Privacy Policy

Query Guard Inc. ("QueryGuard," "we," "us," or "our"), a Delaware corporation, operates the queryguard.io platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

• Account information: Name, email address, and authentication credentials when you create an account (via Google sign-in or other authentication providers).
• Organization information: Organization name and settings you configure within the Service.
• Google Ads data: When you upload CSV files or connect a Google Ads account via API, we receive your advertising performance data including campaigns, ad groups, keywords, search terms, and associated metrics (spend, impressions, clicks, conversions, etc.).
• Payment information: Billing details provided through our payment processor, Stripe. We do not store full credit card numbers on our servers.
• Communications: Information you provide when contacting support or giving feedback.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, actions taken, timestamps, and session duration.
• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Cookies and similar technologies: We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 7 for details.

We use the information we collect to:

• Provide, operate, and maintain the Service
• Analyze your Google Ads data to generate insights, recommendations, and reports on wasted spend and optimization opportunities
• Process payments and manage subscriptions
• Send transactional communications (account confirmations, billing notices, security alerts)
• Respond to support requests and communications
• Improve and develop the Service using aggregated, de-identified data (see Section 8 for restrictions on Google API data)
• Monitor for security threats, fraud, and abuse
• Comply with legal obligations

We do not sell your personal information or Google Ads data to third parties.

3.1 Data Processing on Behalf of Customers

If you are an agency or service provider using QueryGuard to analyze data on behalf of your clients, you are responsible for ensuring you have the necessary authorization and legal basis to provide that data to us. In this context, you act as the data controller (or equivalent under applicable law) and QueryGuard acts as a data processor, processing data solely on your instructions to provide the Service.

We may share your information with:

• Organization members: Data within an Organization is accessible to other members of that Organization as configured by the Organization administrator.
• Service providers: We use third-party services to help operate the Service. These providers have access to your information only as needed to perform their functions and are bound by contractual obligations to protect it. Our current service providers include:
  • Vercel — Hosting and deployment
  • Supabase — Database infrastructure
  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Google Analytics — Website analytics
  • Vercel Analytics — Performance and usage analytics
  • Sentry — Error monitoring and performance tracking
  • Resend — Transactional email delivery
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We retain your account information for as long as your account is active or as needed to provide the Service.

Google Ads data you upload or connect is retained for the duration of your active subscription. If you delete your account or your Organization, we will delete Your Data within 30 days, except where we are required to retain it by law.

When you disconnect a Google Ads account: We stop syncing new data immediately. Previously synced data (including search terms, campaign metrics, and performance history) is deleted within 30 days of disconnection. You may also request immediate deletion by contacting us at support@queryguard.io.

When you revoke access via Google: If you revoke QueryGuard's access through your Google Account permissions, we will no longer be able to sync data from that account. Previously synced data follows the same 30-day deletion timeline described above.

Aggregated, de-identified data that cannot reasonably be used to identify any individual may be retained to improve the Service, subject to the Limited Use requirements described in Section 8.

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and authentication for all infrastructure
• Regular security monitoring and logging
• Secure handling of API credentials and tokens

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We use the following types of cookies and tracking technologies:

• Essential cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics cookies: Used by Google Analytics and Vercel Analytics to understand how users interact with the Service. These help us improve the user experience.
• Error tracking: Sentry collects diagnostic information when errors occur to help us identify and fix issues.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

QueryGuard's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8.1 What We Access

When you connect a Google Ads account, we request only the permissions necessary to provide the Service. This includes read access to:

• Campaign, ad group, and keyword structure and settings
• Search term reports (the actual queries that triggered your ads)
• Performance metrics (spend, impressions, clicks, conversions, and related data)
• Account-level settings and configuration

We do not modify your Google Ads campaigns, settings, or data unless you explicitly use a feature designed to do so (such as negative keyword recommendations that you choose to apply).

8.2 Limited Use Requirements

In compliance with Google's Limited Use requirements, QueryGuard will not:

• Sell or transfer your Google Ads data to third parties, advertising networks, data brokers, or information resellers
• Use your Google Ads data for serving advertisements, retargeting, or interest-based advertising of any kind
• Use your Google Ads data to build or train generalized artificial intelligence or machine learning models (aggregated, de-identified data used solely to improve the Service is permitted)
• Use your Google Ads data for creditworthiness determinations, lending decisions, or insurance underwriting
• Allow human review of your raw Google Ads data without your affirmative consent, except where necessary for security purposes, to comply with applicable law, or as part of a specific support request you initiate

8.3 Revoking Access

You can revoke QueryGuard's access to your Google account at any time through your Google Account permissions settings or by disconnecting the account within QueryGuard. See Section 5 for details on what happens to your data after disconnection.

Search term data — the actual queries people type into Google that trigger your ads — requires special attention because it may contain personally identifiable information (PII). People search for names, addresses, phone numbers, medical conditions, financial situations, and other sensitive information. We handle this data with particular care.

9.1 How We Process Search Terms

• Search terms are processed solely to provide waste detection, optimization insights, and negative keyword recommendations within the Service
• Search term data is scoped to your Organization and is only visible to members of that Organization
• We do not use individual search terms for any purpose other than delivering the Service to your Organization

9.2 Sensitive Information in Search Terms

Google applies privacy thresholds to search term reports, limiting results to terms with sufficient search volume. This significantly reduces — but does not fully eliminate — the presence of personally identifiable information in the data we receive. High-volume search terms may still contain names, locations, health conditions, or other sensitive details. Additionally, data uploaded via CSV may not have the same filtering applied.

We apply the same security and access controls to all search term data regardless of content, and we do not separately analyze, categorize, or extract personal information from search terms.

9.3 Data Minimization

We retain search term data only as long as necessary to provide the Service. When you disconnect a Google Ads account, delete your Organization, or close your account, search term data is deleted within 30 days (see Section 5). You may also request immediate deletion of search term data at any time by contacting support@queryguard.io.

9.4 Your Responsibilities

If you use QueryGuard to analyze Google Ads data on behalf of clients, you are responsible for ensuring that your use of search term data complies with your own privacy obligations to those clients and with applicable data protection laws. If your client requests deletion of their data, you should disconnect the relevant Google Ads account and contact us to confirm deletion.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data portability: Request your data in a structured, machine-readable format.
• Opt-out: Opt out of analytics tracking by using your browser's Do Not Track setting or disabling cookies.

To exercise any of these rights, contact us at support@queryguard.io. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information
• The right to non-discrimination for exercising your privacy rights

We do not sell personal information as defined by the CCPA.

The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your information to the United States.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at support@queryguard.io and we will take steps to delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Effective Date." We encourage you to review this page periodically.

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

If you have questions or concerns about this Privacy Policy, contact us at: