ProOps Ads Tracker Privacy Policy

Effective Date: May 13, 2025

Updated May 26, 2026

This Privacy Policy is published by 1000961632 Ontario Inc. o/a ProOps Consulting, an Ontario corporation ("ProOps Consulting," "we," "us," or "our"), and applies to the ProOps Ads Tracker service.

ProOps Ads Tracker is an ad operations monitoring solution comprising Ads Tracker HQ (the cloud-based platform), the Chrome Extension (the primary user interface), and the Troubleshoot Assistant (the opt-in AI feature). Together, these components automate ad operations monitoring by collecting non-personal advertising metrics from Google Ad Manager using a client-provided, read-only service account. Data is processed by Ads Tracker HQ via backend services to Firebase Firestore and Google Cloud Storage, enabling real-time alerts, trend analysis, and exports (e.g., Microsoft Excel .csv files). We collect minimal personal data with consent, do not sell data, and comply with PIPEDA and Chrome Web Store guidelines.

Your use of ProOps Ads Tracker is also governed by the ProOps Ads Tracker Services Agreement (Terms of Service), which forms part of your agreement with us and is incorporated into this Privacy Policy by reference.

By using ProOps Ads Tracker, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. What Data We Collect

We collect the minimum data necessary, per PIPEDA, across three categories: non-personal data, personal data, and payment data.

Non-Personal Data

• Ad performance metrics (e.g., impressions, clicks, revenue, active campaigns) and entity data (e.g., orders, line items, ad units) from Google Ad Manager, synced via Ads Tracker HQ's backend batch jobs to Firebase Firestore (for aggregation and trends) and Google Cloud Storage (for persistence as compressed JSON files).

• Campaign health alerts (e.g., critical, warning, info counts) generated by Ads Tracker HQ's alerting logic.

• Exportable reports in CSV format (compatible with Microsoft Excel) containing aggregated performance data, such as current month metrics (e.g., active campaigns, impressions, clicks, revenue) and trend analyses (e.g., percentage changes).

Data is accessed via a read-only Google Ad Manager service account, configured with your network code and credentials. For multi-network customers (e.g., agencies, multiple customer management (MCM), or publisher groups managing more than one Google Ad Manager Network ID), each network's data is processed and stored separately within Ads Tracker HQ to maintain logical separation between client networks.

Personal Data

• Contact information (e.g., name, email, organization name) provided during account signup, with express consent via the "I agree to the Terms of Service" checkbox.

• Device/browser information (e.g., IP address, browser type) for functionality and security purposes, with implied consent via usage of the Services.

Payment Data

Payment information (e.g., credit card details, billing address) is collected and processed by our third-party payment processor, Stripe (https://stripe.com/privacy). We do not store full credit card numbers on our systems; Stripe handles payment processing under PCI-DSS-compliant controls. We receive only limited payment metadata necessary for subscription management (e.g., last four digits of card, billing status, subscription tier).

You can opt out of data collection by uninstalling the Chrome Extension via Chrome settings (chrome://extensions) or via the Chrome Web Store, and by canceling your Ads Tracker HQ subscription via email to adstracker@proopsconsulting.ca or via the Stripe customer portal, as described in the Services Agreement. For broader ProOps Consulting privacy practices, see the ProOps Consulting Privacy Policy.

2. How We Use Your Data

We use data to:

• Deliver Services features including real-time alerts, daily and monthly metric aggregations (e.g., percentage trend changes from rolling baselines), and campaign health monitoring (programmatic and direct revenue) via Ads Tracker HQ's backend sync jobs.

• Facilitate downloads of performance reports in Microsoft Excel format.

• Manage your subscription, including billing, payment processing via Stripe, account access, and customer support.

• Improve Services functionality, performance, and security.

• Communicate with you about your account, Services updates, and (with your consent) marketing communications.

Opt-in AI Features - Troubleshoot Assistant

The Troubleshoot Assistant is an optional AI-powered feature in ProOps Ads Tracker that helps analyze alerts by generating root-cause summaries and deeper insights (e.g., for under-delivery, revenue drops, or inventory anomalies) using selected alert data, order/line item IDs, and associated Google Ad Manager metrics.

When you check the consent box to submit an alert for analysis:

• We send limited, non-personal ad operations data temporarily to xAI's Grok models (our then-current third-party generative AI provider) to produce the summary.

• We have opted out of model training where available - your data is not used to train or improve xAI's models.

• Processing is real-time only; no long-term storage of your data occurs at the AI provider.

• A data-processing agreement with xAI ensures PIPEDA-level protections apply to data sent for analysis.

• Checking the box provides your express consent to this processing for that specific alert only. Consent is required each time and can be withheld by not checking the box.

We may, from time to time, change the third-party AI provider powering the Troubleshoot Assistant. Where the change is material (e.g., a change in provider's data-handling practices), we will provide notice via email or in-product notification at least thirty (30) days before the change takes effect. The currently active AI provider is named in this section and will be updated when changes occur.

Key Disclaimer: Outputs from the Troubleshoot Assistant are AI-generated and may include errors, incomplete information, or hallucinations. They are for informational purposes only - not guaranteed accurate or reliable. Always verify independently before acting. ProOps Consulting is not liable for reliance on these outputs.

This feature enhances our core alerting and reporting Services while prioritizing user privacy and control.

3. How We Share Your Data

We do not sell or share Customer Data with third parties, except as described below:

• Google Cloud Platform services (Firebase Firestore for metrics, Google Cloud Storage for entity data) under data-processing agreements with PIPEDA-equivalent protections and access controls.

• Stripe (payment processor) for subscription billing and payment processing, under PCI-DSS-compliant controls. See https://stripe.com/privacy for Stripe's privacy practices.

