Privacy Policy — Gruntwerx

Gruntwerx is a platform that helps you manage your ad accounts using AI. This privacy policy explains how we collect, use, and protect your information.

1. Information We Collect

Facebook / Meta

When you connect your Meta Ads account, we access:

Your Facebook profile information (name, email, profile ID) for authentication
Meta Ads account data including campaigns, ad sets, ads, performance metrics, and creatives
OAuth access tokens and refresh tokens to interact with the Meta Ads API on your behalf

We do not access your Facebook passwords or private messages.

Google

When you connect your Google Ads account, we access:

Your Google account information (name, email) for authentication
Google Ads data including campaigns, performance metrics, keywords, and ad groups
OAuth access tokens and refresh tokens to interact with the Google Ads API on your behalf

We do not access your Google passwords or other Google services.

Account Information

When you sign up, we collect your email address and a password (stored in hashed form — we never store or see your plain-text password).

Payment Information

If you subscribe to a paid plan, payment data is collected and processed by Stripe. We do not store credit card numbers on our servers.

2. How We Use Your Data

Your data is used for:

Authentication — Verifying your identity and managing your account
Ad account access — Connecting to your ad platforms and serving data through our MCP server
AI analysis — Enabling AI assistants (like Claude via MCP) to query and manage your ad accounts
Transactional emails — Sending email verification and account-related notices
System improvement — Maintaining security and fixing bugs

Your data is never sold, shared with third parties for marketing purposes, or used beyond the scope described here.

3. Data Sharing

Your information is only shared with services necessary to operate the platform:

Meta and Google — API requests made on your behalf using your OAuth tokens
AI systems — Data is passed to AI assistants (via MCP) only when you initiate a connection using your API token
Internal services necessary to operate the platform, including database hosting, email delivery, application hosting, and payment processing

All data transmission uses encrypted connections. We may also disclose information if required by law.

4. Google API Limited Use Disclosure

Gruntwerx's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we commit to the following:

Limited Use:We only use Google user data to provide and improve the user-facing features that are prominent in our application's user interface. We do not use Google user data for serving advertisements, including retargeting, personalized or interest-based advertising.
No Sale of Data: We do not sell Google user data to third parties.
No Use for Credit Assessment: We do not use Google user data for determining creditworthiness or for lending purposes.
Restricted Transfer: We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets with user notice.
No Human Reading Without Consent:We do not allow humans to read Google user data unless we have the user's affirmative agreement, it is necessary for security purposes, to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized.

What Google Ads Data We Access

Campaign information (names, status, budgets, bidding strategies)
Ad group and ad creative data
Performance metrics (impressions, clicks, conversions, costs)
Keyword and targeting information
Account structure and settings

How We Use Google Ads Data

To display your campaign data within the Gruntwerx interface
To enable AI-powered analysis and recommendations for your campaigns
To generate reports and insights about your advertising performance

How We Store Google Ads Data

OAuth tokens are stored securely with industry-standard encryption to maintain your connection
Campaign data may be temporarily cached to improve performance but is not stored long-term
You can revoke access at any time through your Google Account permissions

5. Data Storage and Security

OAuth access tokens are stored with industry-standard encryption
Passwords are hashed and never stored in plain text
All connections use HTTPS/TLS encryption
Sessions use signed JSON Web Tokens (JWT) with expiration
Campaign data may be temporarily cached but is not stored long-term without your consent

6. Your Rights

You can:

Revoke access — Disconnect your Meta or Google accounts at any time from the dashboard, or revoke permissions directly in your Meta/Google account settings
Delete your account — Request complete deletion of your account and associated data
Request your data — Ask for a copy of the personal data we hold about you
Revoke API tokens — Revoke any MCP API tokens at any time from the dashboard

To exercise these rights, contact us at john@gruntwerx.ai.

7. Data Deletion

When you connect your Meta (Facebook) account, we persist the following data:

Your Facebook profile information (name, email, profile ID)
OAuth access tokens used to interact with the Meta Ads API

Ad account data (campaigns, ad sets, ads, performance metrics) is accessed via the API in real time and may be temporarily cached but is not stored long-term.

How to Request Deletion

You can request deletion of your data in two ways:

From the dashboard — Disconnect your Meta account to immediately revoke your OAuth tokens
By email — Contact us at john@gruntwerx.ai to request complete deletion of your account and all associated data

What Happens After Deletion

Your OAuth access tokens are revoked immediately
Your profile information is removed within 30 days
Any API tokens associated with your account are invalidated
Any temporary caches of ad data are cleared

You can also revoke Gruntwerx's access directly from your Facebook App Settings.

8. Cookies

We use essential cookies only:

A session cookie (JWT) to keep you signed in
A temporary OAuth state cookie used during Meta/Google authorization (deleted after the flow completes)

We do not use analytics, advertising, or third-party tracking cookies.

9. Third-Party Services

Our Service integrates with third-party platforms. We encourage you to review their privacy policies:

10. AI and Model Training

As of today, we do not use customer content or connected advertising data (including Meta Ads and Google Ads data) to train AI models for product improvement. If we introduce features that benefit from learning across accounts, we will provide advance notice and an account-level opt-out before using customer content for that purpose. You can opt out at any time via settings or by contacting us at john@gruntwerx.ai. We honor deletion requests, including removal of derived training artifacts where feasible. For hosted LLM providers, we send only what's necessary and configure privacy-preserving/no-training settings where available.

Note regarding Google user data:Consistent with Google's Limited Use requirements, we do not use Google user data for training machine learning or AI models, except for models personalized to you that do not transfer data to third parties.

11. Children's Privacy

The Service is not directed to anyone under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. If significant changes are made, we will notify users via in-app messaging or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this privacy policy or to exercise your data rights, contact us at:

Gruntwerx
Email: john@gruntwerx.ai