Summary (plain English)
- AdHelm connects to Google Ads using OAuth. We never ask for your Google password.
- Google Ads connection credentials are encrypted before storage, and connected account data is scoped to your workspace.
- Do not submit protected health information (PHI) into AdHelm. The product is designed for marketing performance and operational workflow signals.
- We do not sell customer data or Google user data.
Information we collect
- Account information: name, email, workspace membership.
- Google Ads data you authorize: account identifiers, campaign, keyword, and performance metrics.
- Google Ads connection credentials: OAuth tokens needed to maintain the connection you authorize.
- Product usage data: feature usage and action logs for auditability.
- Billing data: subscription status and billing identifiers from Stripe.
How we use information
- Provide audits, recommendations, previews, and explainable insights for the ad accounts and workspaces you connect.
- Maintain your connected Google Ads workspace and account access.
- Run safety guardrails and action logging, including rollback metadata.
- Communicate account and billing notifications.
- Improve product quality and reliability.
How we protect Google Ads and other sensitive data
- OAuth access: you authorize Google Ads access through Google OAuth. AdHelm does not ask for or store your Google password.
- Encryption in transit: data is transmitted over HTTPS/TLS.
- Encrypted credential storage: Google Ads refresh tokens are encrypted before storage using AES-256-GCM.
- Scoped access controls: workspace data is tenant-scoped and access is enforced server-side.
- Limited access: access to customer data is limited to authorized workspace users and to personnel or service providers who need it to operate, secure, bill for, or support the service.
- Logging and investigation support: we maintain logs around account changes, product actions, and operational events to investigate bugs, abuse, and support requests.
Private pilot messaging
Some private pilot features may involve business messaging workflows for specific invited customers. When that happens, message frequency varies based on the customer's interaction with the practice, and message and data rates may apply.
Mobile opt-in data and consent records are used only to deliver the requested messaging service for that practice. We do not sell mobile numbers or messaging consent data, and we do not share that information with third parties for their own marketing purposes.
Messaging choices and controls
Patients can stop text communication at any time by replying STOP. For assistance, they can reply HELP or contact the practice directly. Practices are responsible for collecting appropriate consent before using messaging with a patient or prospective patient.
HIPAA / PHI posture
AdHelm is designed for advertising performance and operational workflows, not clinical record storage. Do not submit protected health information (PHI) such as symptoms, diagnoses, treatment history, test results, or clinical notes. If your organization requires HIPAA-specific controls or a formal BAA, contact support@ad-helm.com before using the product so we can review requirements.
Sharing
We do not sell customer data or Google user data, and we do not use Google user data for unrelated advertising. We share information with service providers only as needed to host, secure, bill for, and support the product.
Service providers (subprocessors)
- Hosting and infrastructure: Google Cloud / Firebase (to run the application and store tenant-scoped data).
- Billing: Stripe (to manage subscriptions, invoices, and payment processing).
- Email and notifications: providers used to deliver product email (weekly reports, billing notices, and critical alerts).
We restrict access by role and scope, and we share only what is needed to deliver the service.
Retention and deletion
We retain data for as long as needed to provide the service and maintain action logs for accountability. If you disconnect the product or request deletion, we delete or de-identify data when reasonably possible, subject to billing, security, fraud-prevention, and legal retention needs. You can request deletion by contacting support@ad-helm.com.
Your responsibilities
You are responsible for ensuring that any data you input is appropriate for this product and compliant with your own obligations. Do not enter PHI or patient records.