Privacy Policy

Last updated: 27 February 2026

AdLeak (“we”, “us”, “our”) is a free advertising audit tool for Google Ads and Meta Ads, operated by GrowthPartners, a performance marketing agency based in Coimbatore, India. This policy explains what data we collect, why, how we protect it, and your rights regarding your data.

1. Data we collect

Information you provide

  • Email address (required) — to send your audit report
  • Name (optional) — to personalise communications
  • Company name (optional) — to understand your business context
  • WhatsApp number (optional) — to send your audit report on WhatsApp

Google Ads data (read-only)

When you connect your Google Ads account, we request read-only access through Google’s official OAuth 2.0 flow. We cannot edit, pause, or modify anything in your account. Specifically, we access:

  • Account name and currency
  • Campaign performance data (spend, clicks, impressions, conversions) for the last 30 days
  • Search terms with zero conversions (to identify waste)
  • Keyword performance data
  • Daily spend trends

We do not access your billing information, payment methods, personal Google account data, or any data outside Google Ads.

Meta Ads data (read-only)

When you connect your Meta (Facebook) Ads account, we request read-only access through Facebook’s official OAuth 2.0 flow using the ads_read permission. We cannot edit, pause, create, or modify anything in your account. Specifically, we access:

  • Ad account name and currency
  • Campaign, ad set, and ad performance data (spend, impressions, clicks, conversions) for the last 30 days
  • Creative performance and waste analysis
  • Placement and demographic breakdowns
  • Daily spend trends

We do not access your personal Facebook profile data, messages, friends list, or any data outside your ad accounts. Your Meta access token is stored securely and automatically expires after 60 days.

Automatically collected data

We collect standard server log data (IP address, browser type, referring URL) that is automatically transmitted when you visit our site. We also use the Meta Pixel which may collect device identifiers and browsing activity on our site (see Section 8 for details).

UTM parameters

If you arrive via a marketing link, we may capture UTM parameters (source, medium, campaign) to understand which channels bring users to AdLeak.

2. How we use your data

  • Generate your audit report — your Google Ads data is analysed to produce a health score, waste analysis, and recommendations.
  • Deliver the report — via email and WhatsApp (if you provided a number).
  • Follow-up communications — we send up to 2 follow-up messages after your audit: a waste breakdown (after 36 hours) and action tips (after 5 days). You can unsubscribe from any email.
  • Measure advertising effectiveness — the Meta Pixel helps us understand which of our ads lead to audit completions.
  • Improve the product — aggregated, anonymised metrics help us improve audit accuracy.

We do not sell, rent, or trade your personal data or Google Ads data to any third party.

3. Lawful basis for processing

We process your data on the following legal bases:

  • Consent — when you submit your email and connect your Google Ads account, you consent to us processing your data to generate and deliver your audit report.
  • Legitimate interest — to send limited follow-up communications related to your audit, improve our service, and measure advertising effectiveness. You can opt out at any time.
  • Contract performance — to deliver the audit service you requested.

4. Data retention

We retain different types of data for different periods:

Data typeRetention period
Raw Google Ads data (campaigns, keywords, search terms)Deleted within 30 days of audit completion
Google OAuth refresh tokenDeleted within 30 days of audit completion, or immediately upon revocation
Meta (Facebook) access tokenAutomatically expires after 60 days, or deleted immediately upon revocation via Facebook settings
Raw Meta Ads data (campaigns, creatives, placements)Deleted within 30 days of audit completion
Audit report (health score, recommendations, summary metrics)Retained until you request deletion, so your report link remains accessible
Contact information (email, name, company, phone)Retained until you request deletion or unsubscribe
UTM and campaign source dataRetained for 12 months
Server logsRetained for 30 days

You can request deletion of all your data at any time (see Section 7).

5. Data storage & security

Your data is stored securely using:

  • Supabase (PostgreSQL) — hosted on AWS with encryption at rest and in transit
  • Google OAuth tokens are stored encrypted and used only to pull your audit data
  • Vercel — for hosting the application with HTTPS on all connections

All data is processed on servers located in the United States (AWS/Vercel). If you are located outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place through our service providers’ data processing agreements.

6. Third-party services

We share data with the following service providers solely to operate AdLeak. We do not sell data to any third party.

