TrustKit: Your client data stays private.
ppcopilot is read-only. We don't sell or share your data. You can revoke access anytime.
Built for agency owners + procurement teams
The 8 Commitments
Our promises to you—simple, clear, and non-negotiable.
You own your data
Your data stays yours. We just help you make sense of it.
We don't sell or share it
Your client data is never sold, rented, or shared with anyone.
We don't train AI on your data
Your account data is never used to train any AI models.
Read-only by default
Phase 1 is read-only. ppcopilot can't make changes to your campaigns.
You stay in control
We recommend, you decide. Every action is yours to take.
Support access is locked
We only access your data with your approval—and we log everything.
Revoke anytime
Remove access with one click. No hoops, no delays.
Delete on request
Request deletion and we remove your data within [5 business days].
What We Access
Transparency is key. Here's exactly what ppcopilot can and cannot see.
What we may access
- Account IDs and campaign structure
- Keywords and search terms (where available)
- Performance metrics (clicks, conversions, spend)
- Budgets and bidding settings needed for analysis
What we never access
- Your passwords
- Google billing instruments or credit cards
- Unrelated personal or business data
- Data from other platforms you haven't connected
How Your Data Flows
A simple, transparent process from connection to insight.
Connect
Link your Google Ads
Read data
We pull your metrics
Weekly recommendations
AI-powered insights
Client-ready report
Share with your team
Retention & Deletion
We keep only what's needed—and delete when you ask.
Performance metrics
Clicks, conversions, spend data
Recommendation history
Past suggestions and actions
Audit logs
Access and activity records
Delete on Request
Request deletion and we'll remove your data within [5 business days].
Who Can See What
Your data access is tightly controlled and fully transparent.
Full access
Gated access
Support can only access your account with your approval
Separate workspace per agency
Your data is isolated from other customers.
Internal access is limited
Only essential team members can view aggregated data.
Support access requires approval
We ask before accessing your specific account.
Access is time-bound + logged
Every access session is temporary and recorded.
Frequently Asked Questions
Answers to the questions we hear most from agency owners.
Still unsure?
Encryption
Data encrypted in transit (TLS 1.3) and at rest (AES-256). All connections use HTTPS.
Least privilege access
We request only the minimum permissions needed. No write access to your Google Ads accounts.
Audit logs
All access is logged with timestamps, user IDs, and actions. Logs retained for [12 months].
Secrets management
API keys and credentials stored in encrypted vaults. Never logged or exposed in code.
Backups & disaster recovery
Regular automated backups with point-in-time recovery. Geographically distributed infrastructure.
Incident response
Documented incident response procedures. Customer notification within [24 hours] of confirmed breach.
This information is provided for technical review. We do not claim specific certifications unless explicitly stated.
Get in Touch
Questions about security? We're here to help.
Change Log
Initial publication