Google API Disclosure

SourceLoop's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data do we access?

Through our integration with Google APIs (including Google Ads, Google Analytics, and Google Tag Manager), SourceLoop may access data on behalf of our customers such as:

1. campaign performance metrics (clicks, impressions, cost, conversions, conversion value);
2. ad-account, campaign, ad-group, and ad metadata;
3. conversion-action configuration and offline-conversion upload status;
4. click identifiers (GCLID, Wbraid, Gbraid) associated with traffic that arrives at our customers' properties;
5. account-level audiences and conversion settings strictly required for the features the customer enables.

How do we use the data?

We use this data solely to provide, improve, and optimize the SourceLoop platform for the customer who authorized the connection. Specifically, we use Google API data to:

1. match Google Ads click identifiers to leads and customers in the customer's CRM, producing multi-touch attribution and channel-ROI reports;
2. generate funnels, dashboards, and ad-spend-versus-pipeline analyses inside the SourceLoop application;
3. upload offline conversions and lead-quality signals back to Google Ads, when the customer has enabled this feature, so the customer's bidding can optimize against real revenue events;
4. display Google account context (e.g., account name, currency, time zone) so the customer can verify they are connected to the correct account.

We do not use Google API data for advertising, retargeting, personalized advertising, credit-worthiness decisions, or any purpose other than the user-facing features the customer has explicitly enabled.

Data storage and security

All Google user data retrieved via Google APIs is stored securely in our databases with encryption in transit (TLS 1.2 or higher) and at rest (AES-256), behind role-based access controls and network-level safeguards. Only authorized team members with a legitimate business need may access this data, and access is logged and reviewed.

We retain Google API data only as long as needed to provide the features the customer has enabled, and we delete or anonymize it in line with the retention windows described in our Data Processing Addendum.

No unauthorized sharing

We do not sell, rent, or share Google user data with third parties for their own marketing purposes. Data may be shared only with trusted sub-processors that support the SourceLoop platform's functionality, under contractual confidentiality and data-protection obligations, and only as necessary to deliver our services. The current list of sub-processors is published at sourceloop.ai/subprocessors.

Humans do not read Google user data unless (a) we have obtained the user's affirmative agreement, (b) it is necessary for security purposes (such as investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and is used for internal operations consistent with the Google API Services User Data Policy.

Deletion and revocation

Customers may request deletion of their Google user data at any time by contacting us at [email protected]. We will delete the requested data within thirty (30) days, except where retention is required by law.

You can also revoke SourceLoop's access to your Google account at any time via your Google Account permissions page. Revocation will disable any features that depend on the affected Google API and will trigger deletion of the associated tokens within thirty (30) days.

Contact

Questions about how SourceLoop uses data received from Google APIs can be sent to [email protected].