Plain-English explanation of every external data source we connect to. If you are reviewing this page on behalf of a platform, Google, Meta, or Shopify, this is the canonical reference for what we do with your merchants’ data. The legal policy lives at /privacy.
We connect to Google Ads through Google’s standard OAuth 2.0 flow with the https://www.googleapis.com/auth/adwords scope. Every API call is read-only, made server-side from a Vercel-hosted worker using the official google-ads-api Node client against the latest stable Google Ads API.
Resources customer, customer_client, campaign, ad_group, ad_group_ad, keyword_view, search_term_view, product_group_view, shopping_performance_view, change_event, geo_target_constant.
Methods CustomerService.listAccessibleCustomers, GoogleAdsService.search / searchStream, GeoTargetConstantService.suggestGeoTargetConstants.
Why So the strategy report can show your campaign structure, surface the search queries that triggered your ads, tie Shopping and Performance Max spend back to specific Shopify SKUs, comment on recent changes to your account, reconcile Google-attributed conversions against Shopify orders, and compute channel-level cost per acquisition.
No mutate* method on any service. That includes CampaignService.mutateCampaigns, CampaignBudgetService.mutateCampaignBudgets, AdGroupAdService.mutateAdGroupAds, RecommendationService.applyRecommendation, and every other write call.
If we ever add the ability to apply changes inside your account, we will apply for Standard Access first and update this page before any data is touched. The full breakdown of API resources, methods, and rate-limit budgets is on our how it works page.
Storage The OAuth refresh token is AES-256 encrypted at rest in Supabase Postgres (eu-west-2). The developer token is a server-side environment secret, never sent to the browser, never logged. Report rows are kept 13 months rolling.
Compliance Use of Google Ads data follows the Google Ads API Required Minimum Functionality policy for reporting tools and the Google Ads API Terms of Service. Disclosure of how we process Google Ads data is included in our privacy policy.
Connected to your Meta Business Manager through Meta’s Embedded Solutions Onboarding flow at install. We provision a System User inside your BM and the System User token authenticates every subsequent Marketing API call we make on your behalf. No shared admin credentials. No password handling. The token is scoped to your BM only and can be revoked from your BM settings at any time.
Resources adaccount, campaign, adset, ad, adcreative, customaudience, adsinsights, page, instagram_business_account, product_catalog, product_set, product_feed.
Permissions ads_read, read_insights, pages_read_engagement, instagram_basic, instagram_manage_insights. Plus the business_management permission used to provision the System User during Embedded Solutions Onboarding.
Why So the Day 3 strategy report can show your account structure, spend, Meta-reported conversions, audience data, and creative performance; reconcile what Meta tells you against what your Shopify store recorded; and surface the gap between the two as a plain-English finding. The competitor creative gallery uses the public Ad Library API — no merchant token required for that.
Conversions API Optional. If you choose to install the Conversions API Gateway, we provision it on your own subdomain and forward server-side events (ViewContent, AddToCart, InitiateCheckout, Purchase) to Meta on your behalf. Customer information parameters (email, phone, name, address, city, postcode, external ID) are hashed in transit using SHA-256 and we retain only the hashed values for match-quality reporting. Raw PII never reaches our database. Transmission is gated by the Shopify Customer Privacy API consent state.
Until you upgrade to our managed-delivery tier, we do not call any write method on the Marketing API. That includes campaign creation, ad set or ad edits, budget changes, audience writes, creative uploads, and catalogue mutations. The dashboard surfaces recommendations and you action them inside Meta Ads Manager yourself.
When you upgrade and explicitly authorise managed delivery, the write scopes that activate are ads_management, catalog_management, and pages_manage_ads. Every write call is wrapped by our policy layer, which gates the call against the three-tier autonomy model you approved at activation: tier 1 actions (small bid and budget adjustments) execute and log, tier 2 actions (±15% delivery changes) execute and notify you, tier 3 actions (campaign pause, new campaign, fundamental strategy changes) halt pending your approval.
We will never request leads_retrieval or any permission that surfaces consumer data outside the campaign performance we report on. We never post on your behalf on the merchant Page or Instagram account without your explicit instruction. We never share your Meta Ads data with any third party.
Storage The System User token is AES-256 encrypted at rest in Supabase Postgres (eu-west-2) and is the only credential we hold for your Meta integration. App secrets and developer tokens are server-side environment values, never sent to the browser, never logged. Ad-account performance rows are kept for 13 months rolling.
Compliance Use of Meta data follows the Meta Platform Terms and the Meta Developer Policies. We are registered as a Tech Provider in our own Business Manager (Passo Agency Ltd) with verified domain passoagency.com and Business Verification submitted to Meta. Disclosure of how we process Meta data is included in our privacy policy.
Optional. Connected via the GA4 Data API with the read-only analytics scope. We use it to triangulate paid-channel performance against on-site engagement so the strategy report can comment on landing-page conversion rates by source. If you skip the connection we use Shopify and ad-account data only.
Connected through the Shopify App Bridge under the scopes declared in our App Store listing. Order history, customer cohorts, and catalogue. Used as the source of truth for revenue and customer attribution against which paid-channel data is reconciled.
All raw and derived data is stored in a single Supabase-managed Postgres database in eu-west-2. Application servers run on Vercel, in the same region. We do not currently process merchant data outside the EU.
Backups are encrypted and retained for 30 days. If you uninstall the Shopify app, all your data, including raw rows, aggregates, encrypted refresh tokens, and backups, is purged within 30 days.