Google Ads con IARichiedi accesso
Richiedi accesso →
Privacy Policy

Privacy Policy

Privacy notice for Ads MCP pursuant to the EU General Data Protection Regulation (GDPR) 2016/679 and the Google API Services User Data Policy.

Last updated: April 2026

1. Data Controller

The Data Controller is Colibryx S.r.l., with registered office at Via Riccardo Felici 11, 37135 Verona, Italy, VAT number IT04901390239.

For any inquiry regarding the processing of personal data, you may contact the Data Controller at: info@colibryx.com.

2. Google User Data — What We Access

When you connect your Google account to Ads MCP via OAuth 2.0, the application may request access to the following types of data depending on the Google services you choose to connect:

a) Google Ads

Campaign data, ad group data, keywords, search terms reports, performance metrics (impressions, clicks, conversions, cost), conversion data and conversion actions, budget information, quality scores, auction insights, and account-level recommendations.

b) Google Analytics 4

Account and property summaries, report data (dimensions, metrics, funnels, real-time), key events (conversions), audiences, custom dimensions, and data stream configurations.

c) Google Tag Manager

Accounts, containers, tags, triggers, variables, workspace data, versions, and built-in variable configurations.

d) Google Search Console

Search analytics data (queries, pages, impressions, clicks, position), URL inspection results, sitemaps, and site verification status.

e) Google Business Profile

Location information, reviews, business hours, and business profile details.

3. How We Use Google Data

Data accessed through Google APIs is used exclusively for the following purposes:

  • Campaign management: creating, editing, pausing, and enabling Google Ads campaigns and their components.
  • Performance monitoring: retrieving and displaying campaign metrics, quality scores, and account health data.
  • Optimization: generating optimization proposals, detecting anomalies, and adjusting bidding strategies.
  • Reporting: producing performance reports, executive summaries, and cross-platform analytics.
  • Anomaly detection: identifying performance drops, budget issues, and disapproved assets.
  • A/B testing: creating and managing campaign experiments and comparing results.

Data is used ONLY for providing and improving user-facing features prominent in the application's user interface.

Google user data is:

  • NOT sold to third parties.
  • NOT used for advertising, retargeting, or serving ads.
  • NOT used to determine credit-worthiness or for lending purposes.
  • NOT used to train generalized artificial intelligence or machine learning models.

4. Data Storage and Security

  • OAuth tokens: encrypted using Fernet symmetric encryption and stored locally on the user's own machine. Tokens are never transmitted to or stored on Colibryx servers.
  • API data: processed in real-time within the user's local environment and not stored on Colibryx servers. All API calls are made directly from the user's local environment to Google APIs.
  • Encryption in transit: all communications with Google APIs use a minimum of 128-bit SSL/TLS encryption.
  • Security standards: the application follows enterprise-grade security practices including least-privilege OAuth scopes, server-side guardrails, and mandatory dry-run validation before any mutating operation.

5. Data Sharing and Transfer

Google user data accessed through Ads MCP is not shared with any third party, except in the following limited circumstances:

  • Legal requirements: when required by applicable law, regulation, legal process, or enforceable governmental request.
  • Security: to detect, prevent, or address fraud, security issues, or technical problems.
  • Merger or acquisition: in connection with a merger, acquisition, or sale of assets, in which case the successor entity will be bound by the same data protection obligations.

The following service providers may process limited data in connection with the Ads MCP website (not Google user data):

  • Cloudflare, Inc. — website hosting and CDN.
  • Twilio Inc. (SendGrid) — contact form email delivery only.
  • Google LLC — Google reCAPTCHA for spam protection on the website.

6. Data Retention and Deletion

  • Google API data: not retained. Data retrieved from Google APIs is processed in real-time and is not stored persistently by Ads MCP or Colibryx.
  • OAuth tokens: stored locally on the user's machine until the user revokes access. Users may revoke OAuth access at any time through their Google Account permissions page.
  • Contact form data: retained for a maximum of 24 months from submission, unless longer retention is required for legal or contractual obligations.
  • Deletion requests: users may request deletion of their data at any time by contacting info@colibryx.com.

7. User Rights and Controls

a) Revoking OAuth Access

You may revoke Ads MCP's access to your Google account at any time by visiting your Google Account permissions page, selecting Ads MCP, and clicking "Remove Access." This will immediately prevent any further access to your Google data.

b) Data Export and Deletion

You may request a full export or deletion of any personal data held by Colibryx by emailing info@colibryx.com. We will respond within 30 days.

c) Account Disassociation

You may request to disassociate your Google Ads accounts from Ads MCP at any time. We will process disassociation requests within 3 business days.

d) GDPR Rights

Under Articles 15–22 of the GDPR, you have the right to:

  • Access (Art. 15): obtain confirmation of processing and access your personal data.
  • Rectification (Art. 16): correct inaccurate or complete incomplete data.
  • Erasure (Art. 17): request deletion of your personal data where applicable.
  • Restriction (Art. 18): request restriction of processing under certain conditions.
  • Portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21): object to processing based on legitimate interest at any time.
  • Withdrawal of consent (Art. 7): withdraw consent at any time without affecting the lawfulness of processing based on consent given before withdrawal.

e) Supervisory Authority

If you believe your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma — www.garanteprivacy.it), pursuant to Art. 77 of the GDPR.

8. Google API Services User Data Policy Compliance

Ads MCP's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

9. Limited Use Disclosure

In accordance with Google's Limited Use requirements, Ads MCP adheres to the following restrictions on the use of Google user data:

  • We use Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface.
  • We transfer Google user data to others only if necessary to provide or improve user-facing features that are prominent in the application (with user consent), for security purposes, to comply with applicable laws, or as part of a merger, acquisition, or asset sale where the successor is bound by the same restrictions.
  • We do not allow humans to read Google user data unless: (a) the user has given affirmative agreement for specific data to be read (e.g., for customer support), (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required by applicable law, or (d) the data is aggregated and anonymized and used only for internal operations.
  • All other transfers, uses, or sales of Google user data are prohibited.

10. Human Access to Data

During normal operation, no human at Colibryx reads your Google user data. The application processes data programmatically between your local environment and Google APIs.

Exceptions to this are limited to:

  • Explicit user consent: if you request technical support and provide affirmative agreement for a Colibryx team member to view specific data to resolve your issue.
  • Security investigation: if required to investigate a security incident, fraud, or abuse affecting the application or its users.
  • Aggregated and anonymized data: data that has been fully aggregated and anonymized such that it cannot be associated with any individual user, used solely for internal operations and service improvement.

11. Cookies and Tracking

The Ads MCP website uses cookies and similar technologies. For detailed information about the cookies used, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

The website may use:

  • Google reCAPTCHA: to protect forms against automated abuse. reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.
  • Analytics cookies: with your consent, anonymous usage statistics may be collected to improve the website experience.

12. Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We are committed to seeking user consent before making material changes that affect how Google user data is processed.

We encourage you to review this page periodically to stay informed about our privacy practices.