AskYourAds.app
Sign in

Privacy Policy

Effective date: April 28, 2026

AskYourAds.app (“us”, “we”, or “our”) operates the AskYourAds application (hereinafter referred to as the “Service”). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1. Definitions

  • Service: The AskYourAds.app application.
  • Personal Data: Data about a living individual who can be identified from those data.
  • Usage Data: Data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Cookies: Small files stored on your device (computer or mobile device).

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Cookies and Usage Data
  • Email / Google Profile Information

Data Processing & Data Deletion

We store OAuth tokens, account identifiers, and encryption metadata provided by you to be able to access ad platform APIs (Google Ads, Meta, Google Analytics 4) in order to fetch performance data for your reports. You can disconnect your accounts at any time, which will remove the associated tokens from our vault.

If you want us to delete all of your data completely, please contact us at support@askyourads.app.

3. Data Sharing, Subprocessors, and Disclosure

We do not sell, rent, or share Google user data, Meta user data, or any personal information with third parties for advertising, marketing, or model-training purposes. Any data collected is used only to deliver the in-product features you invoke.

To run the Service we rely on the following subprocessors. Each receives only the data needed for the role described, and only while you are actively using the Service:

  • Google Cloud Platform — application hosting (Cloud Run), database and vector search (Firestore), encryption-key storage (Secret Manager), and storage of generated assets such as CSV exports and PowerPoint decks (Cloud Storage). All in Google Cloud's European regions.
  • Google Vertex AI (Gemini) — language-model inference on the prompts you send and on the API responses we fetch on your behalf, in order to produce your answer and chart. Per the Vertex AI customer-data terms, your prompts and responses are not used to train Google's foundation models.
  • Google Ads API, Meta Marketing API, and Google Analytics Data API — these are the platforms we fetch your data from on your behalf, using the OAuth tokens you authorized. We do not transmit data to them beyond the read-only queries needed to retrieve your reports.

We do not transfer Google user data to any other application, third party, or human reader, except (a) as strictly required to deliver an in-product feature you have invoked, (b) to comply with applicable law or a binding legal request, or (c) to investigate fraud, abuse, or a security incident. We do not share or transfer Google user data to AI / ML model training pipelines.

All processing and storage happen in Google Cloud's European regions (europe-west4 for compute and Vertex AI; Firestore multi-region eur3).

4. Limited Use of Google User Data

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

In addition, AskYourAds.app's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies. However, if you do not accept cookies, you may not be able to use some portions of our Service.

6. Use of Data

AskYourAds.app uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To allow you to participate in interactive features
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues

7. Security of Data

The security of your data, and in particular of any Google user data we hold, is important to us. We protect it with the following mechanisms:

  • Encryption at rest. OAuth access and refresh tokens are encrypted with Fernet (AES-128-CBC + HMAC-SHA256) using a key stored in Google Secret Manager before they are written to Firestore. All other data at rest (chat history, account metadata, custom-conversion catalogue, generated CSVs and decks) is encrypted by Google Cloud at rest with AES-256 by default.
  • Encryption in transit. All traffic between you, our service, Google Cloud, and every third-party API uses TLS 1.2 or higher.
  • Access controls. Firestore security rules block all client-side reads of the encrypted OAuth-token subcollection (allow read, write: if false). Tokens are decrypted only server-side, in-process, at request time, by the application's Admin SDK service account.
  • Secret and key management. Encryption keys, OAuth client secrets, ad-platform developer tokens, and session-signing keys live in Google Secret Manager and are injected into the runtime at container start. They never enter source control or container images.
  • Authentication for deploys. Our continuous deployment uses GitHub's Workload Identity Federation against per-environment Google Cloud service accounts; no long-lived service-account JSON keys are issued or stored anywhere.
  • Environment isolation. Production data lives in a dedicated Google Cloud project (askyourads-prod) separate from development (askyourads-dev); IAM is scoped per project so a development credential cannot read production data.
  • Token vault hardening. Decryption of OAuth tokens with a mismatched key returns null rather than raising, so a key-rotation event degrades gracefully into a re-link prompt instead of leaking error details about the cipher state.

No method of transmission over the Internet or method of electronic storage is 100% secure; while we apply industry-standard protections, we cannot guarantee absolute security.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us: