Legal

Privacy Policy

This policy explains how Adtrafix collects, uses, shares, and protects your personal data when you use our website, services, and integrations — including Google APIs and Meta platforms.

Last updated: 14 April 2026  ·  Effective: 14 April 2026
Summary

We collect only what is necessary to deliver our services. We do not sell your personal data. We use Google APIs and Meta platforms under their respective data policies. You have full rights over your data at any time. For questions: conversation@adtrafix.com

1. Who We Are

Adtrafix is a digital performance marketing agency registered in India, providing services including Google Ads management, Meta Ads management, Google My Business management, and SEO. References to "we", "us", or "our" throughout this policy refer to Adtrafix.

Registered address: Gurugram, Haryana, India
Email: conversation@adtrafix.com
Website: www.adtrafix.com

2. Data We Collect

We collect personal data in the following categories depending on how you interact with us:

CategoryData typesHow collected
Contact dataName, email address, phone number, company nameEnquiry forms, email, phone calls
Usage dataIP address, browser type, pages visited, time on site, referral sourceCookies, Google Analytics, server logs
Client account dataBusiness information, ad account IDs, campaign performance dataClient onboarding, API access granted by client
Communications dataEmails, messages, call recordsDirect correspondence
Google API dataGoogle Ads campaign data, Google My Business profile data, Search Console dataGoogle API access authorised by client — see Section 5
Meta API dataFacebook/Instagram ad account data, campaign metrics, audience dataMeta API access authorised by client — see Section 5

We do not collect sensitive personal data (such as health information, biometric data, financial account numbers, or government-issued ID) through our website or services.

3. How We Use Your Data

We use collected data for the following purposes:

  • Service delivery: Managing and optimising your Google Ads, Meta Ads, GMB, and SEO campaigns on your behalf.
  • Client communication: Responding to enquiries, sending reports, weekly optimisation updates, and audit results.
  • Analytics and improvement: Understanding how visitors use our website to improve content and user experience.
  • Legal compliance: Meeting our obligations under applicable Indian and international data protection laws.
  • Security: Detecting and preventing fraudulent activity, security breaches, or abuse of our services.
  • Marketing communications: Sending information about our services to enquirers — only where you have opted in or there is a legitimate interest. You can opt out at any time.

We do not use your data for automated decision-making that produces legal effects on you, and we do not use your data to build consumer profiles for sale to third parties.

Where applicable data protection regulations require a legal basis for processing, we rely on the following:

  • Contract performance: Processing necessary to fulfil our service agreement with you (campaign management, reporting, optimisation).
  • Legitimate interests: Website analytics, service improvement, security monitoring — where these interests do not override your rights.
  • Consent: Marketing communications, cookies (where applicable). Consent can be withdrawn at any time.
  • Legal obligation: Where we are required by law to process or retain data.

5. Google API Services — Disclosure

Google API Verification

This section is required for our use of Google's restricted API scopes including the Google Ads API, Google My Business API, Google Search Console API, and Google Analytics API. Our use of Google API data is strictly limited to the purposes described below and complies with Google's API Services User Data Policy, including the Limited Use requirements.

APIs and scopes we use

Google API / ServiceData accessedPurposeScope
Google Ads APICampaign data, keywords, bids, ad performance, conversion data, search term reportsCampaign management, optimisation, reporting for clients who grant accessClient-authorised
Google My Business API (Business Profile API)Business profile data, reviews, posts, Q&A, insights, location dataGMB management, review monitoring, post scheduling, profile optimisation for clientsClient-authorised
Google Search Console APISearch query data, page rankings, impressions, click-through rates, crawl errorsSEO performance tracking and reporting for clients who grant accessClient-authorised
Google Analytics API (GA4)Website traffic, user behaviour, conversion events, audience segmentsPerformance reporting and campaign attribution for clientsClient-authorised
Google OAuth 2.0Authentication tokens — used to verify identity when accessing APIs aboveSecure authorisation for all Google API accessTechnical

Google API data — Limited Use policy compliance

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google API data is used only to provide or improve the specific service requested by the authorising client — campaign management, GMB management, SEO reporting, or analytics.
  • We do not use Google API data to serve advertisements to users.
  • We do not allow humans to read user data obtained through Google APIs unless: (a) we have explicit permission from the user, (b) it is necessary for security purposes, (c) it is required to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymised.
  • We do not sell, transfer, or disclose Google API data to third parties except as necessary to provide the services to the authorising client.
  • We do not use or transfer Google API data for creditworthiness determination or lending purposes.
  • Access to Google APIs is obtained only through client-granted authorisation via Google's OAuth 2.0 flow. We never access APIs without explicit client consent.

Revoking Google API access

Clients can revoke Adtrafix's access to their Google accounts at any time by visiting Google Account Permissions and removing our application. Upon termination of our engagement, we will disconnect all API access within 5 working days and delete any locally retained API-sourced data within 30 days unless retention is required by law.

