Privacy Policy
Last Updated: March 12, 2026
This Privacy Policy describes how Ariametrics (“we,” “us,” or “our”) collects, uses, processes, and protects your information when you use our Google Sheets™ Add-on and related web applications (the “Service”). This Privacy Policy should be read in conjunction with our Terms of Service.
Your data is not for sale — our commitment is to safeguard your privacy. The Service operates as a data conduit, passing advertising data from third-party APIs directly into your Google Sheets™. We do not warehouse, resell, or monetize your marketing data.
1. The Zero-Storage Promise
Ariametrics is a stateless data pipeline. For standard Connector plan users:
- We do not host, store, or warehouse your marketing data.All advertising performance data (impressions, spend, conversions, etc.) flows directly from Meta’s Marketing API into your Google Sheets™ in real time. We possess zero copies of your ad data after the request completes.
- Query configurations vs. Query data. To facilitate automated background syncing, we store your query configurations (e.g., your selected metrics, dimensions, and date ranges) securely in our database. However, we never store the actual data returned by those queries.
- Data may be temporarily processed in memory only during the execution of your requested query. Only the structural metadata of your request is saved; the actual advertising performance data (impressions, spend, conversions) is never written to disk or persisted on our servers.
Business Tier Exception: Users on Business/Enterprise plans with Dashboard access may use Custom Charts, which store chart configuration definitions on our servers. This does not apply to standard Connector plan users.
2. Information We Collect
2.1 Account Information
When you sign up, we collect:
- Email address — for account creation, authentication, and service-related notifications.
- Company name and role — provided during onboarding to contextualize your workspace.
- Profile information (via Google OAuth) — limited to your Google account email address to streamline registration and login.
2.2 Authentication Credentials
To connect your ad accounts and fetch data on your behalf, we store the following credentials:
- Meta API Access Token— Used to retrieve your advertising data from Meta’s Marketing API. This token is encrypted at rest using database-managed encryption with externally managed keys. Our application never handles encryption keys directly. This credential is retained until you manually disconnect your account, your account is abandoned, or authentication fails for 7 consecutive days (see §4).
Google Sheets™ access is handled entirely by the Apps Script add-on running under your own Google account session. No Google credentials are stored on our servers.
We do not store your passwords for any third-party service. All stored credentials are encrypted at rest and are never logged in plaintext.
2.3 Query Telemetry
For every query executed through the Service, we record:
- Workspace ID, connected account reference, timestamp
- Query configuration (selected metrics, dimensions, date range)
- Execution status (success / error), latency, and row count
- Meta API error subcodes (for diagnostics)
This telemetry is used exclusively for debugging, product improvement, and abuse prevention. It contains no ad performance data — only metadata about the query itself.
2.4 App Usage Data
We collect anonymized interaction data to improve the Service experience, including feature usage patterns, error rates, and performance metrics.
3. How We Use Information
We use the information we collect to:
- Provide and operate the Service — authenticate you, execute queries, run automated syncs, and write data to your Google Sheets™ as explicitly configured by you.
- Enforce plan entitlements — apply query weight limits, rate limits, and daily API budgets based on your subscription tier.
- Process billing — facilitate subscription management, invoicing, and payment processing through our Merchant of Record (see §5).
- Improve the Service — analyze query telemetry to identify errors, optimize performance, and develop new features.
- Communicate with you — send technical notices, security alerts, service updates, and respond to support requests.
- Protect the Service — detect and prevent abuse, fraud, or violations of our Terms of Service.
4. The Right to Purge (Automated Credential Cleanup)
To minimize attack surface and reduce data exposure:
- 7-Day Auto-Purge: If authentication to a connected third-party service (Meta or Google Sheets™) fails for 7 consecutive days, we automatically purge the stored credentials for that connection. This is a security measure designed to limit the window of exposure for stale tokens.
- Manual Disconnect: You can immediately disconnect any connected account and delete all stored credentials at any time via the “Disconnect Account” action in the Service UI. This triggers an immediate, irrevocable purge of the corresponding credentials from our systems.
- Account Abandonment: If your account is inactive for an extended period and your subscription has expired, we reserve the right to purge all stored credentials after reasonable notice.
All purge events are recorded in an immutable audit log.
5. Data Sharing and Third-Party Sub-Processors
We do not sell your personal information or your marketing data to third parties. We share information only with the following sub-processors, as necessary to operate the Service:
| Sub-Processor | Role | Data Accessed |
|---|---|---|
| Supabase | Database hosting with row-level security | Account info, encrypted credentials, saved query configurations, query telemetry, subscription state |
| Hetzner / Coolify | Cloud infrastructure and container hosting | Authentication requests, session tokens, in-memory query processing, transient application logs |
| Polar.sh | Merchant of Record — handles all payment processing, subscription management, tax compliance, and invoicing | Email address, billing information (held by Polar, not us), subscription status |
| Meta Platforms | Data source via Marketing API v24.0 | Your Meta access token (decrypted per-query), query parameters |
| Sheets API for data delivery (via client-side Apps Script); OAuth for login authentication | Spreadsheet IDs, cell ranges |
Each sub-processor operates under its own privacy policy and data protection agreements. We do not share your data with any party not listed above without your explicit consent, unless required by law.
