Privacy Policy
Effective Date: June 11, 2025
1. Introduction
Nixes EOOD ("Nixes," "we," "us," or "our"), the provider of the AdCider SaaS platform ("Service"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and Service. This Policy applies to information we collect through our Service and other interactions (e.g., customer service inquiries).
Nixes is the data controller for the personal data processed in connection with the Service. Our registered address is Sofia, Bulgaria, company registration number 202050897.
For any privacy-related inquiries or to exercise your data protection rights, you can contact us at hi@adcider.com. Our Data Protection Officer (DPO) can be reached at nick@nixes.io.
2. Information We Collect
We collect information that identifies you as an individual or relates to an identifiable individual ("Personal Data") in the following ways:
-
A. Information You Provide Directly:
- Account Information: When you create an AdCider account, we collect your name and email address. Optionally, you may provide your company size and your role within the company.
- ASA API Credentials: To use the core functionality of AdCider, you will provide your Apple Search Ads API credentials. We store these credentials securely using strong encryption.
- Communications: If you contact us for support or other inquiries, we collect your name, email address, and the content of your communications.
-
B. Information Collected Automatically Through Use of the Service:
- Apple Search Ads Data: When you connect your ASA account, we access and process data available through the ASA API to manage and optimize your campaigns. This includes, but is not limited to, campaign IDs, ad group IDs, keywords, bids, spend, impressions, taps, installs, and revenue attributed by Apple.
- Attribution SDK Data (If you use our SDK): If you integrate our Swift Attribution SDK into your mobile application, the SDK collects the following data points from your end-users' devices to attribute installs and purchases to ad campaigns:
- Timestamp of app install
- Timestamp of in-app purchase
- Purchased product identifier
- Purchase value
- Apple Search Ads attribution token This data is collected in a way that does not directly identify the end-user to AdCider (e.g., we do not collect persistent device identifiers like IDFA for this purpose directly for AdCider's use, relying on Apple's attribution token mechanism). As our customer, you are responsible for ensuring you have the necessary consents and provide appropriate disclosures to your end-users regarding the use of this SDK and data collection, including within your App Store privacy nutrition labels.
- Usage Data (AdCider Platform): We collect information about how you interact with our Service, such as features used and actions taken on the platform. This is primarily collected through server logs.
- Cookies and Similar Technologies:
- Essential Cookies: We use first-party cookies for essential functionalities like session management (to keep you logged in). These are necessary for the Service to operate.
- Analytics Cookies (Google Analytics): We use Google Analytics to collect information about your use of our website and Service, such as pages visited, time spent on pages, browser type, and IP address (which Google Analytics may anonymize). This helps us understand user behavior and improve our Service. Google Analytics uses its own cookies.
-
C. Information from Third Parties:
- Payment Information (via Paddle): We use Paddle for payment processing. Paddle collects and processes your payment information (e.g., credit card details, billing address) directly. We do not store your full payment card details but may receive transaction confirmations and related billing information from Paddle to manage your subscription.
3. How We Use Your Information
We use your Personal Data for the following purposes, based on the legal bases outlined:
| Purpose | Personal Data Used | Legal Basis (GDPR) |
|---|---|---|
| To Provide and Operate the Service | Account Info, ASA API Credentials, ASA Data, Attribution SDK Data (if used), Session Cookies | Contractual Necessity (to fulfill our contract) |
| To Manage Your Account and Subscription | Account Info, Payment Info (via Paddle) | Contractual Necessity |
| To Communicate with You (Service updates, support, responses) | Account Info, Communication Data | Contractual Necessity, Legitimate Interest |
| To Improve Our Service (Analytics, platform usage insights) | Usage Data, Google Analytics Data (often aggregated/anonymized) | Legitimate Interest (to improve user experience) |
| For Security and Fraud Prevention | Account Info, Usage Data (Server Logs), IP Address (via GA or server logs) | Legitimate Interest (to protect our Service & users) |
| To Comply with Legal Obligations | Account Info, Transaction Data (from Paddle) | Legal Obligation (e.g., tax, accounting) |
| For Marketing Communications (If you opt-in) | Name, Email Address | Consent |
We do not use your specific ASA campaign data or Attribution SDK data to train or improve our general AI models for other customers. Anonymized and aggregated usage statistics may be used for general service improvement.
4. How We Share Your Information
We do not sell your Personal Data. We may share your information with the following categories of third parties only in the ways described in this Privacy Policy:
- Paddle (Payment Processor): We share necessary information with Paddle (Paddle.com Market Limited, UK) to process your payments and manage your subscription. Paddle acts as a merchant of record for our subscriptions.
