Adthena ChatGPT AdBridge
Last updated April 2026
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using Adthena AdBridge, you accept and consent to the practices described in this policy. If you do not agree with this privacy policy in general or any part of it, you should not use Adthena AdBridge.
Data protection is a high priority for the management of Adthena Ltd (“Adthena”). The use of Adthena AdBridge is possible without any indication of personal data; however, if you want to use the service, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (“GDPR”), and in accordance with the country-specific data protection regulations applicable to Adthena. By means of this Privacy Policy, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this Privacy Policy, of the rights to which they are entitled. As the controller, Adthena has implemented technical and organisational measures to ensure the most complete protection of personal data processed through Adthena AdBridge. However, internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed.
This Privacy Policy is based on the terms used by the European Union Legislator for the adoption of the GDPR. Key terms include: Personal data — any information relating to an identified or identifiable natural person. Data subject — any identified or identifiable natural person whose personal data is processed by the controller. Processing — any operation performed on personal data, such as collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, or erasure. Restriction of processing — the marking of stored personal data with the aim of limiting their processing in the future. Pseudonymisation — processing personal data so it can no longer be attributed to a specific data subject without additional information. Controller — the natural or legal person which determines the purposes and means of the processing of personal data. Processor — a natural or legal person which processes personal data on behalf of the controller. Consent — any freely given, specific, informed and unambiguous indication of the data subject’s wishes signifying agreement to the processing of personal data. Google user data — any data obtained from Google APIs via OAuth, including your Google account identity (email, display name) and Google Ads account data accessed with your authorisation.
The data controller for the purposes of this policy is Adthena Ltd, registered in England and Wales under company number 08171866, with registered office at 9th Floor, Fountain House, 130 Fenchurch Street, London EC3M 5DJ. Adthena’s Data Protection Officer is Will Richards. You can contact the Data Protection Officer at any time with any questions or concerns about data protection by emailing info@adthena.com.
Adthena AdBridge uses a single session cookie to keep you signed in, and small amounts of browser storage to hold your sign-in state for administrative sessions and to remember minor UI preferences such as whether onboarding tips are collapsed. All of this is strictly necessary or functional — we do not use analytics cookies, advertising cookies, fingerprinting, or any third-party tracking technology, and no data is shared with any third party through these mechanisms. You may prevent or delete cookies and clear browser storage through your browser settings at any time; if you do so, not all features of Adthena AdBridge may be usable.
When you sign in with Google, Adthena AdBridge requests read-only access to: (a) your Google account identity (email address and display name), so we can sign you in, display your name in the dashboard, and deliver the Service’s outputs to you; (b) your Google Ads accounts and their campaign data — campaign names, ad groups, keywords, match types, and performance metrics — so AdBridge can analyse your campaigns and deliver the outputs, analyses, and exports you request. Access to Google Ads is strictly read-only: Adthena AdBridge never writes to, modifies, pauses, or changes your campaigns, budgets, or account settings. Collectively, the data obtained through these permissions is referred to in this policy as “Google user data.” In addition, we collect your IP address and browser information (for security and abuse prevention) and your consent preferences (terms acceptance and marketing opt-in status).
Adthena AdBridge’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. In plain English: (a) we use Google user data only to provide and improve the user-facing features of Adthena AdBridge — namely authenticating you and providing the Service’s features to you; (b) we do not use Google user data to serve advertisements of any kind; (c) we do not sell Google user data; (d) we do not use Google user data to develop, improve, or train generalised or foundation AI/ML models; and (e) no human at Adthena reads your Google user data except (i) with your explicit affirmative consent (for example, to help you debug a processing run), (ii) where strictly necessary for security purposes such as investigating abuse, (iii) where required to comply with applicable law, or (iv) where the data has been aggregated and anonymised so it cannot be linked back to you or any individual.
We use your data to: (a) provide the Adthena AdBridge service and generate the outputs, analyses, and exports you request from your Google Ads campaigns; (b) authenticate your identity and maintain your session; (c) send you service-related communications about functionality changes (as permitted under our Terms of Service); and (d) send marketing updates about AdBridge and other Adthena offerings if you have opted in. We do not sell your data to third parties. We do not use Google user data to train generalised or foundation AI/ML models, whether our own or those operated by our sub-processors.
We do not share Google user data with third parties except with the following categories of sub-processor, each strictly for the purpose described: (a) Google — OAuth authentication and Google Ads API access, processing your identity and campaign read requests; (b) large language model providers — OpenAI (OpenAI, L.L.C.), Anthropic (Anthropic, PBC), and Google (Gemini API, provided by Google LLC). Campaign data is transmitted to one or more of these providers’ APIs to generate AI-assisted outputs on your behalf. Under each provider’s API terms — OpenAI (https://openai.com/policies/api-data-usage-policies), Anthropic (https://www.anthropic.com/legal/commercial-terms), and Google (https://ai.google.dev/gemini-api/terms) — data submitted via the API is not used to train or improve their generally available models. Campaign identifiers are pseudonymised where technically possible before transmission; (c) our email delivery provider — delivery of the Service’s outputs and service notifications; (d) our cloud infrastructure provider — secure storage of generated output files and database hosting for session data, in the European Economic Area. Each sub-processor is bound by a data processing agreement and processes data only under our instructions. A current list of named sub-processors is available on request from privacy@adthena.com. We do not share Google user data with any party for advertising, analytics, profiling, or resale. We may change sub-processors from time to time; material changes will be reflected on this page.
