Privacy Policy

This Privacy Policy explains how Oklama ("we," "us," or "our") collects, uses, stores, and shares information when you use our web application and related services that integrate with Google accounts and the Google Ads API. This policy is designed to meet Google's OAuth app verification and Limited Use requirements, as well as generally applicable privacy standards.

By using our Service at oklamads.com, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

2. What Data We Access from Google

With your explicit consent during the OAuth process, Oklama requests limited access to Google data strictly necessary to provide our features. The exact scopes and purposes are shown on the Google consent screen during sign-in.

2.1 OAuth Scopes We Request

We do not request access to Gmail content, Google Drive files, Google Calendar, or any other unrelated Google services.

3. Information We Collect

3.1 Information You Provide Directly

• Email Address: Used for account identification, authentication, and communication
• Name: Used for personalization and account management
• Password: Securely hashed using bcrypt and stored for account authentication (if you register with email/password)
• Google Account Information: If you sign in with Google, we receive your Google ID, email address, and name

3.2 Google Ads Data

When you connect your Google Ads account to Oklama, we access and store the following data:

• Account Information: Google Ads customer IDs, account names, account types (manager or client accounts), and account hierarchy
• Campaign Data: Campaign names, IDs, status, and settings
• Ad Group Data: Ad group names, IDs, and settings
• Keyword Data: Keywords, match types, bids, and performance metrics
• Search Terms: Search queries that triggered your ads, along with associated performance data including impressions, clicks, conversions, and cost
• Performance Metrics: Aggregated statistics such as impressions, clicks, click-through rates, conversions, conversion rates, and cost data

3.3 Automatically Collected Information

• Usage Data: Pages visited, features used, and actions taken within Oklama
• Device Information: Browser type, operating system, IP address, and device identifiers
• Authentication Tokens: OAuth access tokens and refresh tokens (encrypted at rest using AES-256 encryption with PBKDF2 key derivation)
• Session Data: Login timestamps, session duration, and authentication status
• Operational Telemetry: Job IDs, sync timestamps, performance counters, error logs, and audit events necessary for reliability and support

4. How We Use Your Data

We use Google user data only to provide and improve clearly user-facing features that you interact with inside Oklama, including:

4.1 Core Service Functionality

• Account Management: Creating, maintaining, and securing your user account
• Authentication: Verifying your identity and managing secure access to your account
• Google Ads Integration: Displaying your accessible Google Ads accounts and entities (campaigns, ad groups, keywords)
• Search Term Analysis: Ingesting and analyzing search terms and related performance metrics from your Google Ads account
• AI Classification: Using artificial intelligence (OpenAI GPT-4) to classify search terms as positive keywords, negative keywords, or non-worth-adding based on relevance, intent, and performance
• Keyword Management: Executing your explicit actions to add or remove keywords via the Google Ads API when you approve them in the Oklama interface
• Performance Tracking: Providing usage analytics, job status, and health checks related to your account syncs
• Automated Optimization: Running scheduled synchronization tasks to keep your data up-to-date

We do not use Google data to serve ads, build advertising profiles, or for any purpose unrelated to these user-facing features.

5. Google API Services User Data Policy Compliance

Oklama's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Limited Use Requirements

Oklama complies with Google's Limited Use requirements. Specifically:

• Limited Use: We only use Google user data (including Google Ads data) to provide and improve our keyword management features. We do not use this data for serving advertisements or for any other purpose unrelated to our Service.
• No Human Reading: Your Google Ads data is processed automatically by our systems and AI models. No human at Oklama reads your data except when necessary to provide customer support at your request or to comply with legal obligations.
• No Transfer to Third Parties: We do not transfer your Google user data to third parties except as necessary to provide our Service (e.g., sending search term text to OpenAI for classification) or as required by law. We do not sell personal data or share it with data brokers or advertisers.
• No AI/ML Model Training: We do not use or transfer Google user data to build or improve generalized AI/ML models outside of Oklama's user-facing functionality.
• Secure Handling: All data received from Google APIs is transmitted and stored securely using industry-standard encryption.

6. Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating our Service. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

• Google Cloud Platform: For authentication services (Google OAuth 2.0) and Google Ads API access
• MongoDB Atlas: For secure database hosting and data storage
• Redis Cloud: For caching, session management, and rate limiting
• OpenAI: For AI-powered search term classification using GPT-4 (we send search term text, performance metrics, and campaign context, but not your personal identifying information)
• SendGrid: For transactional email delivery (account notifications, password resets, etc.)
• Sentry: For error monitoring and application performance tracking (anonymized error logs only)
• Payment Processor: For billing and subscription management (we do not store full payment card details on Oklama servers)

7. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect it:

7.1 Encryption

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS)
• Data at Rest: Sensitive data, including OAuth tokens and refresh tokens, is encrypted in our database using AES-256 encryption with PBKDF2 key derivation (100,000 iterations)
• Password Security: User passwords are hashed using industry-standard bcrypt hashing with salt

7.2 Access Controls

• Authentication: Secure session management with JWT tokens
• Authorization: Role-based access controls and least-privilege principles for production systems
• Token Management: Scoped OAuth tokens with no broader access than requested or needed

7.3 Infrastructure Security

• Input Validation: Comprehensive input validation and sanitization
• Rate Limiting: Protection against brute-force attacks and API abuse
• Monitoring: Continuous monitoring for suspicious activity and security incidents
• Audit Logging: Detailed logging and alerting for anomalous behavior
• Regular Updates: Regular dependency updates and security patches

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained for the duration of your account plus a reasonable period afterward for legal and business purposes
• Google Ads Data: Search terms, keywords, and performance data are retained to provide historical analytics and longitudinal auditing features
• Authentication Tokens: OAuth tokens are rotated and retained only while required to perform user-authorized actions
• Logs and Analytics: Typically retained for 90 days for operational purposes, longer if required for security or legal reasons

When you delete your account, we will delete or de-identify personal data within a commercially reasonable time, except where retention is required by law, dispute resolution, or security.

9. Your Rights and Choices

9.1 Access and Portability

You can access your account information and Google Ads data through our dashboard. You can request a copy of your data by contacting us.

9.2 Correction

You can update your name and email address through your account settings. If you need to correct other information, please contact us.

9.3 Data Deletion

You can request deletion of your account and associated data by emailing yarinerez2121@gmail.com from the email address linked to your account with the subject line "Delete my Oklama account". After verifying ownership, we will delete or irreversibly de-identify your personal data (including stored Google Ads-related records) within a reasonable period, subject to legal obligations.

9.4 Revoke Access

You can disconnect Oklama's access and revoke OAuth tokens at any time by:

1. Visiting your Google Account Permissions page
2. Finding "Oklama" in the list of connected apps
3. Clicking "Remove Access"

9.5 Email Preferences

You can control email notification preferences in your account settings. You cannot opt out of essential service emails (e.g., security alerts, account status changes).

9.6 Export Data

You may export selected data upon request, where feasible, by contacting us.

10. International Data Transfers

Oklama may process and store data on servers located outside of your country. These countries may have data protection laws that are different from the laws of your country. Where applicable law requires, we rely on appropriate safeguards (such as Standard Contractual Clauses approved by the European Commission) for such transfers and implement technical and organizational measures to protect your information.

11. Children's Privacy

Oklama is intended for use by businesses and individuals over the age of 13 (or 16 in the European Economic Area, or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address (for significant changes)
• Providing additional notice or obtaining consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. How to Contact Us

For privacy questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

14. Data Protection Officer

For users in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

Scope-by-Scope Disclosure

Below is a plain-language explanation of each Google scope we request and why:

If you have questions about scopes or wish to limit or revoke access, you can manage Oklama's access in your Google Account security settings at any time.