Privacy Policy
Last updated: 5 June 2026
1. Who we are
Ethicly ("we", "us", "our") is a privacy-first advertising network operated by Pablo Meijer as a sole proprietor based in Switzerland. We connect advertisers with publishers using contextual targeting only. No user profiles are created, no cross-site tracking is performed, and no personal data is sold to third parties.
2. What data we collect
For advertisers and publishers (account holders): We collect the information you provide when creating an account: name, email address, company name, and website URL. This data is stored in our database and used solely for account management, billing, and communication about the service.
For website visitors seeing Ethicly ads: We do not collect any personal data, set any cookies, fingerprint your device, or identify you in any way. The only signal used for ad selection is the approximate country derived from the request IP address, which is used in the moment to choose an ad and discarded immediately. The IP address is never stored.
For Tabs4Palestine extension users: The extension does not transmit any browsing data, history, or personal information to our servers. Ad requests contain only the ad format type. No user identifier is created or stored.
3. How we use your data
Account holder data is used to: operate and maintain your account, process payments and generate invoices, communicate service updates, and comply with legal obligations. We do not use account holder data for advertising purposes, and we do not share it with third parties except as required for payment processing (Stripe) and hosting (Supabase, Vercel).
4. Cookies
The Ethicly ad unit shown on publisher websites sets no cookies and uses no browser storage of any kind.
We use exactly one cookie, and only when an advertiser enables conversion tracking. When someone clicks an Ethicly ad and arrives on the advertiser's own website, our conversion script may set a single first-party cookie named ethicly_click on that advertiser's domain. It stores a random, single-use token (no name, email, IP address, or device identifier), expires after 14 days, and exists only to credit a later action such as a sale back to the ad that led to it. It is never used to build a profile or to track anyone across websites, and it is never read on any site other than the advertiser's own.
Because this cookie is set on the advertiser's website, advertisers who enable conversion tracking are responsible for obtaining any consent their local law requires from their own visitors.
5. What we do not do
- We do not build user profiles
- We do not use tracking or profiling cookies, and we set no third-party cookies
- We do not participate in real-time bidding (RTB) or programmatic auctions
- We do not share data with data brokers
- We do not use third-party tracking pixels (Meta, Google, or otherwise)
- We do not perform cross-site tracking of any kind
- We do not fingerprint browsers or devices
For people who see our ads, this is not a policy decision. It is architectural. The ad unit has no infrastructure to collect, store, or process personal data from ad viewers, even if we wanted it to.
6. Data storage and security
Account data is stored on Supabase (hosted on AWS infrastructure in the EU). All data is encrypted in transit (TLS) and at rest. Access to production databases is restricted to authorised personnel only. We use row-level security (RLS) policies to ensure users can only access their own data. Stripe (payments), Supabase (database and hosting), and Vercel (web hosting) act as our data processors under their standard data processing agreements.
7. Data retention
- Account data (name, email, company, website) is kept while your account is active and deleted within 30 days of account closure, except where we are legally required to keep it longer.
- Billing and transaction records are retained for 10 years, as required by Swiss commercial law (Art. 958f of the Swiss Code of Obligations).
- Impression and conversion records contain no personal data and are retained in aggregate for reporting and fraud prevention.
- The
ethicly_clickconversion cookie expires after 14 days.
8. Your rights
If you are an account holder, you have the right to: access the data we hold about you, correct inaccurate data, request deletion of your account and associated data, and export your data. To exercise any of these rights, contact us at privacy@ethicly.ch.
If you are a website visitor who has seen an Ethicly ad, we hold no data about you. There is nothing to access, correct, or delete.
9. GDPR and consent
Our contextual ad model processes no personal data from ad viewers, so no consent is required to show an Ethicly ad. The approximate country used to select an ad is derived from the request IP and discarded immediately; the IP is never stored.
For account holders, our legal basis for processing is contractual necessity (Article 6(1)(b) GDPR) and our legitimate interest in operating and securing the service (Article 6(1)(f) GDPR). Conversion tracking is optional and runs on the advertiser's own website; where local law requires consent for the ethicly_click cookie, obtaining it is the advertiser's responsibility.
You have the right to lodge a complaint with your local data protection authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC).
10. Changes to this policy
We will notify account holders by email of any material changes to this policy. The current version is always available at this URL.
11. Contact
For privacy-related enquiries, contact us at privacy@ethicly.ch.