Privacy Policy
Last updated: March 31, 2026
This Privacy Policy explains how Whitead Audit (hereinafter the "Service", "we", "us"), operated by FOP Mazurenko Danyil Oleksandrovych, collects, uses, stores, and protects your personal data when you use our SaaS tool for Google Ads auditing. We comply with the General Data Protection Regulation (GDPR) and applicable data protection legislation.
By using Whitead Audit, you confirm that you have read this Policy and agree to the data processing practices described herein.
1. What data we collect
We only collect data necessary to provide the Google Ads audit service:
- Account data: email, name, username, expertise level — provided by you during registration.
- Google Ads data: campaign metrics, ad settings, spending history — obtained in read-only mode via the Google Ads API. We never modify your campaigns.
- Audit data: audit reports, action plans, AI-generated recommendations — created by our Service based on your advertising data.
- Technical data: IP address, browser type — stored in server logs only. We do not use analytics trackers and do not monitor your on-site behavior.
2. Purpose and legal basis
We process your data on the following legal bases under the GDPR:
| Purpose | Legal basis |
|---|---|
| Providing the service: conducting Google Ads audit, generating recommendations | Performance of a contract, Art. 6(1)(b) GDPR |
| Account management: registration, authentication | Performance of a contract, Art. 6(1)(b) GDPR |
| Service improvement: analyzing audit quality | Legitimate interest, Art. 6(1)(f) GDPR |
3. Cookies and local storage
We only use strictly necessary cookies and local storage data for the Service to function:
- Language preference (cookie) — stores your selected interface language.
- JWT authentication token (localStorage) — enables login to your account.
- Theme preference (localStorage) — stores your selected theme (light or dark).
We do not use analytics cookies, tracking cookies, or advertising cookies. No third-party trackers are installed on our site.
4. Data sharing with third parties
We only share data with partners necessary for the Service to operate:
| Partner | Purpose |
|---|---|
| Vercel | Frontend hosting |
| VPS on adm.tools | Backend hosting (Ukraine) |
| Ads API, OAuth authentication | |
| OpenAI | AI analysis of advertising metrics (minimal data, not used for model training) |
| Plata by Mono | Payment processing (coming soon) |
We do not sell your data to third parties and never will.
5. Data retention
- Audit reports: retained for up to 24 months from creation.
- Account data: retained while your account exists + 12 months after deletion.
- Payment data: retained as required by law (typically 7 years for financial records).
6. Your rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: obtain a copy of the personal data we process about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data.
- Right to restrict processing: restrict the processing of your data under certain conditions.
- Right to data portability: receive your data in a structured, commonly used format.
- Right to object: object to the processing of your data based on legitimate interest.
- Right to lodge a complaint: file a complaint with a data protection supervisory authority.
Account deletion: you can delete your account under Settings → Profile → Delete Account. Deletion cascades to all your data: audits, reports, recommendations, and action plans.
To exercise any of these rights, contact us at support@whitead.digital. We will respond within 30 days.
7. Data security
We implement appropriate technical and organizational measures to protect your data:
- TLS encryption for all connections between your browser and our servers.
- OAuth tokens encrypted using the Fernet algorithm.
- Role-based access control.
- Daily database backups.
- Read-only access to Google Ads — we never modify your campaigns.
8. International data transfers
Our servers are located in the EU/US (Vercel, Google Cloud) and in Ukraine (VPS on adm.tools). For data transfers outside the European Economic Area, we use Standard Contractual Clauses (SCC) under the GDPR to ensure an adequate level of protection for your data.
9. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be published on this page with a new "Last updated" date. In the event of significant changes, we will notify you by email to the address associated with your account.
10. Contact information
Data Controller: FOP Mazurenko Danyil Oleksandrovych
- Email: support@whitead.digital
- Address: Nova Poshta, branch 16, Vyshneve, Kyiv region, Ukraine