Privacy Policy

Last updated: March 1, 2026 · Applies to all users of BidHelm

We do not sell your personal data. We do not share it with advertisers. We only use it to provide the Service.

1. Who We Are

BidHelm (“BidHelm,” “we,” “us,” “our”) operates the BidHelm platform, an AI-powered Google Ads optimization service accessible at bidhelm.com. We are the data controller for personal data collected through the Service.

Privacy contact: privacy@bidhelm.com

2. Information We Collect

2.1 Account Information

  • Email address and name (required for account creation)
  • Company name (optional)
  • Payment information — processed and stored by our payment processor; BidHelm does not store full card details

2.2 Google Ads Data

When you connect your Google Ads account, we access and store:

  • Campaign performance metrics (impressions, clicks, conversions, spend)
  • Keyword and search term performance data
  • Ad group and campaign structure
  • Budget and bidding configuration
  • Geographic and demographic targeting settings
  • OAuth 2.0 access tokens (see Section 6)

We do not access: your Google billing or payment methods, personal data about your end-users or website visitors, any Google service outside of Google Ads, or your Google account password.

2.3 Usage & Technical Data

  • Platform usage patterns and feature interactions
  • Log data including IP addresses, browser type, and timestamps
  • Device information
  • Optimization actions applied to your account and their recorded outcomes

2.4 Communications

If you contact us by email or chat, we retain those communications for support and compliance purposes.

3. How We Use Your Information

  • Providing the Service: Analyzing campaigns, generating recommendations, executing optimizations (Google Ads data, account data)
  • Billing: Subscription management (account data, usage data, spend figures)
  • Improvement: Improving BidHelm's user-facing optimization features using aggregated, de-identified data only
  • Notifications: Sending account and service notifications (email address)
  • Support: Customer support (account data, communications)
  • Security: Fraud prevention and legal compliance (all data types as necessary)

Google user data: We may use aggregated and de-identified optimization outcome data to improve BidHelm's user-facing optimization features. We do not sell Google user data, use it for advertising purposes, or share it with or use it to train third-party AI or machine learning models. Google user data accessed through the Google Ads API is used solely to provide and improve the Service features you have authorized.

We do not use your data for advertising profiling, selling to third parties, or any purpose not listed above.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract performance — processing necessary to provide the Service you subscribed to (primary basis)
  • Legitimate interests — platform improvement, fraud prevention, and security, where not overridden by your rights
  • Legal obligation — compliance with applicable laws
  • Consent — for optional communications and non-essential cookies; withdrawable at any time without affecting prior processing

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • Service providers: Trusted vendors processing data on our behalf (hosting, payment processing, analytics, customer support), each bound by data processing agreements restricting use to the specified service only.
  • Google: Data sent to Google APIs as necessary to read and write your Google Ads account per your authorization.
  • Legal requirements: When required by valid legal process, court order, or applicable law. We notify you where legally permitted.
  • Business transfers: If BidHelm is acquired or merges, data may transfer to the successor. We will notify users of any such change.

6. Authentication Tokens & Credentials

To maintain access to your Google Ads account, BidHelm stores OAuth 2.0 access and refresh tokens issued by Google. These allow the Service to operate without requiring re-authentication on every action.

  • We store only the OAuth token — never your Google account password
  • Tokens are encrypted at rest using industry-standard encryption
  • You may revoke these tokens at any time at myaccount.google.com/permissions
  • All stored tokens are permanently purged upon account deletion

7. Data Security

We implement industry-standard security including TLS/SSL for data in transit, encryption at rest for sensitive data, access controls limiting data to authorized personnel, and regular security monitoring. No method of transmission or storage is 100% secure. In the event of a personal data breach affecting your rights, we will notify affected users without undue delay and within the timeframes required by applicable law — including notification to relevant supervisory authorities within 72 hours where required under GDPR, and to affected California residents in accordance with CCPA breach notification requirements.