Google Ads API — to read your advertising data (governed by Google Ads API Terms)
Supabase — database hosting (Supabase Privacy Policy)
Resend — email delivery; receives your email address to send audit reports and follow-ups (Resend Privacy Policy)
Meta Marketing API — to read your Meta Ads data when you connect your ad account (governed by Meta Platform Terms)
Meta Pixel — advertising measurement; may receive device identifiers and page activity (Meta Privacy Policy)
Vercel — application hosting (Vercel Privacy Policy)

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Revoke Google access — go to myaccount.google.com/permissions, find AdLeak, and click Remove. We lose access immediately.
  • Revoke Meta (Facebook) access — go to Facebook Business Integrations, find AdLeak, and remove it. Your data will be automatically deleted from our systems.
  • Request data deletion — email us at connect@growthpartners.agency and we will delete all your data within 7 business days.
  • Access your data — request a copy of all personal data we hold about you.
  • Rectification — request correction of inaccurate personal data.
  • Restrict processing — ask us to limit how we use your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
  • Unsubscribe — every email includes an unsubscribe link. You can also reply “STOP” on WhatsApp.
  • Lodge a complaint — you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email connect@growthpartners.agency. We will respond within 30 days.

8. Cookies & tracking

Essential cookies: We use minimal session-related data during the Google OAuth flow. These are necessary for the service to function and cannot be disabled.

Meta Pixel: We use the Meta (Facebook) Pixel for advertising measurement. The pixel may collect:

  • Pages you visit on adleak.io
  • Actions you take (e.g., starting an audit)
  • Device and browser identifiers (IP address, user agent, device ID)
  • Facebook cookie data (if you are logged into Facebook)

This data is sent to Meta and governed by Meta’s Privacy Policy. You can opt out of Meta’s tracking by:

We do not use Google Analytics or any other third-party analytics tools.

9. Google API Services — Limited Use Disclosure

AdLeak’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google Ads data to provide the audit service you requested.
  • We do not transfer Google Ads data to third parties except as necessary to provide the service (e.g., storing your report in our database).
  • We do not use Google Ads data for serving advertisements.
  • We do not allow humans to read your Google Ads data unless you give explicit consent, it is needed for security purposes, or it is required by law.

9b. Meta Platform Terms

AdLeak’s use of data received from Meta (Facebook) APIs complies with the Meta Platform Terms and Developer Policies. Specifically:

  • We only use Meta Ads data to provide the audit service you requested.
  • We do not transfer Meta Ads data to third parties except as necessary to provide the service.
  • We do not use Meta Ads data for advertising, profiling, or selling.
  • We support Meta’s data deletion callback — when you remove AdLeak from your Facebook settings, your data is automatically deleted.
  • Your Meta access token expires automatically after 60 days and is not renewed without your explicit re-authorisation.

10. Shareable reports

Each audit generates a unique report link that you can share with others. Publicly shared reports show your health score and summary metrics, but campaign names, keywords, and detailed recommendations are blurred. Only you see the full report when logged in.

11. International data transfers

AdLeak is operated from India. Our service providers process data in the United States. If you are located in the European Economic Area (EEA), United Kingdom (UK), or other jurisdictions with data transfer restrictions, your data will be transferred internationally. We rely on our service providers’ standard contractual clauses and data processing agreements to ensure appropriate safeguards.

12. Regional privacy rights

European Economic Area & United Kingdom (GDPR)

If you are in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR) including access, rectification, erasure, restriction, portability, and the right to object. Our lawful bases for processing are set out in Section 3. To exercise your rights or lodge a complaint, contact us at connect@growthpartners.agency or contact your local supervisory authority.

India (Digital Personal Data Protection Act, 2023)

If you are in India, you have rights under the DPDP Act including the right to access, correction, erasure, and grievance redressal. We process your data based on your consent, which you may withdraw at any time by emailing us. Our Grievance Officer can be reached at connect@growthpartners.agency.

California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, email connect@growthpartners.agency.

13. Children’s privacy

AdLeak is a business tool for advertisers. We do not knowingly collect data from anyone under 18 years of age. If we learn that we have collected data from a child, we will delete it promptly.

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will reflect changes. For significant changes, we will notify you by email.

15. Contact us

If you have questions about this privacy policy, your data, or wish to exercise any of your rights, contact us:

GrowthPartners

Coimbatore, Tamil Nadu, India

Email: connect@growthpartners.agency

For data protection inquiries and grievance redressal, the same email address serves as our data protection contact point.