Privacy Policy

This Privacy Policy explains how WW Commerce(operating under the brand name "adgain", "we", "us") collects, uses, and protects information when you connect a Google Ads account and/or a Shopify store to the adgain service at adgain.io.

adgain is a B2B analytics tool for merchants running Google Ads on Shopify products. We do not serve consumers and do not receive data about end-shoppers directly. Everything we see is scoped to the merchant account that connected it.

1. Who we are

The data controller is:

WW Commerce
KvK 94364133 · VAT NL005079098B23
Lisdoddelaan 30, 1087 KA, Amsterdam, Netherlands
support@adgain.io

2. What data we access

adgain accesses third-party data via OAuth, using the minimum scopes required to deliver the product:

Google Ads

• Read: campaign, ad group, asset group, and product performance reports. Specifically the fields in shopping_performance_view (impressions, clicks, cost_micros, conversions, conversions_value, product_item_id, segments.product_*) and campaign / asset-group metadata.
• Write: we only mutate AssetGroupListingGroupFilter and CampaignCriterion resources, and only when you explicitly click "exclude" in the dashboard. We never change bids, budgets, creatives, campaign settings, or targeting beyond the per-product exclusions you authorise.
• OAuth scope requested: adwords.

Shopify

• Read-only access to products, variants, orders, and order line items so we can compute per-product / per-variant performance.
• OAuth scopes requested: read_products, read_orders, read_inventory.
• We do not request customer PII scopes. Order line items we store are linked to order IDs and product IDs only — names, emails, addresses, and payment details of shoppers are never retrieved or stored.

3. What data we store

• Aggregated Google Ads performance by day / campaign / product (impressions, clicks, cost, conversions, conversion value).
• Shopify products, variants, and order-line aggregates (quantity, price, refunds) — without shopper PII.
• Exclusion records you create through the product: which product or variant you excluded from which campaign, plus the Google Ads resource name we wrote so we can undo it.
• Your account: email, hashed password / OAuth identifier, billing metadata via our payment processor (we do not store card numbers).

4. How we use it

Only to deliver the product. Specifically:

• Render your performance dashboard.
• Apply exclusions you explicitly authorise to Google Ads on your behalf.
• Send product alerts (Slack, email) you have opted into — e.g. sudden refund spikes, out-of-stock ad spend, weekly digests.
• Support requests and billing.

We do not:

• Sell data.
• Share data with advertisers, data brokers, or marketing networks.
• Use your data to train machine-learning models.
• Aggregate your account's data with another merchant's for benchmarking without explicit opt-in.

5. Third-party processors

The following processors handle data on our behalf under Data Processing Agreements:

• Google — Google Ads API (source of the ad data; we read from their systems via authorised OAuth).
• Shopify — Shopify Partner API (source of the commerce data).
• Our cloud hosting provider — application + database hosting in the EU (AWS eu-west-1 / Hetzner Falkenstein).
• Stripe — subscription billing and payment processing.

We do not send your data to any other third party beyond what the product technically requires.

6. Where data is stored

All data is stored in the European Union. We do not transfer personal data outside the EEA.

7. Retention

• While your subscription is active, data is kept so the dashboard works.
• On cancellation, all data is permanently deleted within 30 days, except where we are legally required to retain invoicing records (7 years under Dutch tax law — invoices and VAT receipts only, not performance data).
• You can request immediate deletion before the 30-day window by emailing support@adgain.io.

8. Your rights (GDPR)

You have the right to:

• Access the personal data we hold about you.
• Ask us to rectify inaccurate data.
• Ask us to delete your data ("right to be forgotten").
• Receive your data in a portable format.
• Object to or restrict processing.
• Withdraw consent at any time (disconnect the OAuth integration).
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these, email support@adgain.io. We respond within 30 days.

9. Security

OAuth tokens are encrypted at rest. Traffic is TLS-only. Database access is restricted to the application service account. We do not store Shopify or Google Ads credentials — only the OAuth access + refresh tokens, which you can revoke at any time from the respective platform.

10. Children

adgain is a B2B product. We do not knowingly collect data from or about anyone under 16.

11. Changes to this policy

If we materially change how we handle data, we'll email every active customer at least 30 days before the change takes effect. The current version of this policy is always at adgain.io/privacy, and the "Last updated" date at the top reflects the most recent revision.

12. Contact

Any privacy question: support@adgain.io, or post to the address above.