Privacy Policy

Last updated: 2025-12-27

This Privacy Policy explains how SpreshApp (“we”, “us”, “our”) collects, uses, shares, and protects information when you use our website and app (the “Service”) and our Chrome extension (the “Extension”).

Quick links

Scope

  • Service: our website and web app at https://spreshapp.com and related subdomains.
  • Extension: “Spreshapp - Download & Save Facebook Ads” (Chrome extension) that helps you save Facebook Ads Library ads to your SpreshApp account.

This policy does not cover third-party sites and services (e.g., Facebook/Meta, Google) that you may use alongside our Service.

Data we collect

1) Account and authentication data

If you sign in with Google, we receive basic profile information such as your name, email address, profile picture, and a Google identifier (subject to the scopes you consent to).

2) Content you save (Facebook Ads Library data)

When you save an ad, we process information needed to identify and store the ad, which may include:

  • Ad identifiers (e.g., “Library ID” / ad archive ID) and page identifiers
  • Ad metadata (e.g., start date, format)
  • Creative content (e.g., text, image/video URLs, preview image URLs)
  • Country you selected in Ads Library (when available)

This data is used to provide “saved ads” and related features in your dashboard.

3) Usage and device data

We may collect basic technical data when you access the Service, such as IP address, timestamps, request metadata, and diagnostic logs (e.g., error logs) to keep the Service secure and working.

4) Cookies and similar technologies

We use cookies for authentication and basic session functionality (for example, cookies named auth_token and user). We do not intentionally use cookies to build advertising profiles.

How we use data

  • Provide the Service: create accounts, authenticate users, and deliver features.
  • Save and display ads: store your saved ads and show them in your dashboard.
  • Security and fraud prevention: protect accounts and prevent abuse.
  • Support: respond to questions and troubleshoot issues.
  • Improve the Service: fix bugs and improve reliability and performance.

How we share data

We do not sell your personal data. We may share data with:

  • Service providers that help us run the Service (e.g., hosting, databases, and object storage). For example, saved ad media may be stored in cloud object storage (such as Cloudflare R2).
  • Authentication providers (e.g., Google) when you choose to sign in with them.
  • Legal and safety: if required by law or to protect rights, safety, and security.

If we use processors/sub-processors, we aim to restrict access to what’s necessary to provide the Service.

Data retention

  • Account data: retained while your account is active and as needed to provide the Service.
  • Saved ads: retained until you delete them or delete your account (subject to backup and legal retention needs).
  • Logs: typically retained for a limited period for security and troubleshooting.

Security

We use reasonable technical and organizational measures to protect data. No method of transmission or storage is 100% secure, but we work to reduce risk and respond to incidents.

International transfers

Depending on where you live and where our providers operate, your data may be transferred and processed outside your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

Your privacy rights

EEA/UK users

You may have rights to access, correct, delete, restrict, object to processing, and port your data, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.

Other regions

Depending on your location, you may have similar rights under local laws. Contact us and we’ll respond as required.

Chrome Extension privacy

What the Extension does

The Extension operates on Facebook Ads Library pages to add a “Save Ad” button and, when you click it, extract ad details from the page to save the ad into your SpreshApp account via our API.

Permissions and why we need them

storage
  • Why we need it: to store extension settings and local session/state such as user preferences, auth/session tokens (if applicable), and UI state.
  • What it allows: saving small amounts of data in Chrome’s extension storage so the extension works consistently across browser restarts.
  • Privacy note: used for extension functionality/preferences; not used to build user profiles or track browsing.
activeTab
  • Why we need it: the Extension runs when the user interacts with it on a Facebook Ads Library tab, so it can read the page content needed to identify the ad to save.
  • What it allows: temporary access to the currently active tab after a user gesture, rather than continuous access to all tabs.
  • Privacy note: we don’t monitor browsing history or run on unrelated sites; this permission is used to perform the user-requested “save this ad” action on the active page.
identity
  • Why we need it: to let the user sign in with Google from the extension (OAuth 2.0) so we can associate “saved ads” with the correct user account.
  • What it allows: using Chrome’s chrome.identity APIs to start the OAuth flow and identify the signed-in user (scopes: openid, email, profile).
  • Privacy note: we use it only for authentication and account linking; we do not access the user’s passwords, contacts, or Google Drive data.
Host permissions
  • Why we need it: the Extension must be able to run on Facebook Ads Library pages and call our backend API to store the saved ad.
  • Domains covered:
    • *://*.facebook.com/* (Facebook Ads Library pages)
    • http://localhost:1323/* (local development/testing)
    • https://*.spreshapp.com/* and https://*.spresh.app/* (our service)
  • Privacy note: access is limited to these domains (not “all sites”) and is used solely to support the “save ad” feature and communicate with our service.

Extension data handling

  • Local storage: the Extension stores items like an API URL and an auth token in Chrome’s extension storage to keep you signed in and functioning across restarts.
  • On-page access: on Facebook Ads Library pages, the Extension reads page content to extract the ad details you choose to save.
  • Transmission: when you save an ad, relevant ad data and your authentication token are sent to our API to store the ad in your account.

To remove Extension data, you can sign out in the Extension popup and/or uninstall the Extension via Chrome’s extension settings.

Children’s privacy

The Service is not intended for children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date above and, where appropriate, provide additional notice.

Contact

For privacy questions or requests, contact us at support@spreshapp.com.

This page is provided for general informational purposes and does not constitute legal advice.