1. Data Controller
chiliad (“we”, “us”, “our”) operates the chiliad platform at chiliad.io and app.chiliad.io. We provide a SaaS platform for managing and automating Google Ads scripts.
For GDPR purposes, chiliad is the data controller for all personal data described in this policy. For any privacy inquiries, data subject requests, or complaints, contact us at hello@chiliad.io.
2. Information We Collect
We collect the following types of information:
- Account information — name, email address, and password when you create an account.
- Google Ads data — account IDs, campaign data, and script execution logs, accessed via Google OAuth on your behalf.
- Script execution analytics — execution status, duration, error messages, and account identifiers reported by deployed scripts.
- Billing information — payment details are processed and stored by Stripe. We do not store credit card numbers directly.
- Usage data — how you interact with the platform, including pages visited and features used.
- Early access applications — email, name, company, and optional profile information submitted via our sign-up form.
3. How We Use Your Information
- To provide, operate, and improve the chiliad platform.
- To send email digests summarizing your script activity (daily, weekly, or monthly, based on your preferences).
- To send script failure alerts when errors are detected.
- To communicate with you about your account, updates, and support requests.
- To process subscription payments and manage your billing.
- To analyze usage patterns and improve our service.
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing necessary to provide the chiliad platform, including account management, script execution, Google Ads data syncing, and billing.
- Legitimate interest (Art. 6(1)(f)) — platform security, fraud prevention, service improvement, and usage analytics. We balance our interests against your rights and only process data where the impact on you is minimal.
- Consent (Art. 6(1)(a)) — analytics cookies via Google Analytics 4 (only set after you accept via our cookie consent banner). You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — where required to comply with tax, accounting, or legal requirements.
5. Data Storage & Security
Your data is stored securely using Supabase, hosted on AWS infrastructure. We use industry-standard encryption for data in transit (TLS) and at rest. Google Ads credentials are stored as OAuth refresh tokens — we never store your Google password.
6. Google Ads User Data
chiliad connects to your Google Ads accounts via OAuth 2.0. This section describes how we handle data obtained through the Google Ads API.
Data We Access
When you connect your Google Ads account, we request the following API scopes:
- Google Ads API access — to read your account structure, campaigns, ad groups, and performance metrics so you can manage and monitor them within chiliad.
- User profile information — your email address for account identification purposes.
Specifically, we access: Google Ads account IDs and names, campaign and ad group data, performance metrics (impressions, clicks, cost, conversions), and script execution logs generated by scripts you deploy through our platform.
How We Use Google Ads Data
Google Ads data is used solely to provide and improve the chiliad platform — including displaying your account performance, executing scripts you configure, and generating reports you request. We do not use Google Ads data for any other purpose.
Restrictions on Google Ads Data
- We do not sell Google Ads user data to any third party.
- We do not use Google Ads data for serving ads, retargeting, personalized advertising, or interest-based advertising.
- We do not use Google Ads data for credit, lending, or insurance eligibility determinations.
- We do not transfer or disclose Google Ads data to third parties for surveillance purposes.
- We do not use Google Ads data for training artificial intelligence or machine learning models.
- We do not use Google Ads data to create, enrich, or resell databases or data products.
- We do not share Google Ads data with third parties except for infrastructure providers strictly necessary to operate the service (see Section 7), and only under appropriate confidentiality obligations.
Revoking Access
You can revoke chiliad's access to your Google Ads account at any time by visiting your Google Account permissions page and removing chiliad, or by disconnecting your account within the chiliad platform settings. You may also contact us at hello@chiliad.io to request revocation.
Google API Services Compliance
chiliad's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
7. Third-Party Services
We use the following third-party services to operate the platform:
- Supabase — database, authentication, and file storage.
- Vercel — hosting and deployment.
- Google Ads API — connecting to your ad accounts.
- Stripe — subscription billing and payment processing.
- Resend — transactional email delivery (digests, alerts, notifications).
These providers process data on our behalf under appropriate data protection agreements. We do not share your Google Ads data with any of these providers except as necessary to deliver the service (e.g., storing account metadata in our database).
8. Cookies & Analytics
We use Google Analytics 4 to understand how visitors use our website. This service collects anonymized usage data such as pages visited, time on site, and referral source.
We implement Google Consent Mode v2. By default, all analytics and advertising cookies are denied until you explicitly accept them via the cookie consent banner. If you decline or dismiss the banner, no tracking cookies are set and no usage data is collected by Google Analytics.
You can change your cookie preference at any time by clearing your browser's local storage for this site, which will cause the consent banner to reappear on your next visit.
We also use the following essential cookies that do not require consent:
- Authentication cookies — managed by Supabase to maintain your login session.
- Consent preference — stored in your browser's local storage to remember your cookie choice.
9. Data Retention & Deletion
We retain your data for as long as your account is active. Script execution analytics are retained based on your subscription tier (14 days for Free, 180 days for Solo, 365 days for Studio, Agency, and Scale). Older analytics data is automatically purged.
You can delete your account at any time from the Settings page. When your account is deleted:
- Your Google Ads OAuth tokens are revoked and deleted immediately.
- Your account data, Google Ads data, script configurations, execution logs, and team memberships are permanently deleted.
- Any active Stripe subscription is canceled.
- Backups containing your data are purged within 90 days.
You may also request deletion by contacting us at hello@chiliad.io.
10. Your Rights (GDPR & International)
Under the GDPR and other applicable data protection laws, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate personal data. You can also update your profile directly in Settings.
- Right to erasure (Art. 17) — request deletion of your personal data. You can delete your account instantly from Settings, or contact us.
- Right to data portability (Art. 20) — download all your personal data in a machine-readable JSON format from Settings → Data & Privacy → Export Data.
- Right to restrict processing (Art. 18) — request that we limit how we process your data in certain circumstances.
- Right to object (Art. 21) — object to processing based on legitimate interests. You can opt out of all non-essential emails in your notification settings.
- Right to withdraw consent (Art. 7(3)) — withdraw consent at any time (e.g., cookie consent) without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at hello@chiliad.io. We will respond within 30 days as required by the GDPR.
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
11. International Data Transfers
Our infrastructure providers (Supabase, Vercel, Stripe, Resend) may process data in the United States and other countries outside the EEA. We ensure adequate protection through the providers' Standard Contractual Clauses (SCCs) and equivalent safeguards as required by GDPR Article 46.
12. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Continued use of the platform after changes constitutes acceptance of the updated policy.