8. Data Retention

  • Active accounts: Retained for the duration of your account and for 12 months after your last active use
  • Cancelled accounts: Personal data retained 30 days post-cancellation, then deleted (anonymized aggregate data may be retained longer for platform analytics)
  • Deletion requests: Personal data purged within 30 days
  • Legal hold: Certain data may be retained longer if required by law or for legitimate legal defense
  • Payment records: Retained 7 years as required by financial regulations

9. Your Rights

Regardless of location, you have the right to: access a copy of your data, correct inaccurate data, request deletion of your account and data, request data in a machine-readable format, disconnect Google Ads access at any time, and unsubscribe from non-essential communications. Email privacy@bidhelm.com to exercise any right. We respond within 30 days.

10. GDPR — European Users

If you are in the EEA, United Kingdom, or Switzerland, you have additional rights under GDPR:

  • Right to object to processing based on legitimate interests
  • Right to restrict processing in certain circumstances
  • Right to withdraw consent where processing is consent-based, at any time
  • Right to lodge a complaint with your local supervisory authority

International transfers: Where we transfer your personal data outside the EEA or UK, we do so under Standard Contractual Clauses (SCCs) approved by the European Commission. We do not rely on consent as a transfer mechanism. If we later certify to the EU-US Data Privacy Framework, this policy will be updated accordingly.

11. CCPA — California Users

If you are a California resident, the CCPA as amended by CPRA grants you:

  • Right to know — categories and specific pieces of personal information we have collected
  • Right to delete — deletion of personal information, subject to exceptions
  • Right to correct — correction of inaccurate personal information we hold about you
  • Right to opt-out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising; there is nothing to opt out of
  • Right to limit use of sensitive personal information (SPI) — BidHelm does not collect sensitive personal information as defined under CPRA (e.g., Social Security numbers, financial account numbers, health data, or precise geolocation). If this changes, we will update this policy and California users may exercise this right accordingly.
  • Right to non-discrimination — we will not discriminate against you for exercising CCPA rights

To submit a CCPA/CPRA request: privacy@bidhelm.com or use the account deletion feature in your dashboard. Response within 45 days.

Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address), commercial information (transaction history and ad spend data), internet or network activity (platform usage), and professional information (company name). We do not collect sensitive personal information as defined under CPRA.

12. Cookies & Tracking

Full details are in our Cookie Policy. Summary:

  • Essential cookies: Required for login and session management. Always active — cannot be declined without breaking the Service.
  • Analytics cookies: Used to understand platform usage. Where required by law, analytics cookies are off by default and only activated after you consent. You may withdraw consent at any time as easily as you gave it.
  • Marketing cookies: Track ad conversions. Off by default. Activated only with your explicit opt-in consent.

Manage preferences via your browser settings or the cookie consent tool shown on first visit.

13. Third-Party Services

We use the following categories of third-party services, each bound by data processing agreements:

  • Google Ads API: Campaign data access and automation — governed by Google's Privacy Policy and API Terms
  • Payment processor: Secure payment handling — stores card details; we do not
  • Analytics: Privacy-focused platform usage analytics — data not shared with advertisers or third-party ad networks
  • Customer support chat: Support communications only — data limited to support context
  • Cloud infrastructure: Hosting and data storage — servers located in the United States

14. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently done so, contact privacy@bidhelm.com and we will delete it promptly.

15. International Data Transfers

BidHelm's infrastructure is based in the United States. If you access the Service from outside the US, your personal data will be transferred to and processed in the United States. For users in the EEA and UK, such transfers are made solely under Standard Contractual Clauses (SCCs) approved by the European Commission. For all other international users, by accessing the Service you acknowledge that your data is processed in the US, where data protection laws may differ from those in your country.

16. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated by email at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

17. Contact

Privacy inquiries: privacy@bidhelm.com

General support: support@bidhelm.com

We respond to all privacy inquiries within 72 hours and resolve data requests within 30 days.