How we handle your data.
What we collect
- Account info — name, email, company, role. So we know who's logged in.
- Billing info — payment details, processed by Stripe. We don't store card numbers.
- Usage data — what you click, what you generate, what works. So we can make the product better.
- Connected accounts — when you link Meta, Google, or analytics platforms, we receive data those platforms send us (campaign performance, audience info, ad spend). We only use it to run your campaigns and show you results.
- Cookies — for keeping you logged in and measuring traffic. You can turn most off in your browser. We don't sell ad-tracking data.
What we don't collect
We don't sell your data. We don't share it with advertisers. We don't use your campaign data to train AI models that benefit other customers. Your data is yours.
Who sees it
Only people who need to: our team, our subprocessors (Stripe for payments, AWS for hosting, Postmark for email, the major ad platforms you connect), and law enforcement if legally required. We'll tell you if that ever happens unless we're legally prohibited.
Your rights
You can ask us to:
- Show you what we have on you
- Correct anything wrong
- Delete your account and your data
- Export your data to take elsewhere
Email info@tropicsurvival.com and we'll do it within 30 days. If you're in California or the EU, you have additional rights under CCPA and GDPR — same email, we'll honor them.
How long we keep it
Active accounts: as long as you use us. Cancelled accounts: 90 days, then deleted. Billing records: 7 years (tax law).
The rules of using our product.
What we do
We give you software that generates localized ads, plans media spend, and tracks performance across multiple locations. You give us money. That's the deal.
What you can't do
- Reverse-engineer the product
- Resell it without our written permission
- Use it for illegal advertising, hate speech, scams, adult content, or anything that violates ad platform policies
- Upload content you don't own or have rights to
- Try to break our systems
If you do any of this, we can suspend or close your account.
What we can't do
We can't guarantee:
- The product will be available 100% of the time (we aim for 99.5% — see Security below)
- Your ads will perform a specific way (we use real benchmarks, but results depend on your business, your offer, and the market)
- Third-party platforms (Meta, Google, etc.) will keep their APIs the same forever
Payment
You pay monthly or annually, depending on your plan. Cancel anytime — your account stays active until the end of the billing period you've paid for. We don't do refunds for partial months. If you're on an annual plan and cancel, no refund for unused months unless required by law.
Ending the relationship
You can cancel anytime in your account settings. We can close your account for the reasons listed above, or with 30 days' notice for any reason. If we end things, we'll give you your data and refund any unused prepaid time.
The boring legal stuff (that still matters)
- Limitation of liability. Our total liability to you is capped at what you've paid us in the last 12 months. We're not liable for indirect damages (lost profits, lost data, business interruption).
- Indemnification. If someone sues us because of how you used the product (uploading content you didn't own, running illegal ads, etc.), you cover our legal costs.
- Governing law. These terms are governed by the laws of the State of Florida. Disputes go to the courts in Miami-Dade County.
- Changes. We can update these terms. If we make material changes, we'll email you at least 30 days before they take effect. If you keep using the product after that, you're agreeing to the new terms.
How we keep things safe.
We take security seriously. Here's what that means in practice.
How your data moves through our stack
- Encryption in transit — everything between you and us uses HTTPS/TLS.
- Encryption at rest — your data is encrypted on our servers.
- Access controls — only the people on our team who need to see your data can see it.
- Payments — handled by Stripe, which is PCI DSS Level 1. We never touch raw card data.
Client portal
We use Assembly as the client portal where you'll review work, share files, and collaborate with our team. Assembly maintains SOC 2 Type II, GDPR, CCPA, and HIPAA compliance, with continuous control monitoring. You can review their full security posture and certifications at their Trust Center: security.assembly.com.
If something goes wrong
If we detect a security incident that affects your data, we'll email you within 72 hours of confirming it and tell you what happened, what we're doing about it, and what you should do.
Reporting a vulnerability
If you've found a security issue, email info@tropicsurvival.com with the subject line "Security disclosure." We'll respond within 2 business days.
Questions about any of this?
Privacy, terms, security, billing, or otherwise — one inbox.