Privacy Policy

Last updated: 2026-04-19

1. Who we are

gadspilot is operated by Depredurand Nicolas, CEO LWS.fr, a French web hosting company. Hosted by LWS.fr (French) / LWS.net (English) — ISO 27001 certified infrastructure. Contact: ceo@lws.fr.

2. What data we collect

We collect the minimum data required to operate the service:

  • Account data: your name, email, hashed password.
  • Google OAuth tokens: access_token and refresh_token issued by Google for each Google Ads account you connect. These are encrypted at rest via Laravel's Crypt facade (AES-256-CBC).
  • Google Ads account metadata: customer ID, descriptive name, currency, timezone.
  • MCP tokens: the per-account UUID v4 tokens used to authenticate Claude.
  • Request logs: timestamp, MCP method (e.g. tools/call), tool name, success/error, duration. We do not log the actual data returned by the Google Ads API.
  • Write action logs: every write operation (real or dry-run) is logged with full parameters for audit purposes.

3. What we do NOT collect

  • We do not store the content of your Google Ads campaigns, ads, keywords, or performance data beyond what's needed to identify your accounts.
  • We do not use cookies for tracking. We use only essential cookies for session management and CSRF protection.
  • We do not run third-party analytics, advertising trackers, or fingerprinting.

4. Google API Services User Data Policy

gadspilot's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Data accessed via Google APIs is used only to provide the gadspilot service to you.
  • We do not transfer Google user data to third parties except when necessary to provide the service (e.g. forwarding tool responses to the Claude AI client you authorized).
  • We do not use Google user data for advertising or to build user profiles.
  • Humans do not read Google user data unless required for security investigations or legal compliance.

5. Data sharing

We do not sell or rent your data. Data is shared only:

  • With Google, when calling the Google Ads API on your behalf (using your OAuth token).
  • With the AI client (e.g. Claude.ai) you connect to gadspilot — and only the data your AI requests through MCP tool calls.
  • With our hosting provider — LWS.fr (French) / LWS.net (English), ISO 27001 certified, France — which stores the database file.

6. Data retention

  • Account data and OAuth tokens: kept until you delete your account.
  • OAuth authorization codes: deleted after use or 1 hour.
  • OAuth access tokens: kept until 7 days after expiration.
  • MCP request logs and account access logs: kept for 45 days, then automatically purged.

7. Security

We use industry-standard security practices: HTTPS-only, encrypted-at-rest OAuth tokens, hashed passwords (bcrypt), CSRF protection, OAuth 2.1 with PKCE for MCP authentication, per-account write toggles, and dry-run defaults on all write operations.

8. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access the data we hold about you (available in your dashboard).
  • Rectify inaccurate data.
  • Delete your account and all associated data (one-click in dashboard).
  • Export your data (contact us).
  • Lodge a complaint with the French data protection authority (CNIL).

9. Revoking Google access

You can revoke gadspilot's access to your Google Ads accounts at any time:

10. Changes to this policy

We may update this policy. Material changes will be communicated by email.

11. Contact

For privacy questions: ceo@lws.fr

Need help? Ask me 💬
Ask gadspilot
Free AI assistant · Try me