AdsAgent / Privacy Policy

Privacy commitments for operators connecting AdsAgent to advertising accounts.

This policy describes what AdsAgent accesses, why the data is used, and how account owners can revoke access or request deletion. The public waitlist message spans Meta, Google Ads, TikTok, and related ad-operations workflows.

Last Updated: May 31, 2026

1. Information We Collect

Meta Ads and Facebook data

  • Account information: when you authenticate, AdsAgent may collect public profile details such as name, profile picture, and email address.
  • Advertising data: with ads_read and business_management, AdsAgent can access ad accounts, campaigns, ad sets, ads, and performance data such as spend and impressions.
  • Page data: with pages_read_engagement and pages_show_list, AdsAgent can access Facebook Pages and feed-level engagement signals used for review readiness.

1.2 Google Ads Data (Read-only Beta)

Google Ads authorization and reporting scope

The Google Ads integration is a read-only beta. AdsAgent reads account and reporting data to provide dashboards and agent-readable reports; it does not create, edit, or otherwise mutate Google Ads campaigns, budgets, or ads.

  • Google identity: with the OpenID Connect scopes, AdsAgent receives your email address, basic profile, and the OpenID subject identifier to establish your account.
  • Account hierarchy: manager (MCC) and customer account structure, including customer name, status, currency, and timezone.
  • Billing setup status: whether a connected account has billing configured.
  • Daily spend metrics: recent spend and related reporting metrics for connected accounts.
  • OAuth authorization: AdsAgent uses OAuth 2.0 and stores only the connection metadata and an encrypted refresh token needed to read on the account owner's behalf. The refresh token is encrypted at rest, held server-side, and is never exposed to MCP clients or the browser.

2. How We Use Your Information

The uses below describe AdsAgent across all connected platforms. Where a platform integration is read-only — currently the case for Google Ads — only the reporting and visualization uses apply to that platform.

  • Dashboard visualization: display ad account, page, and performance information inside AdsAgent.
  • Ad management and automation (non-Google platforms): on platforms where mutation is enabled (e.g. Meta), AdsAgent can support pause, monitoring, and account-intervention workflows when the operator has granted authorization. For Google Ads, the current beta is read-only — AdsAgent does not pause, edit, or otherwise change Google Ads campaigns. Any future Google Ads mutation capability would be introduced only in a clearly announced, separately-authorized phase.
  • Cross-platform reporting: combine authorized data sources into one operating view.
  • Service communication: send critical account-related notices when support or intervention is required.

3. Data Sharing and Disclosure

AdsAgent does not sell, trade, or otherwise transfer personally identifiable information, Meta Ads data, or Google Ads data to outside parties for unrelated commercial use.

Aggregate, non-identifying information may be used for operational analysis, but authorized account data remains tied to servicing the account owner.

4. Data Retention and Deletion

Remove Facebook data

  1. Go to Facebook Settings and open Apps and Websites.
  2. Find AdsAgent in the connected apps list.
  3. Choose Remove to revoke access.
  4. Email [email protected] or [email protected] to request full deletion from AdsAgent systems.

Retention of Google data: OAuth connection metadata, the encrypted refresh token, and read-only account, billing, and spend snapshots are retained while the connection is active and for up to 30 days after you revoke access or request deletion, after which they are deleted from AdsAgent systems (routine backups age out on the standard backup cycle). Revoking at myaccount.google.com/permissions stops further reads immediately.

5. Google API Services — Limited Use

AdsAgent's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • Google user data is used only to provide and improve the AdsAgent reporting features the user requested.
  • We do not sell Google user data, and do not use it for advertising profiles or unrelated commercial purposes.
  • We do not transfer Google user data to third parties except as necessary to provide the service, comply with law, or as part of a merger with appropriate notice.
  • Humans do not read Google user data except with the user's consent, for security/abuse/legal reasons, or where required and aggregated for internal operations.
  • In the read-only beta, no Google Ads data is mutated — the integration is reporting-only.

Our use also remains aligned with the Google Ads API terms and best-practices guidance.

6. Cookies and Similar Technologies

AdsAgent uses a small number of strictly-functional cookies to keep you signed in and to defend against cross-site request forgery. We do not run third-party advertising or analytics cookies on the public marketing site.

  • access_token, refresh_token — session cookies that prove a logged-in operator after Supabase authentication. Marked HttpOnly + Secure + SameSite=Lax.
  • csrf_token — a per-session token used to validate POST submissions on auth and waitlist forms.
  • signup_captcha_token — a 10-minute HMAC-signed token that holds the captcha challenge during signup.

Two different "tokens": the access_token / refresh_token cookies above are AdsAgent's own Supabase session cookies (they prove a logged-in operator) and are unrelated to Google. Your Google OAuth refresh token is not stored in any cookie — it is held server-side, encrypted at rest, and is never sent to the browser or to MCP clients. Clearing cookies signs you out of AdsAgent but does not by itself revoke Google access; revoke that at myaccount.google.com/permissions.

Disabling these cookies will prevent sign-in and form submission. Your browser settings let you remove them at any time.

7. Your Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to personal data adsagents LLC processes about you:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten") — request deletion of personal data we hold, subject to legal retention obligations.
  • Right to restrict processing — limit how we use your personal data while a request is being investigated.
  • Right to data portability — receive your personal data in a structured, machine-readable format and transmit it to another controller.
  • Right to object — object to processing where it is based on legitimate interests or used for direct marketing.
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint — with your local data protection authority.

Exercise any of these rights by emailing [email protected] with the subject "Privacy Rights Request" and the right you wish to exercise. We respond within thirty (30) days.

8. Your Privacy Rights (California — CCPA / CPRA)

California residents have the right to know what categories of personal information are collected, the purposes of collection, and the right to access, delete, correct, and limit the use of sensitive personal information. adsagents LLC does not sell or share personal information in the sense defined by the CCPA/CPRA, and does not engage in cross-context behavioral advertising on this marketing site.

To submit a verifiable consumer request, email [email protected] with the subject "California Privacy Request". You may designate an authorized agent in writing to make a request on your behalf. Exercising your rights will not result in discriminatory treatment.

9. International Data Transfers

adsagents LLC is established in Wyoming, USA, and may process personal data on infrastructure located in the United States or other jurisdictions. Where personal data of EEA, UK, or Swiss residents is transferred outside those regions, we rely on Standard Contractual Clauses or other lawful transfer mechanisms recognized by the relevant supervisory authority.

10. Children's Privacy

AdsAgent is a B2B service for advertising operators and is not directed at children. We do not knowingly collect personal data from anyone under 16 (or under 13 in the United States, per COPPA). If you believe a child has provided personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy as the service evolves or to reflect changes in law. Material changes will be communicated by email to the address on file or by in-product notice at least thirty (30) days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.