Free & no commitmentTalk to Paolo now
Book a Call →
Privacy Notice

Privacy Policy

Information on the processing of personal data pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003 (Privacy Code) as amended by Legislative Decree 101/2018.

Last updated: March 9, 2026

1. Data Controller

The Data Controller is Colibryx S.r.l., with registered office at Via Riccardo Felici 11, 37135 Verona (VR), Italy, VAT No. 04901390239, REA VR 459634.

For any communication regarding the processing of personal data, you may contact the Data Controller at the email address: [email protected].

2. Types of data collected

When you connect your Google account to Ads MCP via OAuth 2.0, the application may request access to the following types of data depending on the Google services you choose to connect:

a) Browsing data

Campaign data, ad group data, keywords, search terms reports, performance metrics (impressions, clicks, conversions, cost), conversion data and conversion actions, budget information, quality scores, auction insights, and account-level recommendations.

b) Data voluntarily provided by the user

Account and property summaries, report data (dimensions, metrics, funnels, real-time), key events (conversions), audiences, custom dimensions, and data stream configurations.

c) Cookies and tracking technologies

Accounts, containers, tags, triggers, variables, workspace data, versions, and built-in variable configurations.

d) Google Search Console

Search analytics data (queries, pages, impressions, clicks, position), URL inspection results, sitemaps, and site verification status.

e) Google Business Profile

Location information, reviews, business hours, and business profile details.

3. Purposes and legal basis of processing

Personal data is processed for the following purposes:

  • Service provision and request management (Art. 6(1)(b) GDPR): to respond to requests submitted through contact forms, manage applications, and provide the requested consulting service.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): to fulfill obligations established by law, regulations, or EU legislation.
  • Statistical analysis (Art. 6(1)(a) GDPR — consent): with the user's consent, analysis of website usage through Google Analytics 4 and Microsoft Clarity to improve service quality and browsing experience.
  • Marketing and remarketing (Art. 6(1)(a) GDPR — consent): with the user's consent, use of Meta Pixel to measure advertising campaign effectiveness and deliver personalized content.
  • Security and fraud prevention (Art. 6(1)(f) GDPR — legitimate interest): use of Google reCAPTCHA to protect website forms from automated abuse.
  • A/B testing: creating and managing campaign experiments and comparing results.

Data is used ONLY for providing and improving user-facing features prominent in the application's user interface.

Google user data is:

  • NOT sold to third parties.
  • NOT used for advertising, retargeting, or serving ads.
  • NOT used to determine credit-worthiness or for lending purposes.
  • NOT used to train generalized artificial intelligence or machine learning models.

4. Data recipients

  • Cloudflare, Inc. — Hosting and CDN (Content Delivery Network)
  • Twilio Inc. (SendGrid) — Transactional email delivery
  • Google LLC — Google Analytics 4, Google reCAPTCHA
  • Microsoft Corporation — Microsoft Clarity

5. Transfer of data to third countries

Some of the above providers are based in the United States of America or in other countries outside the European Economic Area. Data transfers comply with Chapter V of the GDPR and are based on:

  • EU-US Data Privacy Framework for providers certified under the European Commission's adequacy decision;
  • Standard Contractual Clauses (SCC) adopted by the European Commission under Art. 46(2)(c) GDPR, where the Data Privacy Framework is not applicable.
  • Merger or acquisition: in connection with a merger, acquisition, or sale of assets, in which case the successor entity will be bound by the same data protection obligations.

The following service providers may process limited data in connection with the Ads MCP website (not Google user data):

  • Cloudflare, Inc. — website hosting and CDN.
  • Twilio Inc. (SendGrid) — contact form email delivery only.
  • Google LLC — Google reCAPTCHA for spam protection on the website.

6. Data retention period

  • Contact and consultation form data: retained for a maximum of 24 months from collection, unless otherwise required by legal or contractual obligations.
  • Application data: retained for a maximum of 24 months from receipt, for potential future employment opportunities.
  • Browsing data and analytics cookies: retained according to the timeframes specified in the Cookie Policy.
  • Data for tax and accounting obligations: retained for 10 years pursuant to Art. 2220 of the Italian Civil Code.

7. Data subject rights

a) Revoking OAuth Access

You may revoke Ads MCP's access to your Google account at any time by visiting your Google Account permissions page, selecting Ads MCP, and clicking "Remove Access." This will immediately prevent any further access to your Google data.

b) Data Export and Deletion

You may request a full export or deletion of any personal data held by Colibryx by emailing [email protected]. We will respond within 30 days.

c) Account Disassociation

You may request to disassociate your Google Ads accounts from Ads MCP at any time. We will process disassociation requests within 3 business days.

d) GDPR Rights

Under Articles 15–22 of the GDPR, you have the right to:

  • Access (Art. 15): obtain confirmation of the existence of processing and access their personal data.
  • Rectification (Art. 16): obtain correction of inaccurate data or completion of incomplete data.
  • Erasure (Art. 17): obtain the erasure of their data, in cases provided for by law.
  • Restriction (Art. 18): obtain restriction of processing, in cases provided for by law.
  • Portability (Art. 20): receive data in a structured, commonly used, and machine-readable format.
  • Objection (Art. 21): object to data processing at any time, on grounds relating to their particular situation.
  • Withdrawal of consent (Art. 7): withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

e) Supervisory Authority

If you believe your personal data is being processed in violation of the GDPR, you have the right to lodge a complaint with the Garante per la protezione dei dati personali (Piazza Venezia 11, 00187 Roma — www.garanteprivacy.it), pursuant to Art. 77 of the GDPR.

8. How to exercise your rights

The user may exercise their rights by sending a written request to the email address [email protected], or by registered mail to the registered office: Via Riccardo Felici 11, 37135 Verona (VR), Italy.

9. Right to lodge a complaint

In accordance with Google's Limited Use requirements, Ads MCP adheres to the following restrictions on the use of Google user data:

  • We use Google user data only to provide or improve user-facing features that are prominent in the requesting application's user interface.
  • We transfer Google user data to others only if necessary to provide or improve user-facing features that are prominent in the application (with user consent), for security purposes, to comply with applicable laws, or as part of a merger, acquisition, or asset sale where the successor is bound by the same restrictions.
  • We do not allow humans to read Google user data unless: (a) the user has given affirmative agreement for specific data to be read (e.g., for customer support), (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required by applicable law, or (d) the data is aggregated and anonymized and used only for internal operations.
  • All other transfers, uses, or sales of Google user data are prohibited.

10. Changes to this privacy notice

The Data Controller reserves the right to modify this privacy notice at any time. Any changes will be published on this page with an indication of the last update date. Users are encouraged to periodically consult this page to review the most recent version.

Exceptions to this are limited to:

  • Explicit user consent: if you request technical support and provide affirmative agreement for a Colibryx team member to view specific data to resolve your issue.
  • Security investigation: if required to investigate a security incident, fraud, or abuse affecting the application or its users.
  • Aggregated and anonymized data: data that has been fully aggregated and anonymized such that it cannot be associated with any individual user, used solely for internal operations and service improvement.

11. Cookies and Tracking

The Ads MCP website uses cookies and similar technologies. For detailed information about the cookies used, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

The website may use:

  • Google reCAPTCHA: to protect forms against automated abuse. reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.
  • Analytics cookies: with your consent, anonymous usage statistics may be collected to improve the website experience.

12. Policy Updates

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We are committed to seeking user consent before making material changes that affect how Google user data is processed.

We encourage you to review this page periodically to stay informed about our privacy practices.