dashwoot

Privacy Policy · Last updated: 2026

Privacy Policy

This Privacy Policy describes how Dashwoot ("we", "our", "us") collects, uses, and protects information when you use our platform. By using Dashwoot, you agree to the practices described below.

1. Scope

Dashwoot is a business-to-business (B2B) SaaS tool for digital marketing agencies. We process data on behalf of the agency (the "Customer") and their authorized end-users (agency staff). We do not collect personal data of end consumers visiting our customers' websites or interacting with their ads.

2. Information We Collect

2.1 Account Information

• Email address (used for magic-link authentication)
• Name (optional, provided during registration)
• Role within the agency (admin, member, super_admin)
• IP address and user agent (recorded in session and audit logs)

2.2 Third-party Platform Credentials

• Google Ads: OAuth refresh token, developer token, customer ID, optional login customer ID
• Meta Ads: App ID, app secret, access token, ad account IDs
• Chatwoot: PostgreSQL connection credentials (host, port, database, user, password)

All credentials are encrypted at rest using AES-256-GCM with per-record initialization vectors. The encryption key is held only in the Dashwoot backend environment and is never exposed to the client browser or third parties.

2.3 Performance Metrics (Read-only)

From your Google Ads and Meta Ads accounts, we read the following data strictly for visualization purposes:

• Campaign performance metrics (impressions, clicks, cost, conversions)
• Search terms and ad groups data
• Time-series aggregated by day
• Campaign and ad account metadata (names, currency, time zone)

We do not collect personally identifiable information from ad recipients (email addresses, phone numbers, device identifiers).

3. How We Use Information

• To provide the dashboard and reporting features
• To authenticate users and maintain sessions
• To enforce access control between tenants
• To generate audit logs for compliance and security purposes
• To respond to support requests

We do not:

• Sell or transfer your data to third parties for advertising or marketing purposes
• Use Google or Meta data to train machine learning models
• Share data between tenants (each agency's data is strictly isolated)
• Modify your Google Ads or Meta Ads campaigns programmatically

4. Google API Services User Data Policy

Dashwoot's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the minimum scopes necessary (https://www.googleapis.com/auth/adwords for read-only Google Ads access)
• We do not transfer Google user data to others except as necessary to provide our service
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless we have your explicit consent for specific support, debugging, or security purposes

5. Data Retention

• Active credentials and metrics: Retained as long as the customer's account is active
• Audit logs: Retained for 12 months
• Session tokens: Expire after 30 days of inactivity
• OAuth refresh tokens: Deleted immediately when a customer disconnects an integration or cancels their account

6. Data Security

• All sensitive credentials encrypted at rest using AES-256-GCM
• All API communications over HTTPS/TLS 1.3
• Database access restricted by per-tenant role with read-only privileges where possible
• Audit logs of all credential changes and login events
• Regular dependency updates and security patches

7. Your Rights

You have the right to:

• Access the data we hold about you
• Request deletion of your data (account deletion)
• Revoke OAuth permissions at any time via your Google account settings
• Disconnect any integration (Google Ads, Meta Ads, Chatwoot) — credentials are deleted immediately

8. Children's Privacy

Dashwoot is a B2B tool not directed at individuals under 16 years of age. We do not knowingly collect personal information from children.

9. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active account owners.

10. Contact

Questions about this Privacy Policy? Contact us at alangaleiro@gmail.com.