AdSherpa LogoAdSherpaBack to Home
Your Privacy Matters

Privacy Policy

Last Updated: January 8, 2025

AdSherpa is committed to protecting your privacy and handling your data with transparency and care.

Quick Navigation
1. Information We Collect2. How We Use Your Information3. Third-Party API Integration4. Google API Services5. Facebook/Meta API Services6. Data Storage & Security7. Data Sharing & Disclosure8. Your Rights & Choices9. Data Retention10. Children's Privacy11. International Data Transfers12. Contact Us

This Privacy Policy describes how AdSherpa ("we", "us", or "our") collects, uses, and shares your personal information when you use our website and services (collectively, the "Services"). By using AdSherpa, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password, and company information when you create an account
  • Payment Information: Billing details processed securely through our payment processor (Stripe)
  • Communications: Information you provide when contacting our support team
  • Report Content: Data you input when creating and customizing advertising reports

1.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Server logs including timestamps, errors, and system events
  • Cookies: Session cookies for authentication and preferences (see our Cookie Policy)

1.3 Information from Third-Party Services

  • Advertising Platform Data: Campaign metrics, performance data, and account information from Google Ads and Meta Ads (see sections 4 and 5 for details)
2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our reporting and analytics services
  • Report Generation: To fetch advertising data and generate AI-powered insights and recommendations
  • Account Management: To manage your account, process payments, and provide customer support
  • Communication: To send service updates, security alerts, and respond to inquiries
  • Analytics: To understand usage patterns and improve our platform's performance and features
  • Security: To detect, prevent, and address fraud, abuse, or security issues
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service
  • AI Processing: To power our AI chat assistant and generate strategic marketing insights using secure AI providers (Anthropic Claude, OpenAI)
3. Third-Party API Integration

AdSherpa integrates with third-party advertising platforms to fetch your campaign data and generate reports. We only access data that you explicitly authorize through OAuth authentication flows. We do not sell or share your advertising data with third parties for their own marketing purposes.

Important: Authorized Access Only

You maintain full control over what data we can access. You can revoke our access at any time through your Google and Facebook account settings.

Google4. Google API Services - Required Disclosures

Google API Services User Data Policy Compliance

AdSherpa's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Google Ads Data We Access

When you connect your Google Ads account, we access:

  • Campaign performance metrics (impressions, clicks, conversions, cost, ROAS)
  • Ad group and keyword-level data
  • Campaign structure and settings (names, status, budgets)
  • Account-level information (customer ID, account name)
  • Performance Max campaign asset group performance data

4.2 How We Use Google Ads Data

  • Report Generation: To create performance reports with AI-powered insights
  • Analytics: To analyze campaign performance and identify optimization opportunities
  • Recommendations: To provide strategic recommendations based on your campaign data
  • Chat Assistant: To answer your questions about your Google Ads performance

4.3 Limited Use Requirements

We comply with Google's Limited Use requirements:

  • We only use Google user data to provide and improve AdSherpa's reporting features
  • We do NOT transfer Google user data to third parties (except as required for service functionality)
  • We do NOT use Google user data for serving advertisements
  • We do NOT allow humans to read Google user data unless:
    • You give us explicit consent for specific support requests
    • Required for security purposes (e.g., investigating abuse)
    • Required to comply with applicable law
    • For internal operations with aggregated and anonymized data

4.4 Google OAuth Scopes

We request the following Google OAuth scopes:

  • https://www.googleapis.com/auth/adwords - Read and manage Google Ads data

4.5 Revoking Google Access

You can revoke AdSherpa's access to your Google Ads account at any time by:

Meta5. Facebook/Meta API Services - Required Disclosures

Meta Platform Policy Compliance

AdSherpa complies with Meta's Platform Terms and Platform Policy, including data use restrictions and user privacy requirements.

