This Privacy Policy explains how myWebhero Ltd ("myWebhero", "we", "us") collects, uses, stores, shares and protects information when you use AdTool (the "Service"), available at app.mywebhero.co.uk. It includes specific disclosures about data accessed through Google APIs.
Google Limited Use commitment. AdTool's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not use it to train generalised artificial intelligence or machine-learning models.
Contents
1. Who we are
AdTool is operated by myWebhero Ltd, a company registered in England & Wales, based at Suite FF8, Heybridge Business Centre, 110 The Causeway, Maldon, Essex, CM9 4ND, United Kingdom. For the purposes of UK GDPR, myWebhero Ltd is the data controller for personal data processed through the Service. You can reach us at hello@mywebhero.co.uk.
2. Information we collect
Information you provide
- Account & identity data: when you sign in with Google, we receive your name, email address and Google account identifier.
- Account settings: preferences you configure within AdTool, such as report tone, target ROAS/CPA, and automation rules.
- Communications: any information you send us by email or support request.
Information from connected Google accounts
Only after you explicitly connect an account, and only for the products you choose to connect, we access data from the relevant Google API (detailed in section 3).
Information collected automatically
- Usage & log data: IP address, browser type, pages visited, and timestamps, used for security and to operate the Service.
- Cookies: a strictly necessary session cookie to keep you signed in. We do not use advertising or cross-site tracking cookies.
3. Google user data & API scopes
AdTool requests Google OAuth scopes in layers. Signing in requires only identity scopes. The data scopes are requested separately, each behind its own consent screen, and only when you actively choose to connect that product. You can use AdTool's sign-in without granting any data scopes.
| Scope | When requested | What it allows & why |
|---|---|---|
openid, userinfo.email, userinfo.profile |
At sign-in | To authenticate you and create your AdTool account using your name and email. No advertising or product data is accessed by these scopes. |
.../auth/adwords |
When you connect a Google Ads account | To read account, campaign, keyword, ad and performance data for audits and reporting, and — only when you create automation rules or take an explicit action — to apply changes you have configured (e.g. budget or bidding adjustments, IP exclusions, keyword updates). |
.../auth/content |
When you connect a Merchant Center account | To read your product catalogue, feed health, item issues and shopping performance for the Merchant Center audit and feed tools, and — only when you explicitly request it — to update product attributes and supplemental feeds you manage in AdTool. |
.../auth/datamanager |
When you enable offline conversion uploads | To upload offline conversion data you provide to your linked Google Ads account, so your reporting reflects conversions that happen off-website. |
We request the minimum scopes necessary for the features you use. If you never connect a Google Ads or Merchant Center account, we never request or access that data.
4. How and why we use data
We use the data described above only to provide and improve the features you have chosen to use:
- To authenticate you and maintain your account and session.
- To generate Google Ads and Merchant Center / Shopping audits, including scores, issue detection and the per-product analysis.
- To produce reports and dashboards you request, and to enable shareable report links you create.
- To run the automations you have explicitly configured (for example, daily spend-cap rules) and to perform actions you initiate (for example, editing a product attribute or uploading an offline conversion).
- To maintain the security, reliability and integrity of the Service.
- To respond to your support requests.
Our legal bases under UK GDPR are: performance of our contract with you (to provide the Service), your consent (for connecting Google accounts and for any optional processing), and our legitimate interests (security and Service operation).
5. AI processing
AdTool uses a third-party AI provider, Anthropic (the Claude API), to generate the written narrative and recommendations within audits and reports. To do this, we send the AI provider a summary of the relevant audit data — for example aggregate scores, identified issues, and selected metrics — needed to produce the narrative.
We do not use Google user data, or any of your data, to train generalised AI or machine-learning models, and our AI provider does not train its models on data submitted through its API. AI processing is used solely to generate output for you, within your own audits and reports.
6. How we share data
We do not sell your personal data or Google user data, and we do not share it for advertising. We share data only in these limited circumstances:
- Service providers (sub-processors): trusted vendors who process data on our behalf under contract, including our cloud hosting provider and our AI provider (Anthropic), strictly to provide the Service.
- People you share with: if you generate a shareable report link, anyone with that link can view that report. You control whether to create or revoke such links.
- Legal requirements: where we are required to disclose data by law or to protect our legal rights.
- Business transfers: in connection with a merger, acquisition or asset sale, subject to this Policy.
7. Limited Use of Google data
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide or improve user-facing features that are prominent in AdTool.
- We do not transfer or sell Google user data for serving ads, including retargeting or personalised advertising.
- We do not use or transfer Google user data for determining creditworthiness or for lending purposes.
- We do not allow humans to read Google user data unless: you have given affirmative consent for specific data; it is necessary for security purposes (e.g. investigating abuse); to comply with applicable law; or the data has been aggregated and anonymised for internal operations.
- We do not use Google user data to train generalised or non-personalised AI/ML models.
8. Data retention
We keep your account data for as long as your account is active. Audit and report records are retained so you can access your history, until you delete them or close your account. OAuth refresh tokens are stored, encrypted, only for as long as the connection remains active and are deleted when you disconnect an account or revoke access. When you delete an audit, its underlying records (including per-product rows) are removed. When you close your account, we delete or anonymise your personal data and Google user data within a reasonable period, except where we must retain limited records to comply with law.
9. How we protect data
- All data in transit is encrypted using TLS/HTTPS.
- Sensitive credentials, including Google OAuth tokens, are encrypted at rest.
- Access to production systems is restricted and logged.
- We request read-only access wherever a feature does not require writes, and writes occur only on your explicit action or configured automation.
No method of transmission or storage is completely secure, but we take reasonable and appropriate measures to protect your data.
10. Your rights & choices
Subject to applicable law (including UK GDPR), you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise these rights, email hello@mywebhero.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
11. Revoking access
You can disconnect any connected Google account at any time from within AdTool's account settings, which deletes the stored tokens for that connection. You can additionally review and revoke AdTool's access directly from your Google Account at myaccount.google.com/permissions. Revoking access stops all further data access; to also delete data we already hold, contact us or close your account.
12. International transfers
We are based in the United Kingdom. Some of our service providers may process data outside the UK/EEA. Where data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent mechanisms.
13. Children
AdTool is a business tool and is not directed to anyone under 18. We do not knowingly collect personal data from children.
14. Changes to this policy
We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide a more prominent notice. Continued use of the Service after changes take effect constitutes acceptance.
15. Contact us
myWebhero Ltd
Suite FF8, Heybridge Business Centre, 110 The Causeway, Maldon, Essex, CM9 4ND, United Kingdom
Email: hello@mywebhero.co.uk
Phone: 01268 956006