• xAI (AI provider) for opt-in Troubleshoot Assistant analysis, as described in Section 2, only when you provide express per-alert consent.

• Local device processing for Microsoft Excel export generation, ensuring exports are downloaded directly to Customer's device without intermediate upload to ProOps servers beyond what is necessary for report generation.

• Legal requirements (e.g., court orders, regulatory requests under Canadian law), with notice to Customer unless prohibited by law.

4. Data Security

We implement the following security measures to protect your data:

• TLS/AES-256 encryption for data in transit and at rest.

• Firebase security rules and granular access controls limiting access to authorized personnel and processes.

• Batch processing controls and timestamp updates in Firestore to ensure data integrity during Google Ad Manager syncs.

• Manifest V3 compliance for the Chrome Extension, ensuring sandboxed execution and adherence to Chrome Web Store security guidelines.

• Secure credential management via environment variables (e.g., GOOGLE_APPLICATION_CREDENTIALS) on backend infrastructure.

• Logical separation of multi-network customer data within Ads Tracker HQ, ensuring each Google Ad Manager Network ID's data is isolated from other client networks.

In the event of a data breach affecting personal data, we will notify affected Customers within seventy-two (72) hours of discovery, as required by PIPEDA, and provide details of the breach, the data affected, and remediation steps taken.

5. Your Rights

Under PIPEDA, you have the right to:

• Access the personal data we hold about you.

• Correct or update inaccurate personal data.

• Delete personal data, subject to legal retention requirements and disaster-recovery backup cycles (see Section 6 — Data Retention).

• Withdraw consent (e.g., by uninstalling the Chrome Extension, canceling your subscription, or by emailing privacy@proopsconsulting.ca).

• File a complaint with us via privacy@proopsconsulting.ca, or with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

To exercise any of these rights, contact us at privacy@proopsconsulting.ca. We will respond to verifiable requests within thirty (30) days as required by PIPEDA.

6. Data Retention

We retain Customer Data for the duration of the Term of your Services Agreement and for ninety (90) days following expiration or termination of the Services to allow Customer to export historical data. After this 90-day period, we delete Customer Data from active systems within thirty (30) days, subject to backup retention cycles (which may extend up to twelve (12) months for disaster recovery purposes).

On Customer request, we will delete personal data sooner where required by applicable law. Aggregated, anonymized data (e.g., usage statistics, performance benchmarks) may be retained indefinitely for Services improvement purposes, as it cannot be linked back to an identifiable individual or organization.

7. International Data Transfers

Ads Tracker HQ processes and stores data on Google Cloud and Firebase infrastructure, which may include servers located in the United States and other jurisdictions outside Canada. We rely on Google Cloud's data processing addendum, security certifications (including SOC 2 and ISO 27001), and contractual safeguards to ensure data is handled with PIPEDA-equivalent protections.

Customers with specific data residency requirements (e.g., EU-based publishers subject to GDPR, customers in jurisdictions with provincial data-residency obligations, or customers whose own policies require Canadian-only data storage) should contact us at privacy@proopsconsulting.ca to discuss available options.

8. Children's Privacy

ProOps Ads Tracker is a business-to-business service intended for use by professional ad operations teams and is not directed to children. We do not knowingly collect personal data from children under thirteen (13) years of age, or under sixteen (16) in Quebec. If we become aware that we have collected such data, we will delete it promptly. If you believe we may have collected data from a child, contact us at privacy@proopsconsulting.ca.

9. Privacy Rights for Customers Outside Canada

While ProOps Consulting operates from Canada and is primarily subject to PIPEDA, customers in other jurisdictions may have additional privacy rights:

• California (CCPA/CPRA): Right to know, delete, correct, opt out of sale (we do not sell data), and limit the use of sensitive personal information. Contact privacy@proopsconsulting.ca to exercise these rights.

• EU/UK (GDPR/UK GDPR): Right of access, rectification, erasure, restriction of processing, data portability, and objection. We rely on legitimate interests and consent as legal bases for processing personal data.

• Other jurisdictions: Where local data protection laws provide greater rights than PIPEDA, we will honor those rights to the extent applicable to your use of the Services.

10. Future Ad Server Integrations

Ads Tracker HQ currently supports Google Ad Manager as the primary advertisement server data source. Future advertisement server integrations (e.g., Freewheel, SpringServe, or other supply-side platforms) will be supported via new connectors in Ads Tracker HQ, and any associated data-handling changes will be reflected in updates to this Privacy Policy before activation.

11. Changes to This Privacy Policy

ProOps Consulting may modify this Privacy Policy from time to time by posting an updated version on our website. We will provide reasonable notice of material changes (which may be by email to the address on file with Customer's account, or by in-product notification) at least thirty (30) days before such material changes take effect.

For changes requiring express consent under PIPEDA (e.g., new categories of personal data collection, new third-party data sharing arrangements), we will obtain such consent before the change applies to your data.

Continued use of the Services after the effective date of non-material changes constitutes acceptance of the modified Privacy Policy. If you do not agree to the modified Policy, you may terminate your subscription as described in the Services Agreement.

12. Contact Us

For questions about this Privacy Policy or to exercise any of your rights under Section 5 (Your Rights), Section 9 (Privacy Rights for Customers Outside Canada), or any other applicable privacy law, contact us at:

• Privacy and data questions: privacy@proopsconsulting.ca

• General product support: adstracker@proopsconsulting.ca

• PIPEDA complaints to the regulator: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)

We will respond to verifiable requests within thirty (30) days as required by PIPEDA. For broader ProOps Consulting privacy practices (covering consulting services and other business activities), see the ProOps Consulting Privacy Policy.