AdKey

Privacy Policy

Last updated: April 11, 2026

1. Who we are

AdKey is a Google Ads management tool operated by Red Key Digital (“AdKey”, “we”, “us”, or “our”). AdKey lets authorized users manage Google Ads accounts they already have access to, from a single dashboard.

This policy explains what information we collect, how we use it, how we store it, and how you can delete it.

2. Information we collect

When you sign in to AdKey with Google, we collect:

  • Account profile: your name, email address, Google account ID, and profile picture. These come from Google's standard OpenID Connect profile scopes and are used to identify your AdKey account.
  • Google OAuth tokens: access tokens and refresh tokens issued by Google's authorization server. These tokens let AdKey call the Google Ads API on your behalf for the Google Ads accounts you choose to manage.
  • Google Ads account metadata: customer IDs, account names, currency, time zone, and MCC relationships for the Google Ads accounts you connect.
  • Your preferences: which account you have selected, UI preferences, and saved report views.

We do not collect payment information, we do not collect data from Google services other than Google Ads, and we do not build advertising profiles or sell data to third parties.

3. Google user data — scopes and limited use

AdKey requests the following Google OAuth scopes:

  • openid, email, profile — to identify you and create your AdKey account.
  • https://www.googleapis.com/auth/adwords — to read and manage the Google Ads accounts you authorize.

AdKey's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features of AdKey that are prominent in the application's user interface — namely, managing your Google Ads campaigns, ad groups, ads, keywords, conversions, budgets, bidding strategies, and reports.
  • We do not transfer Google user data to third parties except as necessary to provide or improve these user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
  • We do not allow humans to read Google user data unless we have your affirmative consent for specific messages, it is necessary for security purposes (such as investigating abuse), it is necessary to comply with applicable law, or the data (including derivations) has been aggregated and anonymized and is used for internal operations.
  • We do not use Google user data to train generalized or third-party AI/ML models.

4. How we store your data

AdKey stores data in a managed PostgreSQL database hosted in a secure cloud environment. Communication between your browser, AdKey's servers, and Google's APIs is always encrypted in transit using TLS.

Google OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM envelope encryption with a key held only by AdKey. Tokens are never written to logs and are never included in session cookies or JWTs sent to the browser.

Access to production systems is restricted to authorized Red Key Digital personnel and is protected by two-factor authentication.

5. How long we keep your data

We retain your AdKey account data, connected Google Ads account metadata, and encrypted tokens for as long as your AdKey account is active. When you delete your account (see below), all of this data is permanently removed from our production database within 30 days, and your Google OAuth tokens are revoked immediately.

6. Your rights — access, correction, deletion

You can disconnect AdKey from your Google account at any time by visiting myaccount.google.com/permissions and removing AdKey's access. This immediately invalidates AdKey's tokens.

You can also delete your entire AdKey account and all associated data by signing in and clicking “Delete my account” on the Settings page. When you do this, AdKey will:

  • Immediately revoke your Google OAuth refresh token with Google's revocation endpoint.
  • Permanently delete your AdKey user record, OAuth accounts, sessions, connected Google Ads account metadata, preferences, and encrypted tokens.
  • Sign you out of all AdKey sessions.

If you prefer to make the request by email, contact us at privacy@redkey.digital from the email address associated with your AdKey account and we will process your deletion within 30 days.

7. Data we do not access

AdKey does not request access to Gmail, Google Drive, Google Calendar, Google Contacts, YouTube, Google Photos, or any other Google service outside of Google Ads. If you see a consent screen asking for scopes other than the ones listed in section 3, stop and contact us — it is not us.

8. Children's privacy

AdKey is a professional advertising tool and is not directed to children under 16. We do not knowingly collect personal information from children.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the app and the “Last updated” date at the top of this page will be revised. Continued use of AdKey after a change constitutes acceptance of the updated policy.

10. Contact us

Questions about this policy or how we handle your data? Email privacy@redkey.digital.