Privacy Policy
Last updated: May 29, 2026
We never sell your data. Period. We collect what we need to run the service, keep your account working, and improve OnlineAIAds. Nothing else. This page tells you exactly what we collect, why, who can see it, and how to make us delete it.
1. Who we are
OnlineAIAds is operated by PlanMyTrip LLC, a limited liability company formed in North Carolina in June 2025. Our address is 2125 Stegemann St, Apex, NC 27502, United States. References to "we," "us," and "our" mean PlanMyTrip LLC doing business as OnlineAIAds.
For any privacy question, write to hello@onlineaiads.com.
2. What we collect
Information you give us
- Account / waitlist: email address (required), optional name, company, and monthly ad spend range you choose to share when you join the early-access list or sign up later.
- Billing: when you become a paid customer, payments are processed by Stripe. Stripe receives your card details directly — we never see or store your card number, CVV, or expiry. We do see and store the customer ID, subscription status, and last-4 digits Stripe returns to us.
- Provider credentials: if you connect ad-platform accounts (OpenAI Ads, and later Meta and Google), the API keys or OAuth tokens you supply are encrypted at rest and used only to call the APIs you authorized. We do not use them for any other purpose.
- Support content: anything you send us by email or chat to get help.
Information collected automatically
- Technical attribution: IP address, approximate country (from the IP), user agent, page URL, referrer, and standard UTM parameters when you submit a form. We use this for spam prevention, fraud analysis, and to understand which channels send us visitors.
- Session analytics: we use Microsoft Clarity, a free analytics product, to understand how visitors use the marketing site. Clarity records anonymous mouse movement, scrolls, and clicks. It does not record what you type into form fields.
- Security events: when our defenses block a request (rate limit, honeypot, etc.) we log the event type, IP, country, and user agent for security review. These rows are retained for 90 days.
3. Why we collect it
- To deliver the service you signed up for: campaign management, AI ad copy generation, Pixel and Conversions API setup, performance reporting.
- To bill you correctly and send required transactional emails (account, billing, security).
- To detect and block fraud, spam, and abuse.
- To improve the product based on which features get used and where users get stuck.
- To comply with applicable laws, court orders, or lawful government requests.
4. Who we share with
We share data only with the small set of service providers we need to actually run the product. Each one is contractually bound to handle your data only for the purpose we engage them. We do not sell, rent, or trade your data to anyone.
- Stripe — payments and subscription management.
- Clerk — user authentication (when the product launches publicly).
- Neon — managed Postgres database hosting (US region).
- Vercel — web hosting and CDN.
- Microsoft Clarity — anonymous session analytics on the marketing site.
- OpenAI— when you use the AI ad copy generator, your brief is sent to OpenAI's API to generate text. OpenAI does not train on API inputs.
- Connected ad platforms — when you connect ChatGPT Ads (and later Meta, Google, LinkedIn) we send and receive data on your behalf using the credentials you supplied.
- Email forwarder — messages sent to hello@onlineaiads.com are forwarded to our internal inbox.
- Law enforcement — only when we receive a valid legal request and only the specifically responsive data.
5. How long we keep your data
- Waitlist entries: 24 months from sign-up, then deleted unless you become a customer.
- Customer account data: for as long as your account is active, plus 6 months after cancellation for billing reconciliation and tax records.
- Security event logs: 90 days.
- Microsoft Clarity: 13 months (Microsoft's default retention).
- Email correspondence: indefinitely, unless you ask us to delete it.
6. Your rights
Regardless of where you live, you can ask us to do the following at any time by emailing hello@onlineaiads.com:
- Get a copy of the personal data we hold about you.
- Correct anything that's wrong.
- Delete your account and all associated data (subject to our retention obligations above).
- Export your data in a portable format.
- Opt out of any marketing email (note: we currently only send transactional email).
- Withdraw consent for processing where consent is the legal basis.
California residents have specific rights under the CCPA, including the right to know and the right to delete personal information. We honor those rights for all users worldwide, not just California residents.
European users have rights under the GDPR, including the rights listed above plus the right to lodge a complaint with a supervisory authority. The legal basis for our processing is, depending on the context: contract performance (delivering the service you signed up for), legitimate interests (fraud prevention, security), or consent (analytics).
7. Cookies and similar technologies
We use a small number of cookies and similar storage:
- Strictly necessary: keeping you logged in, remembering your preferences, security tokens.
- Analytics: Microsoft Clarity uses cookies to attribute repeat visits to the same anonymous session.
- Payments: Stripe sets cookies during checkout for fraud prevention.
We do not use advertising cookies on this site.
8. Children
OnlineAIAds is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have, email hello@onlineaiads.com and we will delete it.
9. International data transfers
Our servers and most of our service providers operate in the United States. If you use OnlineAIAds from outside the US, your data will be transferred to and processed in the US. Where required by law (for example, for EU/UK users), we rely on Standard Contractual Clauses or equivalent safeguards to protect the transfer.
10. Security
We protect data with industry-standard measures: TLS 1.2+ for data in transit, encryption at rest in our database, encrypted secrets for API credentials, principle-of-least-privilege access controls, and a multi-layer defense system (rate limiting, origin checks, time-trap, audit logging) on every form. No system is perfect — if we ever experience a breach affecting your data, we will notify you promptly as required by law.
11. Changes to this policy
We may update this policy as the product evolves or laws change. Material changes will be highlighted via email to customers and on the marketing site. The "Last updated" date at the top of this page always reflects the most recent revision.
12. Contact
Privacy questions? Email hello@onlineaiads.com. Postal mail:
PlanMyTrip LLC
2125 Stegemann St
Apex, NC 27502
United States