Legal
Plain English, not legalese. Here is what we collect, why we collect it, and what we do with it.
This policy applies to two things: the COREPPC website (coreppc.com) and the COREPPC Grader, our free PPC audit tool available at coreppc.com/grader.
The Grader connects to your Google Ads and Meta Ads accounts to run an automated audit. Because it handles OAuth tokens and reads ad account data, it is the part of our system where data handling matters most. This policy explains exactly what we access, what we store, and what we do not.
Google Ads
When you connect Google Ads, we request read-only access to your account. We use this access to retrieve campaign structure, keyword lists, bidding data, conversion tracking settings, audience targeting, and budget information. We do not read, store, or share creative assets, customer lists, or any data that belongs to your end customers. We access Google API data only to generate your audit report. Your Google OAuth token is stored in an encrypted, httpOnly browser cookie that expires in 30 days. It is never written to our database.
Meta Ads
When you connect Meta Ads, we request read access to your ad accounts. We use this access to retrieve campaign names, ad sets, budget information, and basic performance metrics. The same rules apply: read-only, no customer data, no creative assets. Your Meta OAuth token is stored in an encrypted, httpOnly browser cookie that expires in 60 days. It is never written to our database.
Email address
If you sign in with email only (no Google account), we collect your email address to authenticate your session. Your email is stored in our database, which runs on Turso (a SQLite-based service hosted in US East). We use your email to send your audit report when it is ready, and to send team collaboration invitations if you choose to share access with colleagues.
Audit reports
When you run an audit, the results are stored in our database so you can access your report later and share it with others. Reports contain aggregated scores and findings derived from your ad account data. They do not contain raw campaign data, creatives, or customer information.
If you submit a contact form on coreppc.com, we receive your name, email address, and message. We use this information to respond to your inquiry. We do not add you to any mailing list without your consent.
COREPPC's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically: we use Google API data solely to provide the PPC audit service to the user who authorized access. We do not transfer Google user data to third parties except as necessary to provide this service, and only with your prior consent.
We use httpOnly cookies to store your authentication session. These cookies are not accessible to JavaScript and cannot be read by third-party scripts. We do not use advertising cookies, tracking pixels, or third-party analytics on the Grader.
The main website (coreppc.com) may load fonts from Google Fonts and analytics from standard web tools. No personally identifiable information is shared with these services.
Session cookies expire automatically: 30 days for Google sessions, 60 days for Meta sessions, 24 hours for report viewer sessions.
Audit reports are retained in our database indefinitely so you can access them. If you want your reports deleted, contact us at the address below and we will remove them.
If you connected via Google OAuth and later revoke access through your Google account settings, your access token becomes invalid. We will no longer be able to fetch data from your account.
You can revoke Google Ads access at any time by visiting myaccount.google.com/permissions and removing COREPPC Grader from the list of connected apps.
You can revoke Meta Ads access by visiting facebook.com/settings/apps and removing the COREPPC app.
To request deletion of your account data, email us at dror@coreppc.com. We will confirm deletion within 10 business days.
For questions about this policy or to request data deletion, email dror@coreppc.com.
This policy was last updated February 2026.