COREPPC

Legal

Privacy Policy

Plain English, not legalese. Here is what we collect, why we collect it, and what we do with it.

What this policy covers

This policy applies to two things: the COREPPC website (coreppc.com) and the COREPPC Grader, our free PPC audit tool available at coreppc.com/grader.

The Grader connects to your Google Ads and Meta Ads accounts to run an automated audit. Because it handles OAuth tokens and reads ad account data, it is the part of our system where data handling matters most. This policy explains exactly what we access, what we store, and what we do not.

Data collected through the Grader

Google Ads

When you connect Google Ads, we request read-only access to your account. We use this access to retrieve campaign structure, keyword lists, bidding data, conversion tracking settings, audience targeting, and budget information. We do not read, store, or share creative assets, customer lists, or any data that belongs to your end customers. We access Google API data only to generate your audit report. Your Google OAuth token is stored in an encrypted, httpOnly browser cookie that expires in 30 days. It is never written to our database.

Meta Ads

When you connect Meta Ads, we request read access to your ad accounts. We use this access to retrieve campaign names, ad sets, budget information, and basic performance metrics. The same rules apply: read-only, no customer data, no creative assets. Your Meta OAuth token is stored in an encrypted, httpOnly browser cookie that expires in 60 days. It is never written to our database.

Email address

If you sign in with email only (no Google account), we collect your email address to authenticate your session. Your email is stored in our database, which runs on Turso (a SQLite-based service hosted in US East). We use your email to send your audit report when it is ready, and to send team collaboration invitations if you choose to share access with colleagues.

Audit reports

When you run an audit, the results are stored in our database so you can access your report later and share it with others. Reports contain aggregated scores and findings derived from your ad account data. They do not contain raw campaign data, creatives, or customer information.

Data collected through the website

If you submit a contact form on coreppc.com, we receive your name, email address, and message. We use this information to respond to your inquiry. We do not add you to any mailing list without your consent.

What we do not do with your data

  • We do not sell your data to third parties.
  • We do not use your Google Ads or Meta Ads data for any purpose other than generating your audit.
  • We do not use your data to train machine learning models.
  • We do not share your report with any third party unless you explicitly share it yourself.
  • We do not store OAuth tokens in our database — only in your browser cookies.

Google API Services disclosure

COREPPC's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically: we use Google API data solely to provide the PPC audit service to the user who authorized access. We do not transfer Google user data to third parties except as necessary to provide this service, and only with your prior consent.

Cookies

We use httpOnly cookies to store your authentication session. These cookies are not accessible to JavaScript and cannot be read by third-party scripts. We do not use advertising cookies, tracking pixels, or third-party analytics on the Grader.

The main website (coreppc.com) may load fonts from Google Fonts and analytics from standard web tools. No personally identifiable information is shared with these services.

Data retention

Session cookies expire automatically: 30 days for Google sessions, 60 days for Meta sessions, 24 hours for report viewer sessions.

Audit reports are retained in our database indefinitely so you can access them. If you want your reports deleted, contact us at the address below and we will remove them.

If you connected via Google OAuth and later revoke access through your Google account settings, your access token becomes invalid. We will no longer be able to fetch data from your account.

Your rights

You can revoke Google Ads access at any time by visiting myaccount.google.com/permissions and removing COREPPC Grader from the list of connected apps.

You can revoke Meta Ads access by visiting facebook.com/settings/apps and removing the COREPPC app.

To request deletion of your account data, email us at dror@coreppc.com. We will confirm deletion within 10 business days.

Contact

For questions about this policy or to request data deletion, email dror@coreppc.com.

This policy was last updated February 2026.