Back to homemisstyped media

Legal

Privacy Notice

Last updated: May 25, 2026

This Privacy Notice explains how Laurelle McVicker, an individual sole trader based in Sweden ("we", "us", "our"), collects and uses personal data when you use The Paid Ads Launch Lab (the "Service"). We are the data controller for the personal data described below. Our reseller Paddle is an independent controller for payment data it collects directly at checkout.

1. Data we collect

  • Account data: name, email address, password (hashed), and email verification status.
  • Business inputs: information you enter about your business, audience, offer, and campaigns in order to generate ad plans.
  • AI prompts and outputs: the prompts you submit and the AI-generated responses returned to you.
  • Support communications: emails or messages you send us.
  • Usage and device data: log data, IP address, browser type, device identifiers, pages visited, and actions taken in the Service.
  • Order metadata: a record that you purchased and your subscription status. Card details and billing addresses are collected and stored by Paddle, not by us.

2. How we use your data

  • Provide the Service — create your account, authenticate you, generate and return AI outputs, grant access after purchase (legal basis: performance of contract).
  • Security and fraud prevention — detect abuse, protect accounts, enforce our Terms (legitimate interests).
  • Service improvement — analyse aggregated usage to improve features and performance (legitimate interests).
  • Customer support — respond to your questions (performance of contract / legitimate interests).
  • Legal compliance — meet tax, accounting, and other legal obligations (legal obligation).
  • Marketing — only with your consent, where required; you can withdraw consent at any time (consent).

3. Who we share data with

  • Paddle, our Merchant of Record, for sale of the product, subscription management, payments, tax compliance, and invoicing.
  • Service providers and subprocessors: hosting and backend infrastructure (Lovable Cloud, which uses Supabase), AI model providers used to generate outputs (such as Google and OpenAI via the Lovable AI Gateway), email delivery, and analytics tooling.
  • Professional advisers: legal, accounting, and tax advisers when needed.
  • Authorities where required by law, court order, or to protect our rights and the safety of others.

We do not sell your personal data.

4. AI processing

Your prompts and the business inputs you provide are sent to third-party AI model providers in order to generate outputs. These providers process the data on our instructions and are contractually restricted from using it to train their public models. Do not include sensitive personal data, payment card details, or confidential information about third parties in your prompts.

5. International transfers

We are based in Sweden (EEA). Some of our service providers are based outside the EEA (including the United States). Where personal data is transferred outside the EEA / UK, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses, together with supplementary measures where required.

6. Data retention

We keep account data for as long as your account exists, and for a reasonable period after closure to handle disputes and meet legal obligations. Order and tax records are retained for the period required by Swedish accounting law (currently seven years). Prompts, outputs, and usage logs are retained for up to 24 months and then deleted or anonymised.

7. Your rights under GDPR

You have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased ("right to be forgotten");
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time, where processing is based on consent;
  • lodge a complaint with the Swedish Authority for Privacy Protection (IMY, imy.se) or your local supervisory authority.

To exercise these rights, email info@misstypedmedia.com. We aim to respond within one month.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and reputable hosting providers. No system is fully secure; please use a strong, unique password and notify us of any suspected unauthorised access to your account.

9. Cookies

We use essential cookies needed to keep you signed in and to operate the Service. We do not use advertising cookies. If we add analytics cookies in future that require consent, we will request your consent before they are set.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect data from them.

11. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated by email or in-app notice.

12. Contact

For any privacy questions, email info@misstypedmedia.com.