Legal

Privacy Policy

Last updated: April 23, 2026

Leo Braga Consulting ("we", "our", "us") respects the privacy of our clients and website visitors. This Privacy Policy describes how we collect, use, and protect information — with specific attention to how we use third-party APIs such as the Google Ads API and the Google Analytics Data API as part of our consulting services.

1. Information We Collect

As a paid-media consultancy, we access data from our clients' advertising accounts only with explicit authorization. This includes:

Campaigns, ad groups, keywords, and ad data (read-only)
Performance metrics: impressions, clicks, CTR, CPC, conversions, cost
Aggregated user-behavior data from Google Analytics 4
Client contact details (name, email, company) for client-relationship management

2. How We Access the Data

Access to Google Ads and Google Analytics 4 accounts is performed exclusively through OAuth2 (Google's official authentication flow). Each client independently authorizes our MCC (Manager Account) before any query can be made.

OAuth credentials are stored locally in the consultancy's secure operational environment and are used only for the authorized queries.

3. How We Use the Data

Data accessed through the APIs is used exclusively to:

Generate performance reports for the client who owns the data
Produce technical account-health diagnostics
Deliver optimization recommendations based on the data
Build custom dashboards for the client

4. What We Do NOT Do With the Data

We do not sell, rent, or share client data with third parties
We do not use one client's data to benefit another client
We do not retain data longer than needed to deliver the report
We do not use data for advertising or commercial purposes outside the engagement
We do not modify campaigns or account data without the client's explicit instruction

5. Data Retention and Security

Data accessed via API is processed and retained only for the time required to generate the report or keep the dashboard operational. Upon contract termination, OAuth credentials are revoked and all stored data related to the client is deleted.

Access is protected by strong authentication and security best practices, including encrypted credential storage and HTTPS for all API communication.

6. Client Rights

Any client may, at any time:

Revoke OAuth access to our account from their Google Ads or GA4 account
Request deletion of all data stored about their account
Request a report detailing which data was accessed and when

To exercise any of these rights, send an email to [email protected].

7. Compliance With Google Policies

Our use of the Google Ads API and Google Analytics Data API is in full compliance with the Google Ads API Terms and Policies and the Google Analytics Data API Terms.

8. Changes to This Policy

This policy may be updated from time to time. Material changes will be communicated to active clients by email.

9. Contact

Questions about privacy? Email us at [email protected].

← Back to home