6. Meta (Facebook & Instagram) API Usage

We use the Meta Marketing API and associated Meta Business Tools to manage advertising campaigns on Facebook and Instagram on behalf of our clients. Our use of Meta API data complies with Meta's Platform Policy and Developer Policies.

  • Data accessed: Ad account data, campaign performance metrics, creative assets, audience data, conversion events, and Meta Pixel data as authorised by clients.
  • Purpose: Campaign management, creative optimisation, audience management, and performance reporting for clients who grant access through Meta Business Manager.
  • Restrictions: We do not use Meta API data for any purpose beyond managing and reporting on the client's advertising campaigns. We do not share Meta API data with third parties or use it to build independent audience profiles.
  • Revocation: Clients can remove our access at any time through Meta Business Manager > Partners.

7. Cookies and Tracking Technologies

Our website uses the following types of cookies:

  • Essential cookies: Required for the website to function. Cannot be disabled. These do not collect personal data.
  • Analytics cookies (Google Analytics): Collect anonymised data about how visitors use our website — pages visited, time on site, traffic sources. Used to improve website content. IP addresses are anonymised.
  • Preference cookies: Remember your preferences (e.g. cookie consent choice) to avoid repeated prompts on return visits.

You can manage cookie preferences through your browser settings. Disabling analytics cookies does not affect your ability to use our website. We do not use advertising cookies on our own website.

8. Data Sharing and Third Parties

We share personal data only in the following limited circumstances:

  • Service providers: Trusted third-party tools we use to deliver our services — including Google Workspace (email), project management tools, and reporting platforms. All service providers are bound by data processing agreements.
  • Google LLC: Through use of Google APIs and Google Workspace. Governed by Google's Privacy Policy and our API authorisation agreements.
  • Meta Platforms Inc.: Through use of Meta Marketing API. Governed by Meta's Data Policy and Platform Terms.
  • Legal requirements: Where disclosure is required by applicable law, court order, or regulatory authority in India or internationally.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of that transaction. We will notify you before any such transfer.

We do not sell, rent, or trade personal data to third parties for their marketing purposes.

9. Data Retention

We retain personal data for the following periods:

  • Client account data: For the duration of our engagement plus 3 years, or as required by applicable accounting and tax law in India (typically 7 years for financial records).
  • Website analytics data: 26 months in Google Analytics (GA4 default), then automatically deleted.
  • Enquiry and contact data: 2 years from last contact if no engagement is entered into.
  • Google API data: Retained only while client access is active. Deleted within 30 days of access revocation or engagement termination.
  • Meta API data: Retained only while client access is active. Deleted within 30 days of access revocation or engagement termination.
  • Email communications: 5 years from last communication, unless a legal hold requires longer retention.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encrypted storage and transmission of personal data (TLS/SSL on all web communications)
  • Access controls — only staff who require data to perform their role can access it
  • Two-factor authentication on all accounts that access client API data
  • Regular review and audit of data access logs
  • Staff training on data protection obligations

In the event of a data breach that is likely to result in risk to individuals, we will notify affected individuals and relevant authorities as required by applicable law within the legally prescribed timeframe.

11. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

Right of access

Request a copy of the personal data we hold about you and information about how it is used.

Right to rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to erasure

Request deletion of your personal data where there is no compelling reason for us to continue processing it.

Right to restrict processing

Request that we limit how we use your personal data while a dispute is resolved.

Right to data portability

Receive your personal data in a structured, commonly used format to transfer to another service provider.

Right to object

Object to processing based on legitimate interests, including direct marketing.

Right to withdraw consent

Withdraw consent at any time where processing is based on consent — without affecting prior processing.

Right to complain

Lodge a complaint with the relevant data protection authority if you believe we are processing data unlawfully.

To exercise any of these rights, contact us at conversation@adtrafix.com. We will respond within 30 days. We may need to verify your identity before processing your request.

12. International Data Transfers

Our primary operations are based in India. Some data may be processed outside India — for example, through Google's and Meta's global infrastructure. Where data is transferred internationally, we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses, adequacy decisions, or other legally recognised transfer mechanisms.

13. Children's Privacy

Our services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe we have collected data from a minor, please contact us immediately at conversation@adtrafix.com.

Our website may contain links to third-party websites — including Google, Meta, and industry publications. We are not responsible for the privacy practices of those sites. We recommend reviewing the privacy policy of any third-party site you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. The "Last updated" date at the top of this page will reflect the most recent revision. Where changes are material, we will notify active clients by email.

Continued use of our website or services after changes are posted constitutes acceptance of the updated policy.

16. Contact Us — Data Queries

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, contact us at:

Data Controller

Adtrafix
Gurugram, Haryana, India
Email: conversation@adtrafix.com
Website: www.adtrafix.com

For Google API-related data requests specifically, please email with subject line: "Google API Data Request"

This Privacy Policy was last reviewed on 14 April 2026. Version 1.0.