NegativeShield

Privacy Policy

Last updated: June 17, 2026

1. Introduction

NegativeShield (“NegativeShield,” “we,” “us,” or “our”) provides a tool that analyzes Google Ads search terms with the help of artificial intelligence and helps advertisers manage negative keywords. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using NegativeShield you agree to the practices described here.

2. Information We Collect

  • Account & authentication data. When you sign in, we store your email address and basic account details through our authentication provider (Supabase) so we can identify you and manage access to your organization and projects.
  • Google Ads data. When you connect a Google Ads account via Google OAuth, we access and store data needed to operate the service: search terms, campaign and keyword data, performance metrics, and related account metadata. We use this data to classify search terms and generate negative-keyword suggestions, and to apply negative keywords back to Google Ads when you ask us to.
  • OAuth credentials. Your Google OAuth refresh token is stored encrypted in Supabase Vault. It is used only to access the Google Ads data you have authorized, and is never shared with third parties.
  • Uploaded files. If you upload a CSV of search terms instead of connecting Google Ads, we process and store its contents to provide the service.
  • Usage data. We collect limited product-analytics and diagnostic data to operate, secure, and improve the service.

3. How We Use Your Information

  • To classify search terms and identify irrelevant traffic using large language models, and to generate suggested negative keywords.
  • To apply negative keywords and exclusion lists back to your Google Ads account at your direction.
  • To authenticate you, enforce usage quotas, and operate multi-tenant access controls.
  • To maintain, secure, troubleshoot, and improve the service.

4. Google API Services & Limited Use

NegativeShield’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not sell it, and do not transfer it to others except as necessary to provide or improve the service, to comply with applicable law, or as part of a merger or acquisition. We do not use Google user data to train generalized AI/ML models.

5. How We Share, Transfer, and Disclose Your Data

We do not sell your personal data or Google user data, and we do not share it for advertising or other unrelated purposes. We disclose data only to the limited set of service providers (subprocessors) listed below, who process it solely on our behalf, under contract, and only to the extent needed to provide the service. For each provider we identify which categories of data — including Google user data — are shared and for what purpose:

  • OpenAI, L.L.C. (United States) — receives Google user data (specifically, Google Ads search terms and the campaign, ad group, and keyword context needed to classify them) so that its large language models can determine which search terms are irrelevant and suggest negative keywords. This data is sent via OpenAI’s API. We do not permit OpenAI to use this data to train its models, and OpenAI does not retain it for model training under its API data-usage terms.
  • Supabase, Inc. (United States) — hosts our authentication system and database and stores Google user data (search terms, campaign and keyword data, performance metrics, and account metadata) as well as your account details. Your Google OAuth refresh token is stored encrypted in Supabase Vault. Supabase acts as our data-storage subprocessor.
  • Vercel, Inc. (United States) — provides the hosting and serverless infrastructure on which the application runs and through which Google user data is transmitted and processed in order to deliver the service.
  • Google LLC — at your direction, we send negative keywords and exclusion lists back to your Google Ads account through the Google Ads API. In this case data is returned to Google’s own systems for the account you connected.

Beyond these service providers, we may disclose data only: (a) to comply with applicable law, legal process, or enforceable governmental request; (b) to enforce our terms or protect the rights, property, or safety of NegativeShield, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets, in which case we will require the recipient to honor the commitments in this Privacy Policy. We do not otherwise share, transfer, or disclose your Google user data to any third party.

6. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the service. You can disconnect your Google Ads account at any time from your settings, which revokes our access and removes the stored OAuth credentials. To request deletion of your account and associated data, contact us at [email protected]. We will delete or anonymize your data within a reasonable period, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at the address below. You may also revoke NegativeShield’s access to your Google account at any time via your Google Account permissions page.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by additional notice.

9. Contact

Questions about this Privacy Policy or your data can be sent to [email protected].