Data Processing Agreement
How PPC Copilot processes your Google Ads data on your behalf.
Last updated: January 2026
This Data Processing Agreement ("DPA") forms part of the agreement between you and PPC Copilot. It describes how we process personal data on your behalf when you use our read-only Google Ads copilot service.
This DPA is designed to help agencies meet their GDPR and other data protection obligations when using PPC Copilot for AI-powered Google Ads recommendations and reporting.
Data Controller & Processor Roles
You are the Data Controller
You (the customer or agency) are the data controller. You decide what Google Ads data to share with PPC Copilot and how your client data should be handled.
PPC Copilot is the Data Processor
PPC Copilot acts as a data processor. We process your Google Ads data only according to your instructions and for the purposes described in our service agreement.
Defined processing purposes
We process your data solely to provide the PPC Copilot service: generating weekly AI-powered recommendations and client-ready branded reports based on your Google Ads account data via read-only access.
Authorized Sub-Processors
Current sub-processors
PPC Copilot uses a limited number of vetted sub-processors to deliver the service. All sub-processors are bound by data protection requirements equivalent to this DPA.
Sub-processor list
Cloud hosting: [Provider name - placeholder] Analytics: [Provider name - placeholder] Email delivery: [Provider name - placeholder] Contact us at support@ppcopilot.com for the current, complete list of sub-processors.
Sub-processor change notification
We will notify you of any changes to our sub-processors at least 30 days before the change takes effect, giving you adequate time to review and object if needed.
Technical & Organizational Security Measures
Data protection standards
PPC Copilot implements appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, strict access controls, and regular security reviews.
Access controls and monitoring
Access to your Google Ads data is limited to authorized PPC Copilot personnel who require it to provide the service. All access is logged, monitored, and auditable.
Breach notification and incident response
PPC Copilot maintains procedures to detect, respond to, and report data breaches. We will notify you of any breach affecting your data within 72 hours of becoming aware, in accordance with GDPR requirements.
Data Subject Rights Under GDPR
PPC Copilot will assist you in responding to requests from data subjects exercising their rights under GDPR, including access, rectification, erasure, and data portability requests.
If we receive a data subject request directly, we will promptly notify you and await your instructions before taking any action.
Data Deletion Upon Termination
Upon termination of your PPC Copilot subscription or upon your written request, we will delete all personal data we process on your behalf within 30 days, unless retention is required by applicable law.
You can request immediate data deletion at any time by contacting support@ppcopilot.com.
Questions About PPC Copilot Data Processing?
If you have any questions about this DPA or PPC Copilot data processing practices, please contact us:
Email: legal@ppcopilot.com
For security-related questions, please email security@ppcopilot.com