Privacy Policy
Effective date: April 23, 2026 · SyncMetrics (syncmetrics.io)
SyncMetrics connects your advertising accounts — Meta Ads (Facebook & Instagram), TikTok Ads, LinkedIn Ads, and Google Ads — to AI tools (Claude via MCP) and reporting tools (Data Studio), so you can analyse performance data in plain language. This policy explains what data we access, how we protect it, and your rights.
1. Information We Collect
Account Information
When you create an account we collect your email address and a hashed password. We never store your password in plain text.
Ad Platform Tokens All platforms
When you connect an ad account, we store the OAuth access token issued by that platform. All tokens are encrypted at rest using AES-256 (Fernet). We never store your platform password.
Ad Performance Data All platforms
We fetch campaign performance data (spend, impressions, clicks, CTR, CPC, CPM, ROAS, etc.) on your behalf when you request it. We do not permanently store this data. It is fetched live from the platform API and returned directly to you or your connected tool (Claude, Data Studio). Nothing is cached or retained after the response is delivered.
Usage & Technical Logs
Standard server access logs (IP address, endpoint called, HTTP status, timestamp) are retained for up to 30 days for security and debugging. These are not shared with third parties.
2. Permissions We Request
Meta Ads Meta
- ads_read — read your ad account campaign performance data (spend, impressions, clicks, etc.)
We request only the minimum permissions needed. We do not request permission to create, edit, or delete ads, or to post on your behalf.
TikTok Ads TikTok
- Advertising read access — read your advertiser account campaign, ad group, ad, and performance data (spend, impressions, clicks, conversions, etc.)
We request read-only access. We do not create, edit, or delete campaigns or post on your behalf.
LinkedIn Ads LinkedIn
- r_ads — read your ad account structure (campaign groups, campaigns, creatives)
- r_ads_reporting — read ad performance analytics (impressions, clicks, spend, engagement, etc.)
We request read-only reporting scopes only. We do not create, edit, or delete ads or post on your behalf.
Google Ads Google
- Google Ads read-only — read campaign, ad group, keyword, and performance data from your Google Ads account
Google API Services disclosure: SyncMetrics's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell, share, or transfer Google user data to third parties. Google user data is used solely to provide the SyncMetrics service to you and is never used for advertising, AI training, or any secondary purpose.
3. How We Use Your Data
- To authenticate you and manage your account
- To connect to Meta Ads, TikTok Ads, LinkedIn Ads, and Google Ads on your behalf using the permissions you granted
- To fetch and display your ad performance data in Claude (via MCP) and Data Studio (via our connector)
- To send transactional emails (account confirmation, password reset)
- To investigate security incidents and maintain service reliability
We do not: sell your data, use your ad data for advertising or profiling, share it with other users, or use it to train AI models.
4. Data Sharing
We share data only with the following sub-processors, solely to deliver the service:
- Supabase — database and authentication (data stored encrypted in their infrastructure)
- Render — server hosting (processes data to serve API requests)
- Meta (Facebook) — we call Meta's Marketing API on your behalf using your access token
- TikTok — we call the TikTok Marketing API on your behalf using your access token
- LinkedIn — we call the LinkedIn Marketing API on your behalf using your access token
- Google — we call Google Ads API on your behalf using your access token
We do not share your data with any other third parties. We do not sell data. We do not disclose data unless required by law.
5. Data Retention
- Account & tokens — retained until you delete your account or disconnect the platform
- Ad performance data — not stored; fetched live on each request
- Server logs — retained for up to 30 days, then automatically deleted
- Data Studio auth codes — single-use codes deleted immediately after exchange; expire after 5 minutes if unused
6. Data Deletion
You can delete your data at any time:
- Disconnect a platform — click "Disconnect" on your dashboard. Your access token is deleted immediately from our systems.
- Delete your account — email support@syncmetrics.io. All your data will be permanently deleted within 7 days.
- Via Meta (deauthorize) — removing SyncMetrics from your Facebook App Settings automatically triggers our deauthorize callback (
POST /deauthorize), which deletes your Meta access token from our systems immediately.
- Via Meta (full data deletion) — submitting a data deletion request through Facebook triggers our data deletion callback (
POST /data-deletion), which deletes your Meta token and all associated account settings. You can verify deletion status at syncmetrics.io/data-deletion.
- Via TikTok — remove SyncMetrics from your TikTok Ads Manager authorised apps, then email us to confirm full deletion of your TikTok token.
- Via LinkedIn — revoke access from your LinkedIn Permitted Services page, then email us to confirm full deletion of your LinkedIn token.
- Via Google — revoking access from your Google Account Permissions page. Email us to confirm full deletion.
7. Security
- All access tokens encrypted at rest with AES-256 (Fernet)
- All data transmitted over HTTPS/TLS
- Database Row Level Security (RLS) prevents any cross-user data access
- Ad performance data is never persisted — no risk of data breach for your campaign data
- OAuth state parameters and auth codes verified to prevent CSRF attacks
8. Cookies
We use only essential session cookies required for authentication. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
9. Children's Privacy
SyncMetrics is not directed at children under 16. We do not knowingly collect personal data from children.
10. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your data (see Section 6)
- Portability — request your data in a machine-readable format
- Withdraw consent — disconnect any platform at any time from your dashboard
To exercise these rights, email support@syncmetrics.io.
11. Changes to This Policy
We may update this policy. We will notify you by updating the "Effective date" above and, for material changes, by email. Continued use of the service after changes constitutes acceptance.
12. Contact
Questions or concerns about this policy:
📧 support@syncmetrics.io
🌐 syncmetrics.io