Privacy Policy

Last updated: May 28, 2026

1. Who we are

Digital Marketing Audit (“we”, “our”, “us”) provides a Model Context Protocol (MCP) connector that analyzes advertising account performance from within Claude. The connector is operated at ai.digital-marketing-audit.com and is part of the service available at https://digital-marketing-audit.com.

This policy explains what data the connector processes, why, and the choices you have. It covers data we handle as the connector operator. It does not cover Anthropic’s handling of your Claude usage, which is governed by Anthropic’s own privacy policy at https://www.anthropic.com/legal/privacy.

Contact: mert.dokumcu@digital-marketing-audit.com

2. Data we process

To deliver the connector, we may process:

  • Account identity data — used for sign-in and to link your activity to your account.
  • Subscription and billing status metadata — your plan, entitlement, and payment status. We do not store full payment card details; these are handled by our payment provider.
  • OAuth access and refresh tokens for connected advertising platforms (Google Ads and Meta Ads).
  • Ad account metadata and performance metrics — the campaign, ad set, keyword, spend, and conversion data needed to answer the connector tool requests you make.
  • Operational telemetry and error logs — technical records used to keep the service reliable and secure.

We only request and process the advertising data needed to fulfill the specific tool actions you trigger. We do not browse, copy, or retain advertising data beyond what is required to return a result.

3. Why we process data

We process data to:

  • Authenticate you and secure access to your account;
  • Execute the connector tools you request inside Claude;
  • Enforce subscription entitlements and keep each account’s data isolated from others;
  • Maintain reliability, security, fraud prevention, and incident response;
  • Meet legal and regulatory obligations.

Where the GDPR or similar laws apply, our legal bases are: performance of our contract with you (to provide the service), our legitimate interests (security, reliability, and preventing abuse), and compliance with legal obligations.

4. Authentication and tokens

  • Sign-in uses Google OAuth.
  • Connecting an advertising account uses OAuth to Google Ads and Meta Ads.
  • OAuth tokens are stored encrypted at rest and transmitted only over encrypted connections.
  • Tokens are used solely to fulfill the actions you request through the connector. We do not use them for any other purpose.
  • You can disconnect a platform or revoke access at any time through your account or directly in your Google or Meta account security settings. Revoking access invalidates the stored tokens.

Google API Services Limited Use disclosure

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the connector’s user-facing features, do not transfer or sell it for advertising or other unrelated purposes, and do not allow humans to read it except where you explicitly consent, where required for security or to comply with law, or where the data has been aggregated and anonymized.

Meta Platform data

Data obtained through Meta Ads is used only to provide the connector features you request, in accordance with Meta’s Platform Terms and developer policies.

5. Data sharing

We do not sell personal data.

We share data only with subprocessors that are strictly required to operate the service:

  • Google Cloud Platform — cloud hosting, compute, and database infrastructure.
  • [Payment provider — confirm and name, e.g. Stripe] — subscription billing and payment processing.

These subprocessors process data only on our instructions and under contractual confidentiality and security obligations. We will keep this list current as our providers change.

6. Data retention

We retain data only as long as needed for service operation, legal obligations, and security purposes. Our standard retention periods are:

  • Session records: deleted on sign-out or after 30 days of inactivity.
  • OAuth connection records: retained while the connection is active, and deleted within 30 days after you disconnect the platform or close your account.
  • Operational and error logs: retained for up to 90 days, then deleted or anonymized.

When you delete your account, we delete or anonymize associated personal data within 30 days, except where we are required to retain certain records to meet legal or security obligations.

7. Security controls

We apply technical and organizational controls including:

  • HTTPS/TLS encryption for all data in transit;
  • Encryption at rest for sensitive tokens and credentials;
  • Access controls and least-privilege permissions;
  • Per-account data isolation;
  • Monitoring, logging, and incident response procedures.

No system is perfectly secure, but we work to protect your data using industry-standard practices.

8. Your rights and requests

Depending on where you live, you may have the right to access, correct, delete, restrict, or export your personal data, and to object to certain processing. You may also withdraw consent for connected platforms at any time by disconnecting them.

To make a request, contact us at privacy@digital-marketing-audit.com. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

9. International transfers

We may process and store data in locations outside your country, including in connection with our cloud infrastructure. Where data is transferred across borders, we rely on appropriate safeguards required by law, such as the European Commission’s Standard Contractual Clauses.

10. Children’s data

The service is intended for business users and is not directed to individuals under 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy from time to time. The current version is always published at this URL, and the “Last updated” date above reflects the most recent change. Material changes will be communicated where required by law.