AdClaw← Back to home

Privacy Policy

Last updated: February 2026

1. Who we are

AdClaw ("we", "us", "our") is a Google Ads intelligence service delivered via Telegram. We help advertisers analyze their Google Ads account data through an AI-powered chat interface. Our website is adclaw.chat.

2. Google User Data — Access, Use, Storage & Sharing

AdClaw's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 What Google data we access

  • Google account profile — your email address, name, and profile picture (via Google Sign-In with openid, email, and profile scopes).
  • Google Ads account data — campaign metrics, search terms, keywords, ad groups, geographic data, device data, demographic data, quality scores, change history, auction insights, and landing page performance (via the Google Ads API with the https://www.googleapis.com/auth/adwords scope). This scope grants read-only access — we cannot modify your campaigns, budgets, or ads.
  • OAuth refresh token — issued by Google during authorization, used to fetch your ads data on your behalf without requiring you to re-authenticate.

2.2 How we use Google data

  • To authenticate you and create your AdClaw account.
  • To fetch your Google Ads data in real time when you ask a question via Telegram — for example, "How did my campaigns perform yesterday?"
  • To pass the fetched data to Anthropic's Claude AI so it can generate a human-readable analysis and answer your question.
  • We do not use Google user data for advertising, market research, or to build user profiles.
  • We do not use Google user data for any purpose other than providing and improving the AdClaw service.

2.3 How we store Google data

  • OAuth refresh token — encrypted at rest using AES-256-GCM and stored in our Cloudflare D1 database. The encryption key is stored as a separate environment secret, not in the database.
  • Google profile data — your email, name, and Google ID are stored in our database to maintain your account.
  • Google Ads metricsnot stored. Campaign data, search terms, keywords, and all other Google Ads metrics are fetched in real time, used to generate a response, and then discarded. No Google Ads data is persisted in our database or logs.
  • Conversation contentnot stored. Your questions and AI responses (which may contain Google Ads data) are held in short-lived memory for context during your chat session and are not written to any persistent storage.

2.4 How we share Google data

  • Anthropic (Claude AI) — when you ask a question, the fetched Google Ads data is sent to Anthropic's API to generate an answer. Anthropic processes this data under their privacy policy. Anthropic does not use API inputs for model training.
  • Telegram — the AI-generated answer (which may summarize your Google Ads data) is sent to your Telegram chat via the Telegram Bot API.
  • We do not sell, rent, or share your Google user data with any other third parties.
  • We do not share raw Google Ads data or your OAuth tokens with anyone other than the services listed above.

3. Other data we collect

  • Telegram chat ID — used to route answers back to you in Telegram.
  • Usage logs — query types and token counts per request, used for billing and abuse prevention. No query content or Google Ads data is included in usage logs.
  • Subscription data — payment and subscription status managed via Polar.sh.

4. Third-party services

  • Google Ads API — we query your account data using OAuth 2.0 with the https://www.googleapis.com/auth/adwords scope (read-only).
  • Google Sign-In — used for authentication with openid, email, and profile scopes.
  • Anthropic Claude — AI model used to analyze your data and generate answers. anthropic.com/privacy.
  • Cloudflare — infrastructure (Workers, D1 database, Pages). cloudflare.com/privacypolicy.
  • Telegram — message delivery via the Telegram Bot API. telegram.org/privacy.
  • Polar.sh — subscription billing and payment processing. polar.sh/legal/privacy.

5. Data retention

  • Account data & OAuth tokens — retained as long as your account is active. Deleted when you delete your account or revoke access.
  • Google Ads metrics — not retained. Fetched in real time and discarded after each response.
  • Usage logs — retained for 90 days for billing and abuse prevention.
  • Conversation history — held in volatile memory only during your active session. Not persisted.

6. Security

  • Google Ads OAuth refresh tokens are encrypted at rest using AES-256-GCM.
  • Encryption keys are stored as environment secrets, separate from the database.
  • All data is transmitted over HTTPS/TLS.
  • Our infrastructure runs on Cloudflare's edge network with built-in DDoS protection.
  • We do not share your credentials or tokens with any third party other than the services listed above.

7. Your rights

  • Revoke access — you can revoke AdClaw's access to your Google account at any time from your Google account permissions page.
  • Disconnect Google Ads — you can disconnect your Google Ads account from the AdClaw dashboard, which deletes the stored OAuth token.
  • Delete account — you can request full deletion of your account and all associated data by contacting us.
  • Data export — you can request a copy of the personal data we hold about you.

8. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via the email address associated with your account. Continued use of AdClaw after changes constitutes acceptance of the updated policy.

9. Contact

For any privacy-related questions, data deletion requests, or concerns about how we handle your Google user data, contact us at: privacy@adclaw.chat