Privacy Policy

Last Updated: April 2026

Evenrue Marketing ltd respects your privacy and is committed to protecting your personal data. This privacy notice explains how we look after your personal data when you visit our website at connector.wtf, sign in to the connector, or apply for a free Google Ads audit. It also describes your privacy rights and how the law protects you.

1. Important Information and Who We Are

Purpose of this privacy policy

This privacy notice aims to give you information on how Evenrue Marketing ltd collects and processes your personal data, including any data you may provide through this website, when you connect a Google Ads account to our service, or when you apply for a free Google Ads AI Action Plan.

This website is intended for professional and business users and is not intended for children. We do not knowingly collect data relating to children.

Controller

Evenrue Marketing ltd is the controller and is responsible for your personal data (collectively referred to as "connector.wtf", "we", "us" or "our" in this privacy policy).

Contact details

• Full name of legal entity: Evenrue Marketing ltd (Business ID: 3159075-2)
• Email address: info@evenrue.fi
• Website: connector.wtf

You have the right to make a complaint at any time to the Finnish Data Protection Authority, the Finnish supervisory authority for data protection issues (tietosuoja.fi). We would, however, appreciate the chance to deal with your concerns before you approach them, so please contact us in the first instance.

Changes to the privacy policy

This version was last updated in April 2026. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites and applications (for example Google's OAuth consent screen, ChatGPT, or Claude). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

2. The Data We Collect About You

Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data, grouped as follows:

• Identity Data — first name, surname, and company details you provide via our lead form on /connect or the audit application form.
• Contact Data — work email address and role/title.
• Google Account Data — the email address on your Google account, an OAuth refresh token (encrypted at rest), the list of Google Ads customer IDs you choose to grant the connector access to, and any optional manager (login-customer-id) you set.
• Usage Data — logs of MCP tool calls (which read-only Google Ads tool was invoked, which customer ID was queried, timestamp, success or error) so we can support you and improve the service.
• Audit Application Data — answers you submit through the Free Google Ads AI Action Plan form (budget range, campaign goal, issues, optional AI findings you choose to paste).
• Technical Data — IP address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access our website.
• Marketing and Communications Data — your preferences in receiving marketing from us and your communication preferences.

We do not collect, store or have access to the contents of your conversations with ChatGPT, Claude, or any other MCP client. Those conversations stay between you and your AI assistant.

If you fail to provide personal data

Where we need to collect personal data by law or under the terms of our service and you fail to provide it when requested, we may not be able to provide the connector or the audit to you.

3. How Is Your Personal Data Collected?

Direct interactions

You give us your Identity, Contact and Audit Application Data when you:

• Sign in with Google;
• Complete the lead form on /connect;
• Apply for a Free Google Ads AI Action Plan;
• Email us or otherwise correspond with us.

Google OAuth

When you connect your Google Ads account, Google passes us a refresh token authorising read-only access to your Google Ads data. We store this token encrypted (AES-256-GCM) and use it solely to perform the read-only queries you trigger via your AI assistant. You can revoke this access at any time from your Google account settings or via the Disconnect button on /connect.

Automated technologies

As you interact with our website we automatically collect Technical Data about your equipment and browsing actions. We use a small number of strictly necessary cookies for authentication and session management.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly we process your personal data:

• To provide the connector service and run the read-only Google Ads queries you initiate (performance of contract);
• To qualify and respond to audit applications (legitimate interest, or pre-contract steps at your request);
• To support you, troubleshoot issues, and improve the service (legitimate interest);
• To send you marketing emails about Google Ads and AI marketing tips, only where you have explicitly consented via the optional marketing checkbox.

Marketing

We do not share your personal data with any third-party company for marketing purposes. You can withdraw your marketing consent at any time by emailing info@evenrue.fi. Withdrawing marketing consent does not affect our ability to keep providing the service to you.

5. Disclosures of Your Personal Data

We may share your personal data with the following sub-processors:

• Supabase — managed Postgres database and authentication, EU region, used to store your account, lead profile, encrypted Google refresh token, customer-ID selections, MCP call logs, and audit applications.
• Cloudflare — hosts the connector website, server functions, and the MCP endpoint at the edge.
• Google — we call the Google Ads API on your behalf using your OAuth refresh token. Read-only scope only.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may also disclose your personal data to professional advisers (lawyers, auditors) and to authorities where required by law.

6. International Transfers

Your data is stored in the European Economic Area. We may transfer your personal data outside the EEA for the purpose of delivering the service to you (for example, calls to Google's APIs). When transferring personal data outside the EEA we ensure a sufficient level of security, for example by relying on the standard contractual clauses adopted by the European Commission.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed:

• Google Ads OAuth refresh tokens are encrypted at rest with AES-256-GCM before being stored;
• The OAuth scope we request is strictly read-only — the connector is not technically capable of editing campaigns, bids, or budgets;
• Database row-level security ensures users can only access their own records;
• MCP access tokens are issued per AI client, hashed at rest, and can be revoked at any time;
• Access to your data within our team is limited to those with a clear support need.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Connection data (encrypted refresh token, customer-ID selections) is kept while your account is active. Disconnecting Google Ads on /connect deletes the connection row immediately.
• MCP call logs are retained for support and abuse-prevention purposes; these contain no Google Ads data, only metadata about which tool was called.
• Audit application submissions are retained so we can follow up with you and improve the audit process.
• By Finnish law we are required to keep basic information about our clients (Contact, Identity, Financial and Transaction Data) for up to five years after they cease being customers, for legal and tax purposes.

In some circumstances you can ask us to delete your data — see Your Legal Rights below. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.

9. Your Legal Rights

Under data protection laws you have rights in relation to your personal data, including the right to:

• Request access to your personal data.
• Request correction of personal data we hold about you.
• Request erasure of your personal data.
• Object to processing of your personal data where we are relying on a legitimate interest.
• Request restriction of processing of your personal data.
• Request the transfer of your personal data to you or to a third party in a structured, machine-readable format.
• Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of these rights, please contact us at info@evenrue.fi. We may need to request specific information from you to help us confirm your identity. We try to respond to all legitimate requests within one month.

10. Glossary

Lawful Basis

Legitimate Interest means the interest of our business in conducting and managing it to enable us to give you the best service and the most secure experience. We balance any potential impact on you and your rights before processing your personal data for our legitimate interests.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

Third Parties

External third parties include:

• Service providers who provide IT, hosting, database and authentication services (Supabase, Cloudflare).
• Google, for the Google Ads API.
• Professional advisers including lawyers, bankers, auditors and insurers.
• Tax authorities, regulators and other authorities who require reporting in certain circumstances.

Marketing cookies (Meta Pixel)

With your consent, we load the Meta Pixel (Facebook) on this site to measure the performance of our marketing campaigns. The pixel records standard events such as page views, signups, connector connections, and audit applications, together with technical data (IP, browser, referrer) sent directly to Meta. The lawful basis is your consent (GDPR Art. 6(1)(a)).

The pixel is not loaded until you click "Accept" on the cookie banner. You can withdraw consent at any time by clearing the mkt_consent entry in your browser's local storage for this site, which brings the banner back so you can choose again. Declining stops the pixel from loading at all.

Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Evenrue Marketing ltd
• Business ID: 3159075-2
• Email: info@evenrue.fi