Last Updated: June 2026
Enhanced Conversions ("we," "our," or "us") is a server-side conversion middleware that connects an advertiser's CRM (such as ActiveCampaign, Pipedrive, or RD Station) to advertising platforms like Google Ads to upload offline conversion events. This Privacy Policy explains how we access, use, store, share, retain, and delete data — including data obtained through Google APIs.
Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for serving advertising, building user profiles, or training machine-learning or AI models, and we do not allow humans to read this data except as required for security, to comply with law, or with your explicit consent.
When you connect your Google Ads account, you authorize our application through Google OAuth using the Google Ads API and the Google Ads Data Manager API scope (https://www.googleapis.com/auth/datamanager). Through this authorization we access and store:
We do not access your Google profile information, email contents, contacts, or advertising performance reports. Separately, we receive conversion event data from your own CRM via webhooks (which may include email addresses, phone numbers, names, transaction values, and click identifiers such as gclid).
We use the Google authorization solely to upload offline conversion events — such as sales-qualified leads and their monetary value, originating from your CRM — into your own Google Ads account via the Data Manager API. Customer identifiers contained in those events (e.g., email and phone number) are normalized and hashed using SHA-256 before they are transmitted to Google. We do not use this data for any purpose other than providing this functionality.
We do not sell your data, and we do not share Google user data with third parties for their own purposes. We rely on a limited set of service providers (sub-processors) strictly to operate the service:
Hashed conversion data is transmitted to Google's Data Manager API at your direction — that transmission is the purpose of the integration.
OAuth access and refresh tokens and other platform credentials are encrypted at rest using AES-256 before being stored. Conversion data is stored in a PostgreSQL database (Supabase) protected by row-level security, and all data in transit between your CRM, our servers, and Google's APIs is encrypted via HTTPS/TLS. Access to credentials is restricted to the server-side processes that perform conversion uploads.
We retain your Google OAuth tokens only while your Google Ads integration remains connected; when you disconnect the integration, the stored tokens are deleted. Raw conversion event data is stored to process and route the conversion and is retained for the duration of your active account; upon account deletion or cancellation it is permanently deleted within 30 days.
You may revoke our access to your Google account at any time by (i) disconnecting the integration within the application, or (ii) removing access at https://myaccount.google.com/permissions. Upon disconnection or revocation we delete the associated tokens. You may also request deletion of your data by emailing us at the address below, and we will complete deletion within 30 days.
You have the right to access, correct, or delete your personal data at any time. If you are located in the European Economic Area or Brazil, you have additional rights under the GDPR or LGPD, respectively, including the right to data portability and the right to withdraw consent.
If you have questions about this Privacy Policy or how we handle your data, please contact us at [email protected].