Back to Home

Privacy Policy

Firemetrix – operated by Firemetrix, LLC
Status: February 2026

1. Data Controller

Firemetrix, LLC
Pater-A.-Schnusenberg-Str. 9
33378 Rheda-Wiedenbrück, Germany

Represented by: Andree Wendel (CEO)

Phone: +49 52 42 - 980 930 1
Email: datenschutz@firemetrix.io

Commercial Register: 10600, District Court Gütersloh
VAT ID: DE 309912365

2. Overview of Data Processing

Firemetrix is a web-based software (SaaS) for managing and analyzing Google Ads campaigns. As part of its use, we process personal data of our users as well as data from linked Google Ads accounts.

3. Hosting and Infrastructure

Firemetrix is hosted on servers within the European Union. Our hosting provider processes data on our behalf based on a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.

Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and efficient operation).

4. Registration and User Account

4.1 Google Single Sign-On (SSO)

Registration and login take place via Google SSO. In doing so, we receive the following data from Google:

  • Name
  • Email address
  • Profile picture (if available)

This data is used to create and manage your user account.

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract).

4.2 User Account Data

Within the scope of your account, we store:

  • Email address
  • Name
  • Associated Tenant
  • Subscription plan and duration
  • Creation date

5. Google Ads Data Processing

5.1 Google Ads OAuth Linking

To access your Google Ads data, we ask for OAuth authorization. In this process, we receive an access token that allows us to access your Google Ads accounts. You can revoke this permission at any time in your Google account settings.

Legal Basis: Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (performance of a contract).

5.2 Processed Google Ads Data

We synchronize and process the following data from your Google Ads accounts:

  • Account information (Account ID, Name)
  • Campaign data (Names, Status, Budgets, Settings)
  • Ad groups and Ads
  • Keywords and negative keywords
  • Performance metrics (Impressions, Clicks, Costs, Conversions, ROAS, CPA)
  • Product data from Google Merchant Center (if linked)

This data is stored in your dedicated data area (schema) and is strictly separated from the data of other users.

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract).

5.3 AI-Powered Analysis

Firemetrix uses the Google Gemini API to create AI-powered campaign analyses and recommendations for action. Campaign data is transmitted to the Google Gemini API for analysis. No personal data of end customers is transmitted, only aggregated campaign metrics.

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract).

6. Meta Ads Data Processing

6.1 Meta Ads OAuth Linking

To access your Meta Ads data, we ask for OAuth authorization via the Meta Marketing API. In this process, we receive an access token that allows us to access your Meta Ad Accounts. You can revoke this permission at any time in your Meta account settings under “Apps and Websites”.

Legal Basis: Art. 6 (1) (a) GDPR (consent) and Art. 6 (1) (b) GDPR (performance of a contract).

6.2 Processed Meta Ads Data

We synchronize and process the following data from your Meta Ad Accounts:

  • Ad Account information (Account ID, Name)
  • Campaign data (Names, Status, Budgets, Settings)
  • Ad Sets and Ads
  • Performance metrics (Impressions, Clicks, Costs, Conversions, ROAS, CPC, CTR)

This data is stored in your dedicated data area and is strictly separated from the data of other users.

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract).

7. Payment Processing

Payment processing is carried out via Stripe, Inc. (354 Oyster Point Blvd, South San Francisco, CA 94080, USA). When booking a paid subscription, you will be redirected to Stripe. Stripe processes:

  • Name
  • Email address
  • Payment information (Credit Card, SEPA, etc.)
  • Billing address

We do not store complete payment data ourselves. We only receive a customer ID and information about the subscription status from Stripe.

Stripe acts as a data processor and is certified according to PCI DSS Level 1. Stripe relies on EU Standard Contractual Clauses for data transfer to the USA.

Stripe Privacy Policy: https://stripe.com/privacy

Legal Basis: Art. 6 (1) (b) GDPR (performance of a contract).

8. Data Separation (Multi-Tenancy)

Firemetrix uses strict data separation. Each customer receives their own isolated data area (database schema). This ensures that:

  • Your data is not mixed with data from other customers
  • No access by other customers to your data is possible
  • All data can be completely removed upon deletion of your account

9. Data Sharing with Third Parties

We do not sell, rent, or share Google user data for advertising or marketing purposes. Google user data may only be transmitted to the following service providers, solely for the purpose of delivering our service:

  • Google Gemini API – Aggregated campaign metrics (such as impressions, clicks, costs, and conversions) are transmitted for AI-powered campaign analysis and recommendations. No personal end-customer data is shared.
  • Stripe, Inc. – Payment processing only. No Google Ads or Merchant Center data is shared with Stripe.
  • Meta Platforms Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland) – As part of the OAuth authorization, access tokens and performance data from your Meta Ad Accounts are retrieved via the Meta Marketing API. No personal end-customer data is transmitted to Meta. Meta processes this data in accordance with their own privacy policy: https://www.facebook.com/privacy/policy/

Beyond these providers, no third parties receive access to your Google user data. All third-party processors are bound by data processing agreements in compliance with GDPR.

10. Cookies and Local Storage

Firemetrix only uses technically necessary cookies and local storage mechanisms:

Cookie/Storage Purpose Duration
Session Token (JWT) Authentication Session duration
Local Database (IndexedDB) Offline functionality, Performance Until logout

No tracking cookies or cookies for advertising purposes are used.

Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in the operation of the application).

11. External API (Query API)

Firemetrix offers an optional REST API through which you can retrieve your own data. Access is protected by API keys. Only your own data is output via the API.

12. Logging

We log user actions, synchronization processes, and errors as part of operations. The logs contain:

  • User ID (pseudonymized)
  • Timestamp
  • Type of action
  • Error messages (without personal data)

Legal Basis: Art. 6 (1) (f) GDPR (legitimate interest in troubleshooting and security).

13. Your Rights

You have the following rights under the GDPR:

  • Access (Art. 15 GDPR): You can request information about your stored data.
  • Rectification (Art. 16 GDPR): You can request the correction of incorrect data.
  • Erasure (Art. 17 GDPR): You can request the deletion of your data, provided there are no statutory retention obligations.
  • Restriction (Art. 18 GDPR): You can request the restriction of processing.
  • Data Portability (Art. 20 GDPR): You can obtain your data in a structured format.
  • Objection (Art. 21 GDPR): You can object to the processing.
  • Withdrawal of Consent (Art. 7 (3) GDPR): You can revoke given consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected.

To exercise your rights, please contact: datenschutz@firemetrix.io

14. Right to Lodge a Complaint

You have the right to complain to a data protection supervisory authority. The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
https://www.ldi.nrw.de

15. Retention Periods

  • Account Data: Until deletion of the account
  • Google Ads Data: Until deletion of the account or revocation of OAuth authorization
  • Meta Ads Data: Until deletion of the account or revocation of OAuth authorization
  • Billing Data: 10 years (statutory retention obligation according to German commercial/tax law)
  • Log Data: 90 days

Upon cancellation or deletion of the account, all data will be deleted within 30 days, provided there are no statutory retention obligations.

16. Data Security

We take appropriate technical and organizational measures to protect your data:

  • Encrypted transmission (TLS/HTTPS)
  • Encrypted data storage
  • Strict multi-tenancy (Schema-per-Tenant)
  • Regular security updates
  • Access restrictions and role concept

17. Changes to this Privacy Policy

We reserve the right to adapt this data protection declaration if necessary, in particular in the event of changes to functionality or legal requirements. The current version is always available at firemetrix.io/privacy.