- Apple (ASA Platform): We exchange data with Apple via the ASA API as necessary to provide the Service, based on the credentials you provide.
- Google Analytics (Analytics Provider): We use Google Analytics (Google LLC, US) to analyze website and Service usage. Google may transfer data outside the EEA; Google relies on Standard Contractual Clauses for such transfers.
- Supabase (Backend Service Provider): We may use Supabase for backend infrastructure services, which may involve processing Personal Data.
- Hosting Provider: Our Service and your data (including ASA API credentials and campaign data) are currently self-hosted in Sofia, Bulgaria (within the European Economic Area - EEA).
- Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, subpoena, or valid legal process; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.
- Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your Personal Data.
5. Data Security
We implement appropriate technical and organizational measures to protect the security of your Personal Data. These measures include:
- Strong encryption for sensitive data like ASA API credentials, both at rest and in transit.
- Access controls to limit access to Personal Data to authorized personnel.
- Regular data backups.
- Secure Sockets Layer (SSL) / Transport Layer Security (TLS) encryption for data transmitted over the internet.
However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
6. Data Retention
We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and as follows:
- Account Information: Retained as long as your account is active. Upon account deletion request initiated by you, we will delete your account information immediately.
- ASA API Credentials: Deleted immediately upon your request or when you delete your account.
- ASA Campaign Data (linked to your account): Deleted immediately when you delete your account.
- Attribution SDK Data: Anonymized attribution data (that cannot be linked back to an identifiable individual or your specific account after your account deletion) may be retained for a longer period for general statistical and analytical purposes to understand overall trends. Identifiable attribution data linked to your active account is deleted when you delete your account.
- Google Analytics Data: Retained for 14 months.
- Communications Data: Retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter for record-keeping.
After your account is deleted, some data may be retained in our backups for a limited period before being automatically overwritten, but it will not be accessible in our live systems.
7. Your Data Protection Rights (GDPR)
If you are located in the European Economic Area (EEA), you have the following data protection rights:
- Right to Access: You can request copies of your Personal Data.
- Right to Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to Erasure ("Right to be Forgotten"): You can request that we erase your Personal Data, under certain conditions. You can directly delete your profile and associated data from within the AdCider application.
- Right to Restrict Processing: You can request that we restrict the processing of your Personal Data, under certain conditions.
- Right to Object to Processing: You can object to our processing of your Personal Data where we are relying on legitimate interest as the legal basis, under certain conditions.
- Right to Data Portability: You can request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions.
- Right to Withdraw Consent: If we are processing your Personal Data based on your consent (e.g., for marketing emails), you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.
To exercise any of these rights, please contact us at hi@adcider.com or our DPO at nick@nixes.io. For account deletion, you can also use the functionality within the Service. We will respond to your request within one month.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes the GDPR. The Bulgarian supervisory authority is the Commission for Personal Data Protection (cpdp.bg).
8. International Data Transfers
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
- Nixes is based in Bulgaria (EEA). Our primary hosting is within the EEA.
- Paddle (UK): The UK has an adequacy decision from the European Commission, meaning data transfers to Paddle are generally permitted.
- Google Analytics (US) & Apple (US): For transfers of Personal Data to countries outside the EEA that do not have an adequacy decision (like the United States), we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms under the GDPR.
By using our Service, you acknowledge these potential transfers.
9. Children's Privacy
Our Service is not intended for use by individuals under the age of 18 (or the relevant age of majority). We do not knowingly collect Personal Data from children. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to remove that information from our servers.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information.
- What are cookies? Cookies are small files placed on your device.
- Types of Cookies We Use:
- Essential Cookies (First-party): These are necessary for the Service to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms (e.g., session cookies). You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- Purpose: Session management.
- Duration: End of browsing session.
- Analytics Cookies (Third-party - Google Analytics): These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.
- Purpose: Website analytics and usage insights.
- Duration: Varies - typically 2 years.
- Essential Cookies (First-party): These are necessary for the Service to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms (e.g., session cookies). You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
- Managing Cookies:
- Essential cookies are required for the Service to function. If you disable them via browser settings, parts of the Service may not work.
- For Google Analytics cookies, you may be able to opt-out by using Google's Opt-out Browser Add-on or by managing cookie preferences through a cookie consent banner if implemented on our website.
11. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We will also notify you via email and/or a prominent notice on our Service, prior to the change becoming effective.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Nixes EOOD
Sofia, Bulgaria
Email: hi@adcider.com
Data Protection Officer: nick@nixes.io