Data & API Usage

Last updated: 3 June 2026

This page describes how Promostar Media Private Limited (“Promostar”, “we”) uses the Google Ads API, what data we access through it, how we store and protect that data, and our compliance commitments. It supplements our Privacy Policy for users and clients whose Google Ads accounts we manage.

Quick summary. The Google Ads API is used exclusively by our in-house media-buying team to manage Google Ads accounts owned by Promostar or by clients who have authorised us to manage them. Our developer token is never transferred or shared with third parties. We store only the minimum data required to operate, and every action is auditable.

1. Why we use the Google Ads API

Our team manages multiple Google Ads accounts on behalf of our own brands and clients. Doing this work through the native Google Ads UI alone is not operationally feasible at our scale — switching between accounts to monitor performance, compare campaigns, or run consistent changes across many accounts. We built an internal management cockpit (“Promostar Ads Manager”) on top of the Google Ads API that lets our team:

Read campaign performance metrics across every account we manage from a single view.
Pause and re-enable campaigns individually or in bulk.
Adjust daily budgets and bidding-strategy targets (Target CPA, Target ROAS, Maximize Conversions, etc.).
Launch new campaigns and clone proven structures into additional accounts.
Evaluate automated rules that adjust budgets or status based on conversion thresholds.
Generate per-campaign performance reports for sharing with the relevant client stakeholders.

2. Scope — who uses the tool

Promostar Ads Manager is an internal tool. Access is restricted to authenticated Promostar employees via Google sign-in and is not available to the general public, to clients, or to any third party.

We do not sell, resell, license, sublicense, or otherwise distribute the tool or the underlying API access to any third party. The Google Ads developer token issued to us is never transferred or shared.

3. What data we access through the API

Through the Google Ads API we read and, where the user authorises it, write the following categories of data within accounts we manage:

Performance metrics — cost, impressions, clicks, conversions, conversion value, CTR, CPA, ROAS, segmented by date, hour, and campaign.
Campaign metadata — campaign name, status, advertising channel type, bidding strategy and its numeric target (target CPA, target ROAS, CPC ceiling).
Budget metadata — the daily budget amount associated with each campaign.
Account structure — the manager-account-to-child-account hierarchy under MCCs that have been linked to our tool, including descriptive name, currency, and timezone.

We do not access user-level personal data, billing details, or anything outside the scope listed above.

4. How we store this data

Performance and metadata returned by the Google Ads API is stored in a local PostgreSQL database hosted on Google Cloud Platform (Cloud SQL, asia-south1 region). The store is read-only from the operator’s perspective and is regenerated periodically from the source-of-truth (Google Ads) on a scheduled sync.

We store this data so that report pages and dashboards can render without re-querying the Google Ads API on every page load — this is both a performance and a quota-conservation measure. Closed days are sealed and never re-fetched.

5. Credentials and authentication

The Google Ads developer token is stored in Google Secret Manager. It is never logged, transmitted to a third party, or embedded in client-side code.
OAuth refresh tokens used to call the Google Ads API on a managed account’s behalf are encrypted at rest in our database and accessible only to the application’s service account.
Operator sign-in is delegated to Google via OAuth 2.0; we do not store passwords.

6. Data retention

Performance snapshots are retained for as long as the corresponding Google Ads account is linked to our tool. When a managed account is unlinked, its cached snapshots are deleted within 30 days. Audit-log entries (described below) are retained for one year and then deleted.

7. Auditability and accountability

Every write performed against the Google Ads API through our tool — campaign creates, pause/enable actions, budget changes, bid changes, rule-engine actions — is recorded in an immutable internal audit log with the actor (user), the target resource, the action, the payload, and a timestamp. This lets us answer at any time: who changed what, when, and why.

8. Compliance commitments

We comply with the Google Ads API Terms of Service, including the policies on token handling, data usage, and user notification.
We comply with the Google Ads policies as they apply to the campaigns we manage.
We do not impersonate, mislead, or otherwise misrepresent the source of API calls.
We do not use the API to circumvent the Google Ads UI, automate prohibited tasks, or facilitate any activity that violates Google’s policies.
We notify clients promptly of any incident affecting their data or their accounts.

9. Quota and rate-limit handling

The tool is engineered to operate well within the Google Ads API quota and per-minute rate limits. Mutations are batched per account in a single mutate request where possible; bulk operations are paced so a 600-campaign job spread across ~30 accounts results in approximately 30 requests rather than 600. Quota-exhaustion responses are handled gracefully with retry-after honoured.

10. Contact

For questions about how we use the Google Ads API or how we handle your data: privacy@promostar.co.in.

For account managers and clients with an active engagement: support@promostar.co.in.