Last updated: 22 March 2026
This privacy policy explains how Seastream Media Europe ("we", "us", "Adloom"), registered at Pegasuslaan 5, 1831 Machelen, Belgium (VAT BE0744.730.564), collects, uses, and protects your personal data when you use the Adloom Creative Lab platform ("Service").
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Belgian data protection laws.
The data controller is Seastream Media Europe, Pegasuslaan 5, 1831 Machelen, Belgium. For any privacy-related questions, contact us at privacy@adloom.io.
When you create an account, we collect your email address, full name, and company name (optional). If you subscribe to a paid plan, Stripe processes your payment information; we do not store credit card numbers. We receive your Stripe customer ID and subscription status.
We store the HTML5 creative files (ZIP archives) you upload for the purpose of testing, validation, and auto-correction. Files are stored in encrypted cloud storage (Cloudflare R2) and are not shared with third parties.
We collect information about how you use the Service: pages visited, features used, scan and fix counts, API call logs, and timestamps. This data is used to improve the Service and for billing purposes.
With your consent, we use Google Analytics 4 (GA4) and Google Ads conversion tracking to understand how visitors interact with our website. These tools use cookies and collect anonymised data such as pages viewed, session duration, approximate location (country level), and referral source. IP addresses are anonymised. See our cookie policy for details.
We process your personal data on the following legal bases:
Contract performance (Art. 6(1)(b) GDPR): account data and creative files are processed to provide the Service you signed up for.
Legitimate interest (Art. 6(1)(f) GDPR): usage data is processed to maintain, secure, and improve the Service, and for billing and fraud prevention.
Consent (Art. 6(1)(a) GDPR): analytics and marketing cookies are only set after you give explicit consent via our cookie banner. You may withdraw consent at any time by clearing your browser cookies or contacting us.
Your data is used to: provide creative testing, validation, and auto-fix functionality; manage your account and subscriptions; generate test reports and compliance summaries; process payments and overage billing; send transactional emails (account confirmation, password reset, billing receipts); improve the Service through aggregated usage analytics; and comply with legal obligations.
We do not sell your personal data. We do not use your creative files for any purpose other than providing the Service.
We share data with the following categories of processors:
Supabase (database and authentication): stores account data and application data. Servers in the EU.
Cloudflare (R2 storage, Workers): stores creative files and serves preview pages. Data may be processed in various locations; Cloudflare is bound by Standard Contractual Clauses (SCCs) for international transfers.
Stripe (payment processing): processes subscription payments and stores billing data under its own privacy policy.
Google (Analytics and Ads): receives anonymised analytics data only with your consent. Data may be transferred to the US under the EU-US Data Privacy Framework.
Anthropic (Claude AI API): creative file content may be sent to the Claude API for AI-powered verification of fixes. Data is processed under Anthropic's data processing terms and is not used to train models.
Vercel (hosting): hosts the web application. Servers primarily in the EU and US. Bound by SCCs.
Account data is retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Creative files are retained for the duration of your subscription and deleted within 30 days after account closure. Billing records are retained for 7 years as required by Belgian tax law. Aggregated, anonymised analytics data may be retained indefinitely.
Under the GDPR, you have the right to:
Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Erasure: request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
Restriction: ask us to restrict processing in certain circumstances.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interest.
Withdraw consent: withdraw consent for analytics cookies at any time.
To exercise any of these rights, contact us at privacy@adloom.io. We will respond within 30 days.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority (Autorite de protection des donnees / Gegevensbeschermingsautoriteit):
Rue de la Presse 35, 1000 Brussels, Belgium
www.dataprotectionauthority.be
Some of our processors are based outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision (such as the EU-US Data Privacy Framework).
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Despite our efforts, no method of transmission or storage is 100% secure.
The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it.
We may update this privacy policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.
Seastream Media Europe
Pegasuslaan 5, 1831 Machelen, Belgium
VAT BE0744.730.564
Email: privacy@adloom.io