Privacy Policy

Last updated: February 1, 2026

Introduction

PerfoAds (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Google Ads optimization platform and audit tools.

This policy applies to users worldwide, including those in the European Economic Area (EEA), United Kingdom, and other jurisdictions with data protection laws.

Data Controller

PerfoAds is the data controller responsible for your personal data. For any privacy-related inquiries, you can contact us at:

Email: privacy@perfoads.com
Support: contact@perfoads.com

Data We Collect

Account Information

  • Email address and name during registration
  • Encrypted password (we never store plain text passwords)
  • Optional business profile: company name, industry, goals

Google Ads Data

When you authorize via Google OAuth, we collect with read-only access:

  • Campaign structure and settings
  • Performance metrics (impressions, clicks, conversions, costs)
  • Keywords and ad creative content
  • Quality scores and optimization recommendations
  • Device and geographic performance data

Important: We have read-only access. We cannot modify your Google Ads campaigns without explicit user action.

Audit Tool Data

When you use the PerfoAds Audit tool, we additionally collect:

  • Website Content: We use Firecrawl, a third-party service, to extract and analyze content from website URLs you provide. This helps our AI understand your business context for personalized recommendations.
  • Landing Page Screenshots: We use ScreenshotAPI.net to capture visual screenshots of landing pages you specify for conversion rate optimization (CRO) analysis.
  • Audit Purchase Data: When you purchase audit credits, we process your transaction through Stripe. We store your purchase history and credit balance but never store your full payment card details.

Payment Information

Payment details are processed through Stripe (for audit credits) or LemonSqueezy (for subscriptions). We never store your full credit card information on our servers.

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Contract Performance (Article 6(1)(b))

Processing necessary to provide our services: account management, Google Ads data analysis, audit report generation, and payment processing.

Consent (Article 6(1)(a))

For optional analytics cookies and marketing communications. You can withdraw consent at any time.

Legitimate Interests (Article 6(1)(f))

For security monitoring, fraud prevention, service improvement, and customer support. We balance our interests against your rights and freedoms.

Legal Obligation (Article 6(1)(c))

To comply with tax, accounting, and other legal requirements.

How We Use Your Data

  • Display your campaigns and performance metrics in your dashboard
  • Generate AI-powered audit reports and recommendations via Anthropic's Claude
  • Analyze your landing pages for CRO opportunities
  • Send performance alerts and custom reports
  • Process payments and manage your account
  • Improve our services and develop new features

We DO NOT:

  • Sell your data to third parties
  • Train AI models on your specific data
  • Modify your Google Ads campaigns automatically
  • Share your Google Ads data for advertising purposes

Cookies and Tracking

We use cookies and similar technologies to operate our service. Here's what we use:

Essential Cookies (Required)

Session authentication, security tokens, and preferences. These are necessary for the service to function.

Analytics Cookies (Optional)

Google Analytics via Google Tag Manager helps us understand how users interact with our service. These cookies are only set with your consent.

Live Chat (Optional)

Tidio live chat widget may set cookies for customer support functionality. These are only loaded with your consent.

You can manage your cookie preferences at any time through our cookie consent banner or by contacting us.

Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Google Ads performance dataWhile account is active
Audit reportsIndefinitely (for your reference)
Sync logs30 days
Inactive OAuth connectionsDeleted after 90 days of inactivity
Audit logs1 year (for compliance)
Payment records7 years (legal requirement)

Third-Party Services

We use the following third-party services to operate PerfoAds:

Anthropic (Claude AI)

AI-powered analysis and recommendations. Data is processed in real-time and NOT permanently stored by Anthropic. Location: USA.

Firecrawl

Website content extraction for AI analysis. Data processed in real-time, not permanently stored. Location: USA.

ScreenshotAPI.net

Landing page screenshot capture for CRO analysis.

Supabase

Database hosting with AES-256 encryption. Location: USA (AWS us-east-1).

Render

Application hosting infrastructure. Location: USA (Oregon).

Stripe

Payment processing for audit credit purchases. PCI-DSS compliant.

LemonSqueezy

Subscription billing (no Google Ads data shared).

Tidio

Live chat and customer support. Only loaded with consent.

Google Analytics

Website analytics via Google Tag Manager. Only loaded with consent.

International Data Transfers

Your data may be transferred to and processed in the United States, where our servers and third-party providers are located. For users in the European Economic Area (EEA) and United Kingdom:

  • We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to the USA
  • Our processors (Supabase, Render, Anthropic, Stripe) maintain appropriate data protection agreements
  • We implement additional security measures including encryption in transit and at rest

You can request a copy of the safeguards we use by contacting privacy@perfoads.com.

Google API Compliance

PerfoAds's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We restrict data use to stated service features and explicitly prohibit: advertising purposes, generalized AI training, credit assessments, and data sales.

Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Secure session management with httpOnly cookies
  • CSRF protection on all state-changing operations

Your Rights

Depending on your location, you have the following rights regarding your personal data:

For All Users

  • Revoke Access: Disconnect your Google Ads account anytime from your dashboard or Google account settings
  • Delete Account: Request complete account deletion (processed within 30 days)
  • Data Export: Request a copy of your data in a portable format
  • Opt Out: Manage marketing email preferences through your dashboard

Additional Rights for EEA/UK Users (GDPR)

  • Right of Access: Request confirmation of whether we process your data and obtain a copy
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@perfoads.com. We will respond within 30 days.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EEA users, you can find your local authority at EDPB Member Authorities. For UK users, contact the Information Commissioner's Office (ICO).

Children's Privacy

PerfoAds is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

Contact Us

For privacy-related questions, data requests, or concerns:

Privacy Inquiries: privacy@perfoads.com
General Support: contact@perfoads.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform at least 30 days before they take effect. Continued use of PerfoAds after changes constitutes acceptance of the updated policy.