Privacy Policy

Effective Date: February 20, 2026

ATDb (“The AdTech Database,” “we,” “us,” or “our”) is operated by Jon Holm as a personal project. This Privacy Policy describes how we collect, use, and share information when you use theatdb.com (the “Service”).

Information We Collect

Account Information. When you create an account, we collect your email address and any display name you provide. You may use a pseudonym. Accounts are managed through Supabase Auth.

Contribution Data. If you submit edits or additions to the database, we store your contribution history, including the content of each edit, timestamps, edit summaries, and source URLs you provide. Your display name is associated with your contributions and may be visible to other users in edit histories. We also track your trust level, which is based on the quantity and quality of your approved contributions.

Usage Data. We automatically collect information about how you interact with the Service, including pages visited, features used, and referring URLs.

Analytics. We use Google Analytics 4 (via Google Tag Manager) and PostHog for analytics. Google Analytics collects aggregated usage data such as pages visited, session duration, device type, browser, approximate geographic location, and referring sources. PostHog provides product analytics and session replay, recording anonymized browsing sessions to help us understand navigation patterns. Both services use consent-based activation — analytics cookies are only set after you grant consent via our cookie banner. If you decline, no analytics cookies are placed on your device.

Cookies. We use essential cookies for authentication (Supabase session cookies) and analytics cookies (Google Analytics and PostHog, with your consent). When you first visit ATDb, a consent banner lets you accept or reject analytics cookies. You can change your preference at any time via the “Cookie Settings” link in the footer. See our Cookie Policy for details.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your account and manage your session
• Process, review, and publish your contributions
• Calculate and manage your trust level based on contribution quality
• Display your display name alongside your contributions in edit histories
• Send you transactional emails required for account operation (e.g., email verification, password resets)
• Send you optional notification emails about your contributions (e.g., edit approvals or rejections) only if you explicitly opt in
• Understand how users interact with the Service
• Respond to your requests or inquiries
• Detect and prevent vandalism, spam, and abuse

Public Information

The following information may be publicly visible to other users of the Service:

• Your display name (which may be a pseudonym)
• Your approved contributions and edit history
• Your trust level

Your email address is never publicly displayed. It is used only for account authentication, transactional emails (password resets, verification), and notification emails that you have explicitly opted into.

Email Communications

Transactional emails (account verification, password resets, security alerts) are sent as needed to operate your account. These do not require separate opt-in and cannot be disabled while your account is active.

All other emails are opt-in only. We will never send you notification or marketing emails unless you explicitly enable them in your account settings. Every notification type (edit reviews, trust level changes, daily digests, administrative reports) is disabled by default and must be individually enabled by you. You may disable any notification at any time.

Information Sharing

We do not sell your personal information. We share information only with the following service providers, who process data on our behalf:

• Supabase — database hosting and authentication
• Vercel — application hosting and edge delivery
• Google Analytics — website analytics (data only collected with your consent)
• PostHog — product analytics and session replay (data only collected with your consent)
• Sentry — error monitoring and performance tracking
• Resend — transactional email delivery (notifications)
• Logo.dev — company logo images served from a third-party CDN (your browser sends standard request data such as IP address and user agent when loading logos)
• Anthropic — AI content generation for database enrichment (entity data such as company names, descriptions, and publicly available business information is sent to Anthropic's Claude API; no user personal data is sent)
• Canny.io — user feedback and feature request platform (if you use the feedback feature, your user ID, email address, and display name are shared with Canny via single sign-on to identify your feedback submissions)
• Inngest — background job orchestration for data pipeline processing (processes system and entity data; does not receive user personal data)

We may also disclose information if required by law or to protect our rights.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Consent — for analytics cookies and usage tracking (you can withdraw consent at any time via the “Cookie Settings” link in the footer)
• Contract performance — for providing your account, processing your contributions, and managing your watchlist
• Legitimate interest — for error monitoring (Sentry), service reliability, and preventing abuse

Your Rights Under GDPR

If you are in the EEA or the United Kingdom, you have the following rights regarding your personal data:

• Right of Access. You may request a copy of the personal data we hold about you.
• Right to Rectification. You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure. You may request that we delete your personal data, subject to certain exceptions (see “Data Retention” below regarding approved contributions).
• Right to Restriction. You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability. You may request a copy of your personal data in a structured, commonly used, machine-readable format.
• Right to Object. You may object to our processing of your personal data where we rely on legitimate interest as the legal basis.
• Right to Withdraw Consent. Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time via the “Cookie Settings” link in the footer. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to Lodge a Complaint. You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at admin@theatdb.com. We will respond within 30 days.

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

• Right to Know. You may request the categories and specific pieces of personal information we have collected about you.
• Right to Delete. You may request that we delete the personal information we have collected from you, subject to certain exceptions. Note: contributions that have been approved and integrated into the database may be retained in anonymized form, as they are part of the collaborative dataset (see “Data Retention” below).
• Right to Opt-Out of Sale. We do not sell personal information. If this changes in the future, we will provide an opt-out mechanism.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.

Categories of Information Collected. In the preceding 12 months, we may have collected: identifiers (email address, display name), internet activity information (browsing history on our site, search queries, contribution history), and geolocation data (approximate location via analytics).

To exercise any of these rights, contact us at admin@theatdb.com. We will verify your identity before processing your request and respond within 45 days.

International Data Transfers

ATDb is operated from the United States. Your personal data may be transferred to and processed in the US and other countries where our service providers operate, including:

• Supabase (US) — database and authentication
• Vercel (US/global edge) — application hosting
• Google (US) — analytics
• PostHog (US) — product analytics
• Sentry (US) — error monitoring
• Resend (US) — email delivery
• Logo.dev (US) — company logo images
• Anthropic (US) — AI content generation
• Canny.io (US) — user feedback platform
• Inngest (US) — background job orchestration

Where data is transferred outside the EEA or UK, our service providers rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, or other approved transfer mechanisms to ensure adequate protection of your personal data.

Data Retention

We retain your account information for as long as your account is active. Usage and analytics data is retained in accordance with our service providers' retention policies (Google Analytics retains data for 14 months by default; PostHog retains data according to your plan settings).

Contribution data: Approved contributions become part of the collaborative database. If you delete your account, we will remove your email address and personal identifiers. Previously approved contributions may be retained in anonymized form (attributed to “[deleted user]”) to preserve the integrity of the database and its edit history. This is similar to how collaborative platforms like Wikipedia handle contribution history.

You may request deletion of your account and personal data at any time by contacting us at admin@theatdb.com.

Data Security

We implement reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS), secure authentication via Supabase, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Do Not Track

Some browsers send a “Do Not Track” signal. There is no industry standard for how websites should respond to this signal. However, ATDb provides a direct control mechanism: our cookie consent banner lets you explicitly accept or reject analytics tracking, and you can change your preference at any time via the “Cookie Settings” link in the footer.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, contact us at admin@theatdb.com.