Privacy Policy

Overview

HitBack ("we", "us", "our") operates an ad network that displays sponsored content in developer editors during AI agent wait-states. This policy explains what information we collect, how we use it, and the choices you have.

Information we collect

Account information

If you sign in, we collect your email address, display name, and authentication identifiers provided by our identity provider (Google or email/password via Supabase).

Extension usage data

When the HitBack extension shows an ad, we may record an anonymous extension user ID, campaign ID, impression timestamp, and click events. We do not collect your source code, file contents, or chat prompts.

Advertiser and billing data

Advertisers provide ad copy, destination URLs, and payment information processed by Stripe. We store campaign settings, impression counts, and billing records.

Developer payout data

Developers who connect Stripe for payouts provide information required by Stripe Connect. HitBack stores earnings balances and payout history.

Technical logs

Our servers may log IP addresses, request metadata, and error diagnostics for security and reliability.

How we use information

• Authenticate users and manage accounts
• Serve ads, measure impressions and clicks, and calculate revenue shares
• Process payments and payouts through Stripe
• Prevent fraud and enforce rate limits
• Improve product reliability and support

Sharing

We share data with service providers that help us operate HitBack, including Supabase (database and auth), Stripe (payments), and Fly.io (hosting). We do not sell your personal information. We may disclose information if required by law or to protect our users and platform.

Cookies

Our website uses HTTP-only session cookies for sign-in. The extension stores an auth token locally in your editor's secure storage. Third-party payment pages may set their own cookies when you checkout via Stripe.

Retention

We retain account, campaign, impression, and earnings records as long as needed to operate the service, meet legal obligations, and resolve disputes.

Your choices

You may sign out at any time, uninstall the extension to stop ad delivery, or request account deletion by contacting us. Developers can disconnect Stripe payout accounts through Stripe's dashboard.

Children

HitBack is not directed at children under 13, and we do not knowingly collect their information.

Changes

We may update this policy from time to time. Material changes will be reflected on this page with an updated date.

Contact

Questions about privacy? Email privacy@hitback.xyz.