Ads Copilot← Home

Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes how Ads Copilot (“we”, “us”) collects and uses information when you use the Ads Copilot Service to connect your Google Ads Manager (MCC) account to an AI client like Claude.

1. Information we collect

  • Account information: the email address you use to sign in.
  • Google account data: your Google email and a long-lived OAuth refresh token issued by Google after you complete the consent flow. We also store the manager customer ID we discover for your account.
  • Audit logs: for every tool call your AI client makes, we store the action type, target account/entity, before/after values for writes, and a success/blocked/error status.
  • Settings: your configured safety limits (max budget increase %, auto-approve threshold, confirmation toggle).

2. Google user data — limited use disclosure

Ads Copilot’s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as needed to provide or improve the Service, and we do not use Google user data to train generalized AI/ML models.

We request the https://www.googleapis.com/auth/adwords scope only so that you can read reports and execute write actions on the Google Ads accounts you manage.

3. How we store credentials

Your Google refresh token is encrypted at rest with AES-256-GCM using a key held only on the server. Row-Level Security in our database ensures that no other user can read your integration row. We never log refresh tokens.

4. How we use the data

  • To exchange your refresh token for short-lived access tokens on every API call.
  • To enforce your configured safety limits before any write reaches Google Ads.
  • To show you an audit trail of what your AI client has done.

5. Sharing

We do not sell your data. We share data only with Google (via the Google Ads API to execute the actions you request) and with our infrastructure provider that hosts the database and serverless functions on our behalf, under standard data-processing terms.

6. Retention & deletion

You can disconnect Google at any time from the Integrations page — this immediately deletes the refresh token. You can delete your entire account by contacting us; this removes audit logs, settings, and any cached account metadata.

7. Security

Transport is encrypted with TLS. At-rest secrets are encrypted with AES-256-GCM. Authentication tokens for the AI bridge are short-lived (~1 hour). We follow the principle of least privilege for database access via Row-Level Security policies.

8. Your rights

You can request a copy of your data, correct inaccuracies, or delete your account at any time. Contact us at the address below.

9. Contact

Privacy questions or data requests: privacy@adscopilot.app.