← Back to home

Privacy Policy

Last updated: 2026-03-17

This Privacy Policy describes how Adswave (“we”, “us”, or “our”) collects, uses, stores, and protects your information when you use our web application at adswave.io and related services (the “Service”).

Data controller

The data controller is Adswave, operated as a sole proprietorship (Egyéni Vállalkozó) registered in Budapest, Hungary. Tax ID: 57251697-1-41. You can reach us at albertbalazshendrich@gmail.com.

Information we collect

Account information

When you sign up we collect your email address and display name. If you sign in via Google we receive your name, email, and profile picture from Google.

Connected advertising platform data

When you connect Google Ads or Meta Ads via OAuth, we receive an access token and a refresh token. We use these tokens to query advertising data on your behalf in real time (campaign metrics, keyword and search-term reports, creative asset information, and account structure). This data is not stored on our servers – it is fetched from the platform APIs at the time you view it and returned directly to your browser. We do not modify, create, or delete campaigns or other objects in your advertising accounts unless you explicitly trigger such an action.

Usage and diagnostic data

We collect anonymised error reports (via Sentry) and basic usage telemetry to maintain reliability and improve the Service. We do not collect personally identifiable information in these reports.

Payment information

Payments are processed by Stripe. We do not store credit card numbers or bank account details. Stripe may collect information as described in Stripe’s Privacy Policy.

How we use your data

  • To provide, operate, and maintain the Service’s features (budget pacing, campaign analysis, keyword audits, creative insights, etc.).
  • To authenticate your identity and manage sessions.
  • To process payments and manage your subscription via Stripe.
  • To send transactional emails (e.g. invitation links).
  • To monitor and improve performance, security, and reliability.
  • To comply with legal obligations.

Google API Services User Data Policy

Adswave’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the data necessary to provide the features you use.
  • We do not sell, rent, or share Google user data with third parties for advertising, data brokering, or any purpose unrelated to the Service.
  • We do not use Google user data to build user profiles for advertising or to serve ads.
  • We only retain Google user data as long as necessary to provide the Service to you. You may revoke access at any time.
  • Access to Google user data is limited to the features described in this policy and is not transferred to other applications.

Legal basis for processing

We process your personal data on the following legal grounds under the GDPR:

  • Contract – processing necessary to provide the Service you signed up for (Art. 6(1)(b)).
  • Consent – when you explicitly grant access to your Google Ads or Meta Ads account via OAuth (Art. 6(1)(a)). You may withdraw consent at any time by disconnecting the integration.
  • Legitimate interest – error monitoring, security, and service improvement, where our interests do not override your rights (Art. 6(1)(f)).
  • Legal obligation – where we are required to retain or disclose data by applicable law (Art. 6(1)(c)).

Data sharing

We do not sell your personal data. We share data only with the following categories of service providers, and only to the extent necessary to operate the Service:

  • Google Cloud Platform – hosting, database, and secret management.
  • Firebase (Google) – authentication and identity.
  • Stripe – payment processing.
  • Sentry – error monitoring (anonymised).

We may also disclose information if required by law, regulation, or legal process.

Data retention

We retain your account data for as long as your account is active. Advertising platform data (campaign metrics, keywords, creative assets, etc.) is not stored on our servers – it is queried in real time from the platform APIs and never persisted. OAuth tokens are deleted immediately when you disconnect an integration. If you delete your account, all associated personal data (account info, tokens, organisation settings) is permanently removed within 30 days, except where retention is required by law.

International data transfers

Our infrastructure is hosted on Google Cloud Platform, which may process data in regions outside the European Economic Area (EEA). Where data is transferred outside the EEA, we rely on Google’s Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure an adequate level of protection as required by the GDPR.

Security

We take commercially reasonable measures to protect your data. OAuth tokens are encrypted at rest using Google Cloud Secret Manager. All traffic between your browser and our servers is encrypted via TLS. Access to production systems is restricted and audited.

Cookies and local storage

Adswave uses localStorage in your browser to store your authentication token and user preferences. We do not use third-party tracking cookies. Firebase may set a small number of first-party cookies for authentication purposes.

Your rights (GDPR & applicable law)

If you are located in the European Economic Area or in a jurisdiction with similar data-protection laws, you have the following rights:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – ask us to correct inaccurate data.
  • Erasure – ask us to delete your data (“right to be forgotten”).
  • Restriction – ask us to restrict processing while we verify your request.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interest.
  • Withdraw consent – where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

Third-party links

The Service may contain links to third-party websites or services (e.g. Google Ads, Meta Business Suite, Stripe). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

Children’s privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by placing a prominent notice in the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or wish to exercise your data-protection rights, please contact us at albertbalazshendrich@gmail.com.