Privacy Policy

1. Who we are

adm8 is a creative platform for generating AI images, videos, and ad creatives, operated by adm8 AB (the “Company”, “we”, “us”), a company registered in Stockholm, Sweden. For the purposes of the EU General Data Protection Regulation (GDPR), adm8 AB is the data controller of the personal data described in this policy.

You can reach us about privacy at privacy@adm8.ai.

2. What data we collect

We collect the following categories of personal data:

• Account data — your email address, name, hashed password (we never store passwords in plain text), and, if you sign in with Google, your Google account identifier and profile details you authorize.
• Content you create — the prompts you write and the images, videos, voiceovers, and compositions you generate, plus any reference images, brand assets, or files you upload.
• Billing data — your plan, credit balance, and transaction history. Card details are handled directly by our payment processor (Stripe); we never see or store your full card number.
• Usage and device data — pages visited, features used, approximate location derived from IP, browser and device type, and similar product-analytics events.
• Support data — messages you send through our in-app support widget and related correspondence.

3. How we use your data

We process your personal data to:

• Provide the service — authenticate you, run generations, store your library, and deliver finished outputs.
• Process payments, manage credits and subscriptions, and prevent fraud.
• Operate, secure, debug, and improve the product, including analytics on how features are used.
• Communicate with you — verification and account emails, security notices, support replies, and (where permitted) product updates.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal bases for processing (GDPR)

We rely on the following legal bases under Article 6 GDPR:

• Performance of a contract — to provide the service you sign up for (account, generations, billing).
• Legitimate interests — to secure, maintain, and improve the product and prevent abuse, balanced against your rights.
• Consent — for non-essential cookies/analytics and any optional marketing, which you can withdraw at any time.
• Legal obligation — to meet accounting, tax, and other statutory requirements.

5. AI generation and your content

To generate images, video, voiceovers, and transcripts, we send the prompts, reference assets, and audio you provide to specialized AI infrastructure providers acting as our processors (see “Who we share data with”). These providers process your inputs solely to return the generated output to us.

We do not use your private content to train our own or third parties’ foundation models. You retain rights in the content you create, subject to the providers’ terms and applicable law as set out in our Terms.

6. Who we share data with

We share personal data only with service providers (processors) who help us run adm8, under contracts that require them to protect it. These include:

• Hosting & compute — Vercel (application hosting, serverless functions, media storage, rendering sandboxes).
• Database — Neon (managed PostgreSQL).
• Payments — Stripe (checkout, subscriptions, billing portal).
• AI generation — our image/video model providers and ElevenLabs (voiceover, music, and speech-to-text for captions).
• Video delivery — Mux (adaptive video streaming and thumbnails).
• Email — Resend (transactional email such as verification and password reset).
• Analytics — PostHog and Vercel Analytics (product usage and performance).
• Search — Mixedbread (search indexing), where enabled.
• Support & referrals — Slack (support thread sync) and Rewardful (referral tracking).

We may also disclose data where required by law, to protect our rights, or in connection with a merger or acquisition (with notice where required).

7. International transfers

Some of our providers are located outside the EU/EEA (for example, in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision, so your data receives an equivalent level of protection.

8. How long we keep your data

We keep account and content data for as long as your account is active. When you delete content it is removed from your library; backups and provider caches may persist for a limited period before expiry. When you close your account we delete or anonymize your personal data within a reasonable period, except where we must retain certain records (e.g. invoices) to meet legal obligations.

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and receive a copy.
• Rectify inaccurate data and complete incomplete data.
• Erase your data (“right to be forgotten”) where applicable.
• Restrict or object to certain processing.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time, without affecting prior processing.

To exercise any of these rights, email privacy@adm8.ai. You also have the right to lodge a complaint with your local supervisory authority — in Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

10. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS), hashed passwords, access controls, and a strict content-security policy. No system is perfectly secure, but we work continuously to safeguard your information and will notify you and the relevant authority of a qualifying personal-data breach as required by law.

11. Children

adm8 is not intended for children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version here with a new “last updated” date and, for material changes, provide additional notice. Continued use of adm8 after an update means you accept the revised policy.