We retain data only for as long as necessary for the purposes set out in this policy. Indicative retention periods: (a) encrypted authentication tokens and active session data — up to 30 days of inactivity, or immediately on user request; (b) Google Ads campaign data retrieved during a processing run — held only for the duration of the run and not persisted afterwards; (c) generated output files — up to 30 days after which they are automatically deleted; (d) user profile (email, display name) and consent preferences — the lifetime of your account plus up to 90 days after deletion to comply with legal and tax obligations; (e) server log files (IP, user-agent, request paths) — up to 90 days for security and abuse investigation, then deleted. If the storage purpose is no longer applicable, or if a statutory storage period expires, the personal data are routinely blocked or erased in accordance with legal requirements.
You can request deletion of the data Adthena AdBridge holds about you at any time by emailing privacy@adthena.com from the email address associated with your account, with a clear request to delete your data. We will delete your session record, stored authentication tokens, profile data, and any cached output artefacts within 30 days of the request and confirm deletion by email. In addition, you can revoke Adthena AdBridge’s access to your Google account at any time, independently of us, through your Google Account security settings (https://myaccount.google.com/permissions). Revoking access through Google will immediately invalidate our stored tokens; your session record will then be purged on its next scheduled cleanup or on request. Session data also deletes automatically after periods of inactivity — no action is required to benefit from this routine erasure.
Each data subject has the following rights: (a) Right of confirmation — obtain confirmation as to whether personal data concerning you is being processed. (b) Right of access — obtain free information about your stored personal data at any time and a copy of this information, including purposes of processing, categories of data, recipients, storage period, and existence of automated decision-making. (c) Right to rectification — obtain without undue delay the rectification of inaccurate personal data. (d) Right to erasure (Right to be forgotten) — obtain erasure of personal data where data is no longer necessary, consent is withdrawn, processing is unlawful, or data must be erased for legal compliance. See section 11 for how to exercise this right. (e) Right of restriction of processing — obtain restriction of processing where accuracy is contested, processing is unlawful, controller no longer needs the data, or you have objected to processing. (f) Right to data portability — receive your personal data in a structured, commonly used and machine-readable format. (g) Right to object — object to processing based on legitimate interests or for direct marketing purposes at any time. (h) Automated individual decision-making — not be subject to a decision based solely on automated processing, including profiling, which produces legal effects. (i) Right to withdraw consent — withdraw consent to processing at any time. To exercise any of these rights, contact our Data Protection Officer at info@adthena.com or privacy@adthena.com.
We process your data on the following legal bases under Article 6(1) of the GDPR: (a) Consent — you accept our Terms of Service before using AdBridge and consent to data processing. (b) Contract performance — processing necessary for the performance of a contract or to provide the service you requested. (c) Legal obligations — processing required for carrying out legal obligations such as tax regulations. (d) Vital interests — in rare cases, processing may be necessary to protect vital interests of the data subject. (e) Public interest — processing necessary to perform a task in the public interest. (f) Legitimate interests — processing necessary for the purposes of the legitimate interests pursued by our company, such as service improvement and ensuring users are aware of significant functionality changes, except where such interests are overridden by the interests or fundamental rights of the data subject.
Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.
We implement appropriate technical and organisational measures to protect your data, with particular care for Google user data: (a) all communications between your browser, Adthena AdBridge, and upstream APIs use HTTPS/TLS in transit; (b) authentication tokens are encrypted at rest using industry-standard symmetric encryption before being written to our database; (c) session cookies are configured to be inaccessible to client-side scripts and to be sent only over secure connections; (d) production data is hosted with a reputable cloud infrastructure provider in the European Economic Area; (e) access to production systems holding Google user data is restricted to a small number of authorised Adthena engineering personnel, protected by multi-factor authentication, and audit-logged; (f) the Google Ads API is accessed strictly in read-only mode — no write operations are ever made against your account; (g) we apply the principle of least privilege at the application layer: each request only retrieves the data necessary to complete the user-initiated action.
The data processor will not process personal data in any country, territory or specified sector outside of the European Economic Area (“third-party country”) that is not recognised by the European Commission as ensuring an adequate level of protection, without specific prior written approval. Where such approval has been granted, the data processor shall execute the standard contractual clauses for the transfer of personal data as set out in the European Commission decision of February 5, 2010 (C(2010) 593), and warrant that any duly authorised sub-processor processing personal data in any third-party country shall comply with the same obligations.
As a responsible company, we do not make use of automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
Any changes we may make to our privacy policy in the future will be posted on this page and the “Last updated” date at the top of this page will be revised. Please check back frequently to see any updates or changes to our privacy policy.
If you have any questions about this Privacy Policy or our data practices, contact our Data Protection Officer Will Richards at info@adthena.com or privacy@adthena.com. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.