Stripe — payments and subscription billing.
• Anthropic — AI features (we send anonymized stats summaries; raw clicks are not sent).
• ip-api.com — best-effort GeoIP lookup at click time.
• Cloudflare / CDN — static asset delivery.

GDPR & data subject rights

You have the right to access, correct, delete, port, or restrict processing of your data. Email support@adfly.ai with your request and we will respond within 30 days. Account deletion is also available from your account page and removes all associated data within 7 days.

Data retention

Free plan: raw click data retained 7 days, daily stats retained indefinitely. Pro / Agency: raw clicks retained 365 days. After your data retention window expires, raw clicks are deleted automatically.

Security

All traffic is HTTPS. Passwords are bcrypt hashed. Sessions are HttpOnly + SameSite=Strict. We follow OWASP Top 10 best practices and conduct regular code review.

Changes

We may update this policy. Material changes are communicated by email and via an in-app banner.