Skip to content
NegativeFinder
← NegativeFinder

Privacy Policy

Last updated: June 11, 2026

NegativeFinder (“NegativeFinder,” “we,” “us”) is a software tool that helps Google Ads advertisers and agencies find wasted ad spend and apply negative keywords. This policy explains what data we collect, how we use it, and the choices you have. Questions: support@negativefinder.com.

Information we collect

  • Account identity. When you sign in with Google, we receive your email address and basic profile (via the openid email profile scopes) solely to identify your NegativeFinder account.
  • Google Ads data. With your authorization (the https://www.googleapis.com/auth/adwords scope), we read data from the Google Ads accounts you connect: the list of accounts you can access; search terms for the date ranges you scan (the last 30 days by default) with their cost, clicks, and conversions; your campaigns, ads, and keywords; and your existing negative keywords and shared negative-keyword lists. To draft the account's business context we may also fetch your ads' landing page. When you approve a suggestion, we write the negative keyword you approved back to your account.
  • Billing information. If you subscribe to a paid plan, payment is handled by our payment processor, Stripe. Your card details go directly to Stripe and never touch our servers. We store your subscription plan, its status, your billing-period dates, and Stripe reference identifiers (customer, subscription, and price IDs).
  • Waitlist signups. If you join our waitlist, we store the email address you provide so we can contact you about access, along with basic request metadata (IP address, browser user agent, and referring page) to prevent abuse.

How we use information

  • To classify your search terms and suggest negative keywords.
  • To apply negative keywords that you explicitly approve, never automatically.
  • To operate, secure, and support the service.

Google user data and Limited Use

NegativeFinder's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google Ads data only to provide and improve the user-facing features described above. We do not use it for advertising, we do not sell it, and we do not transfer it to others except as necessary to provide the service, with your consent, or as required for security or legal reasons.

Sharing and sub-processors

  • AI provider. To classify a search term we send the term itself, the term's aggregate performance numbers (cost, clicks, conversions), and the account's business context: a short description of what the business sells, either entered by you or drafted automatically. When drafting that context automatically, we additionally send the account's own campaign signals (the account and campaign names, keywords, ad copy, and a sample of existing negative keywords) and the content of your ads' landing page. We do not send Google customer IDs, campaign IDs, your email address, or your sign-in identity.
  • Payments. Stripe, Inc. processes subscription payments on our behalf. Stripe's handling of your payment information is described in Stripe's privacy policy.
  • Infrastructure. We host the application and database on Fly.io. Data is processed on our behalf under their terms.
  • Error monitoring. We use Sentry to capture application errors and limited diagnostic session recordings used to debug issues. Error reports can include your account ID and email address.
  • We never share or aggregate one customer's Google Ads data with another's.

How we store and protect data

  • Each user's Google OAuth refresh token is encrypted at rest; the encryption key is held in a secret store, separate from the database and source control.
  • Short-lived access tokens are held in memory only and are never written to logs or returned to the browser.
  • All traffic is served over HTTPS (TLS 1.2+).

Retention and deletion

You can revoke NegativeFinder's access at any time from your Google Account permissions page. When access is revoked, your stored encrypted refresh token is deleted from our database. To request deletion of your account and associated data, email support@negativefinder.com.

Children

NegativeFinder is a business tool and is not directed to anyone under 18. We do not knowingly collect data from children.

Changes

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.

Contact

support@negativefinder.com