5.1 International Data Transfers
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to, and processed in, the United States where our core infrastructure is hosted. We ensure such transfers comply with applicable data protection laws by implementing appropriate safeguards, including reliance on Standard Contractual Clauses (SCCs) approved by the European Commission (or the UK International Data Transfer Addendum) and sub-processors adhering to the EU-U.S. Data Privacy Framework.
6. Google API Services User Data Policy
Ariametrics’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
The application requests the following scopes:
https://www.googleapis.com/auth/spreadsheets— Used solely to read your saved query configuration and to write your explicitly requested ad data to your designated Google Spreadsheet tabs. We do not access, index, or modify other spreadsheets in your Google Drive.https://www.googleapis.com/auth/script.external_request— Used to communicate with our backend API to fetch the marketing data you have requested.
These scopes are exercised by the Apps Script add-on running within your Google environment, not by our servers.
7. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information (email, company, role) | Duration of active subscription + 30 days post-termination | Contractual necessity; legal compliance |
| Authentication credentials (Meta API only) | Until manual disconnect, 7-day consecutive auth failure, or account termination | Contractual necessity; security |
| Query telemetry (metadata only) | 90 days (rolling) | Legitimate interest — debugging, product improvement |
| Subscription/billing records | As required by applicable tax laws (managed by Polar.sh) | Legal obligation |
| Token audit logs | 1 year | Security audit trail |
After termination, we delete or anonymize your personal information within the retention periods stated above, unless retention is required by law.
8. Data Security
We employ multiple layers of security to protect your information:
- Encryption in transit: All data transmitted between the Google Sheets™ Add-on, our servers, and third-party APIs is encrypted using TLS 1.2+.
- Encryption at rest: All authentication credentials are encrypted at rest using database-managed encryption with externally managed keys. Our application never handles encryption keys directly.
- Row-level security: Our database enforces row-level security policies, ensuring you can only access data belonging to your own workspace.
- Credential isolation: Stored credentials are accessible only by authorized server-side processes and cannot be accessed by other users or client-side code.
- Audit logging: All credential lifecycle events (grant, revoke, refresh, rotation) are recorded in an immutable audit log.
9. Legal Basis for Processing Personal Data
Under the General Data Protection Regulation (GDPR) and applicable data protection laws, we process your personal data on the following legal bases:
- Contractual Necessity: We process your email address and authentication tokens as necessary to fulfill our contractual obligation to provide the Service you have subscribed to.
- Legitimate Interests: We process query telemetry and app usage data based on our legitimate interest in improving the Service, monitoring for errors, and preventing abuse — balanced against your rights and freedoms.
- Consent: For any marketing communications or non-essential data processing, we rely on your explicit consent, which you may withdraw at any time.
- Legal Obligations: We may process personal data as required to comply with applicable laws, such as tax record-keeping or responding to lawful requests.
10. Your Rights and Choices
As a user, you are afforded rights under the GDPR, CCPA, and other applicable data protection laws:
- Right to Access — Request a copy of the personal data we hold about you.
- Right to Rectification — Request correction of inaccurate personal data.
- Right to Erasure — Request deletion of your personal data (see §4 for immediate credential purge via Disconnect).
- Right to Restrict Processing — Request that we limit the processing of your data.
- Right to Data Portability — Request your data in a structured, machine-readable format.
- Right to Object — Object to processing based on legitimate interests.
- Right to Withdraw Consent — Withdraw consent at any time, without affecting the lawfulness of prior processing.
Additional Rights for California Residents (CCPA/CPRA)
- Right to Opt-Out of Sale or Sharing — You have the right to direct us not to sell or share your personal information. Ariametrics does not sell your personal information or marketing data.
- Right to Limit the Use of Sensitive Personal Information — You have the right to limit how your sensitive personal information is used or disclosed. Ariametrics does not collect sensitive personal information beyond credentials required for service operation.
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.
How to exercise your rights
- Revoke Google access: Via your Google Account Security settings.
- Revoke Meta access: Via your Meta Business Integrations settings.
- Disconnect from the Service: Use the “Disconnect Account” button in the Service UI for immediate credential deletion.
- Contact us: Email [email protected] for any data rights request. We will respond within 30 days.
11. Cookies
The Google Sheets™ Add-on sidebar operates within a Google Apps Script iframe and does not set tracking cookies. For our marketing website (ariametrics.com), we may use essential cookies for authentication and analytics. Details are available in our website’s cookie notice.
12. Updates and Amendments
We may update this Privacy Policy periodically to reflect legal, technological, or business developments.
- Material changes: We will provide at least 7 days’ advance notice before significant changes take effect, communicated via email or an in-Service notification.
- Accessibility: The most current version of this Privacy Policy is always accessible at our website and within the add-on.
- Continued use: Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated policy. If you disagree with the changes, you should discontinue use of the Service.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data:
- Email: [email protected]
- Website: https://ariametrics.com
We value your feedback and are committed to addressing your inquiries promptly.