AdAutomate
Get started

Privacy Policy

Last updated: April 11, 2026

AdAutomate ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect when you use the AdAutomate service ("Service"), how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and other applicable laws.

1. Data controller

The data controller responsible for your personal data is AdAutomate, based in Bulgaria, European Union. For any privacy-related inquiries, contact us at r0under@hotmail.com.

2. Information we collect

2.1 Account information

When you register for AdAutomate, we collect your full name, email address, and a hashed password. You may also optionally provide a business name, logo, and contact details.

2.2 Google Ads data via OAuth 2.0

When you connect your Google Ads account to AdAutomate, you authorize us via OAuth 2.0 (adwords scope) to access the following data from your Google Ads accounts:

  • A list of Google Ads customer accounts accessible to your Google login (customer IDs and names).
  • Campaign, ad group, ad, keyword, and performance data (impressions, clicks, cost, conversions) for the account you select.
  • The ability to create, update, enable, and pause campaigns, ad groups, ads, keywords, budgets, and targeting criteria on your behalf.

We store a Google-issued OAuth refresh token encrypted at rest using Fernet (AES-128 in CBC mode with HMAC authentication). We never receive, see, or store your Google account password.

2.3 Website scan data

When you paste a website URL, AdAutomate fetches the publicly accessible pages of that website and uses AI (large language models) to extract a business profile: products, services, target audience, unique selling points, and industry. This data is stored against your AdAutomate account.

2.4 Billing information

If you subscribe to a paid plan, payment processing is handled by Stripe. We receive subscription status, plan level, and invoice metadata from Stripe. We do not store your full credit card number; Stripe stores that under PCI-DSS compliance.

2.5 Usage data

We log technical information about your interactions with the Service, including IP address, user-agent, request timestamps, and error diagnostics. This data is used to secure the Service and debug issues.

3. How we use your data

  • Provide the Service: create and manage campaigns in your Google Ads account at your request, display metrics in the dashboard, and generate AI-powered suggestions.
  • Account security: authenticate you, prevent fraud and abuse, and maintain audit logs.
  • Customer support: respond to your inquiries and troubleshoot issues.
  • Service improvement: analyze aggregated, anonymized usage patterns to improve AdAutomate.
  • Billing: process subscription payments via Stripe.
  • Legal compliance: comply with applicable laws and respond to lawful requests.

We never sell your personal data or your Google Ads data to third parties. We do not use your Google Ads data to train generative AI models.

4. Legal basis (GDPR)

Our legal bases under GDPR Article 6 are:

  • Contract (Art. 6(1)(b)): processing necessary to provide the Service you signed up for.
  • Consent (Art. 6(1)(a)): connecting your Google Ads account via OAuth is based on your explicit consent, which you may withdraw at any time.
  • Legitimate interest (Art. 6(1)(f)): security logging, abuse prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)): compliance with tax, accounting, and other applicable laws.

5. Data sharing

We share your data only with the following categories of third-party processors, strictly as needed to provide the Service:

  • Google LLC — Google Ads API for campaign management, and Google OAuth 2.0 for authentication.
  • Anthropic PBC / Google (Gemini) — AI providers for campaign generation and website analysis. Prompts containing your business profile and website content may be sent to these providers for inference.
  • Stripe, Inc. — payment processing.
  • Cloud infrastructure providers (e.g., Vercel, Fly.io) — hosting of the Service.

We do not share your data with advertisers, data brokers, or any other third parties for marketing purposes.

6. Data retention

We retain your account data, business profile, and campaigns for as long as your AdAutomate account is active. If you delete your account, we delete your personal data within 30 days, except for information we are legally required to keep (for example, invoices for accounting compliance — retained for up to 10 years under Bulgarian law).

OAuth refresh tokens are deleted immediately when you disconnect Google Ads from Settings or when you delete your account.

7. Your rights under GDPR

You have the right to: access your personal data; rectify inaccurate data; request deletion; restrict or object to processing; data portability; and withdraw consent. To exercise any of these rights, email r0under@hotmail.com and we will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Bulgaria, this is the Commission for Personal Data Protection (КЗЛД).

8. Data security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest for sensitive tokens (Fernet/AES-128), password hashing (bcrypt), access controls, and regular security updates. Despite these measures, no method of transmission over the Internet is 100% secure, so we cannot guarantee absolute security.

9. International transfers

Some of our processors (Google, Anthropic, Stripe, cloud providers) may process your data outside the European Economic Area, including in the United States. Such transfers rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms under GDPR Chapter V.

10. Children

AdAutomate is not directed at children under 16 and we do not knowingly collect personal data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at r0under@hotmail.com.