5.1 Meta Ads Data We Access

When you connect your Meta Ads account, we access:

  • Campaign, ad set, and ad performance metrics (impressions, clicks, conversions, spend, ROAS)
  • Campaign structure and settings (names, status, budgets, targeting)
  • Ad account information (account ID, account name, currency)
  • Insights and breakdowns (demographics, placements, devices)

5.2 How We Use Meta Ads Data

  • Report Generation: To create performance reports with AI-powered insights
  • Analytics: To analyze campaign performance across Facebook and Instagram
  • Recommendations: To provide optimization suggestions based on your ad performance
  • Chat Assistant: To answer your questions about your Meta Ads performance

5.3 Meta Data Use Restrictions

We comply with Meta's data use policies:

  • We only use Meta user data to provide AdSherpa's reporting and analytics services
  • We do NOT transfer Meta user data to advertising networks, data brokers, or other advertising or monetization-related services
  • We do NOT use Meta user data to build, improve, or supplement user profiles
  • We do NOT sell or license Meta user data
  • We store Meta data securely and delete it when no longer needed

5.4 Meta Permissions

We request the following Meta permissions:

  • ads_read - Read access to advertising accounts and data
  • ads_management - Read campaign structures and insights

5.5 Revoking Meta Access

You can revoke AdSherpa's access to your Meta Ads account at any time by:

  • Visiting your Meta Business Integrations settings: Facebook Settings
  • Removing AdSherpa from your connected integrations in your AdSherpa settings
6. Data Storage & Security

6.1 Data Storage

  • Your data is stored securely using Supabase (PostgreSQL database) with encryption at rest
  • Authentication data is managed using industry-standard security practices
  • Advertising platform credentials are stored using secure OAuth tokens, never passwords
  • Generated reports are stored in our database and can be deleted at your request

6.2 Security Measures

  • Encryption: All data in transit is encrypted using TLS/SSL
  • Access Controls: Role-based access controls and least-privilege principles
  • Authentication: Secure password hashing and optional two-factor authentication
  • Monitoring: Continuous monitoring for security threats and anomalies
  • Regular Audits: Periodic security assessments and vulnerability testing

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

7. Data Sharing & Disclosure

We may share your information in the following circumstances:

7.1 Service Providers

We share data with trusted third-party service providers who help us operate our platform:

  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and deployment
  • Stripe: Payment processing (we do not store credit card details)
  • Anthropic (Claude) & OpenAI: AI-powered insights and chat functionality

These providers are contractually obligated to protect your data and only use it for the purposes we specify.

7.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

7.4 With Your Consent

We may share your information for other purposes with your explicit consent.

We Never Sell Your Data

AdSherpa does not sell, rent, or trade your personal information or advertising data to third parties for their marketing purposes.

8. Your Rights & Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information in your account settings
  • Deletion: Request deletion of your account and associated data
  • Portability: Request an export of your data in a machine-readable format
  • Withdrawal of Consent: Revoke access to Google Ads and Meta Ads at any time
  • Object to Processing: Object to certain types of data processing
  • Opt-out of Marketing: Unsubscribe from marketing emails (service emails may still be sent)

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@adsherpa.com or through your account settings. We will respond to your request within 30 days.

9. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Advertising Platform Data: Cached for performance optimization, refreshed periodically, deleted when you disconnect the integration
  • Generated Reports: Retained until you delete them or close your account
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Log Data: Retained for 90 days for security and debugging purposes

After the retention period, data is securely deleted from our systems and backups.

10. Children's Privacy

AdSherpa is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure that appropriate safeguards are in place when transferring data internationally, including:

  • Using service providers that comply with GDPR and other data protection regulations
  • Implementing Standard Contractual Clauses (SCCs) where applicable
  • Ensuring data processing agreements are in place with all third-party processors
12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AdSherpa Privacy Team

Email: privacy@adsherpa.com

Support: support@adsherpa.com

We take privacy concerns seriously and will respond to all requests within 30 days.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through a prominent notice on our website
  • Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

GDPR & CCPA Rights

For EU/EEA Users (GDPR)

If you are located in the European Economic Area, you have additional rights under GDPR:

  • Right to be informed about data collection and use
  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling
  • Right to lodge a complaint with a supervisory authority

For California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your CCPA rights