Privacy Policy

Last updated: 3 June 2026

Promostar Media Private Limited (“Promostar”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to visitors of promostar.co.in, to clients who engage us, and to users of our internal management platform (Promostar Ads Manager).

In one sentence: we collect only the data we need to provide our marketing services and run our internal tools, we never sell it, and we comply with Google’s API Terms of Service for any data accessed through the Google Ads API.

1. Who we are

Promostar Media Private Limited is a private limited company registered in India, with its principal place of business in New Delhi. We are the data controller for personal information processed in the operation of our business.

Contact: privacy@promostar.co.in · +91 98721 67124

2. Information we collect

2.1 From website visitors

Contact form submissions — name, email, company name, and any message content you choose to send us via the contact form.
Technical logs — IP address, browser user-agent, pages visited, and referrer. Used for security and basic analytics; retained for 90 days.

2.2 From clients we engage

Business information required to set up and operate the engagement (contact persons, billing details).
Google Ads account access — the client links their Google Ads account(s) to our manager account (MCC) so we can manage their advertising on their behalf. Through this access we read campaign data and perform agreed campaign-management actions.
Tracker data — aggregated conversion / attribution data from third-party trackers (e.g. Clickflare) the client uses, keyed by Google Ads campaign id, for cross-source reporting.

2.3 From users of our internal platform

Authentication identity — name, email, profile picture obtained via Google Sign-In (OAuth).
Activity audit log — every mutation the user performs is recorded with actor, target, action, payload, and timestamp.

3. How we use this information

To deliver the marketing services agreed in our engagement letter or services contract with clients.
To operate the Google Ads accounts our clients have authorised us to manage — including reading performance data and making campaign changes such as pausing, enabling, updating budgets and bids, and launching new campaigns.
To provide our internal team with reporting, dashboards, and audit accountability.
To respond to enquiries received through our contact form or by email.
To keep our systems secure (logs, intrusion detection).
To comply with legal obligations (taxation, regulatory enquiries).

4. Google Ads data — specific commitments

Data accessed via the Google Ads API is handled in accordance with the Google Ads API Terms of Service. We commit specifically:

Not to transfer or share our Google Ads API developer token with any third party.
Not to use Google Ads data to build advertising profiles unrelated to the managed account or for any purpose outside the client engagement that produced it.
To restrict access to Google Ads data to authorised Promostar employees with a business need to know.
To delete or return Google Ads data on request from the client whose data it is.

A full description of our Google Ads API usage is available on the Data & API Usage page.

5. Sharing and third parties

We do not sell personal information. We share data only with:

Google Ads — necessarily, since we operate Google Ads campaigns on the client’s behalf using their account.
Sub-processors that host or power our systems — Google Cloud Platform (hosting and storage, asia-south1 region), Auth.js / Google Sign-In (authentication), Clickflare (where the client uses Clickflare as their tracker).
Authorities — if required by law, valid legal process, or to protect rights, property, or safety.

6. Where data is stored

Our application infrastructure runs on Google Cloud Platform, primarily in the asia-south1 (Mumbai) region. Some data may transit through other GCP regions for the operation of Google’s own services (e.g. authentication). We do not knowingly transfer personal data outside the regions necessary for service operation.

7. Retention

Contact form submissions: retained as long as needed to respond and follow up, typically 24 months.
Google Ads performance snapshots: while the corresponding account is linked, then deleted within 30 days of unlinking.
Internal audit logs: 12 months.
Billing and legal records: as required by applicable law (typically 7 years).

8. Security

All traffic served over HTTPS with managed TLS certificates.
OAuth refresh tokens and the developer token are stored in Google Secret Manager.
Role-based access control inside the internal platform — each user only sees and can act on the accounts their role permits.
Every mutation is logged in an immutable audit trail.

9. Your rights

You can request access, correction, export, or deletion of your personal data by emailing privacy@promostar.co.in. We will respond within 30 days. If you are in the EU/UK, you also have the right to lodge a complaint with a supervisory authority.

10. Changes

If we change this policy materially, we will update the “Last updated” date and, for active clients, send a notification email at least 14 days before the change takes effect.

11. Contact

Questions: privacy@promostar.co.in.