This Privacy Policy describes how the internal automation tools and reporting systems operated by Kerem Yılmaz Digital Marketing ("we", "us") handle information accessed through advertising platform APIs (Meta Marketing API, Google Ads API, and related services). The tools described here are for internal use only and are not made available to the public, to clients as standalone products, or to any third party.
1. Scope
The tools described in this policy are operated solely by Kerem Yılmaz, a freelance digital marketing consultant based in Istanbul, Turkey. Their purpose is to automate reporting, monitoring, and rule-based optimization tasks across advertising accounts that we have been authorized to manage by their respective owners.
This policy does not cover any data collected through the public-facing website at keremyilmazads.com. The website itself does not collect personally identifiable information, does not use tracking cookies beyond essential browser cookies, and does not run analytics tags.
2. Information We Access
Through authorized API connections to advertising platforms, we access the following categories of information:
- Advertising performance metrics — impressions, clicks, cost, conversions, click-through rate, cost per acquisition, return on ad spend — for campaigns we manage
- Campaign, ad set, and ad configuration data — names, status, budgets, schedules, targeting parameters — for accounts we have been granted access to
- Conversion event data, pixel data, and dataset metadata for tracking pixels we have access to
- Ad account metadata required to identify and operate on the correct managed account
We do not access, collect, or process personally identifiable information about end users — that is, the consumers who view, click on, or convert from advertisements managed by us. Any user-level data exposed by the platforms is aggregated before any human review.
3. How Information Is Used
Information accessed through these APIs is used exclusively for:
- Generating performance reports for the relevant account owner
- Sending monitoring alerts to the operator when performance metrics deviate from pre-defined thresholds
- Applying pre-approved, rule-based optimizations such as pausing under-performing campaigns or making bounded budget adjustments
- Internal analysis to inform optimization decisions across the accounts we manage
Information accessed for one client's account is never used in connection with another client and is never disclosed to any third party except as outlined in section 5 below.
4. Data Storage and Retention
API credentials including developer tokens, OAuth refresh tokens, and app secrets are stored in environment variables on a private server with access restricted to the operator. Credentials are never written to logs, never committed to version control, and never shared.
Raw API responses are not persisted long-term. Aggregated report outputs (PDF, Markdown summaries) are retained for up to 90 days for audit and historical comparison purposes, then automatically deleted. Operational log files are rotated weekly and removed after 30 days.
5. Data Sharing
We do not sell, license, or otherwise share data accessed through these APIs with any third party, with the following narrow exceptions:
- The respective platform (Meta or Google) for the purpose of making the authorized API call itself.
- The owner of the managed account, who receives reports derived from data accessed in their own account.
- Telegram, used solely as the delivery channel for rendered summary messages and alerts addressed to the operator. No raw credentials or unaggregated user-level data are transmitted via Telegram.
6. Security
Access to the server running these tools is restricted to the operator and protected by SSH key authentication. The server receives security updates regularly. There is no public-facing service exposed by the tools themselves.
7. Account Owner Rights
Owners of managed advertising accounts may at any time:
- Revoke our access to their account through their Meta Business Manager or Google Ads account permissions interface.
- Request deletion of any retained report outputs that pertain to their account.
- Request a description of what data has been accessed by our tools in connection with their account.
Such requests can be sent to the contact address below and will be honored within 30 days.
8. Compliance
We operate in compliance with the Meta Platform Terms, the Meta Developer Policies, the Google Ads API Terms and Conditions, and the Google API Services User Data Policy, including the Limited Use requirements where applicable.
9. Changes to This Policy
We may update this policy from time to time as the scope of our tools evolves. The "Last updated" date at the top of this document reflects the most recent revision.
10. Contact
For questions about this Privacy Policy or our tools, contact:
Kerem Yılmaz
Kerem Yılmaz Digital Marketing
Istanbul, Turkey
Email: keremce2001@gmail.com