Privacy Policy
Last updated: May 16, 2026
Introduction
Vincenzo.be SRL ("we", "our", "Roger") operates the website https://heyroger.ai and the related Service. This policy explains how we collect, use, and protect your information, and how we handle data from your Google Ads account when you connect it to Roger.
Data we collect
You provide directly:
- Account information (name, email address)
- Google OAuth credentials (access and refresh tokens) stored encrypted, used to call the Google Ads API on your behalf
- Conversation history with Roger (messages sent and received, actions taken on your campaigns)
- Billing information, when applicable, processed by our payment provider
We collect automatically:
- Data from your Google Ads account via the official API: campaigns, ad groups, keywords, ads, performance metrics (impressions, clicks, conversions, cost, ROAS), search-term reports, recommendations
- Technical metadata (IP address, browser type, pages visited, timestamps)
- Service usage data (message volume, features used)
Data from your Google account
When you connect your accounts to Roger, you grant access to the following OAuth scopes:
- https://www.googleapis.com/auth/adwords - lets Roger read and modify items in your Google Ads account (campaigns, budgets, keywords, ads) to execute your requests.
- https://www.googleapis.com/auth/analytics.readonly - lets Roger read your Google Analytics data to display traffic reports alongside ad performance. Roger never modifies your Analytics configuration.
- Roger reads only the data needed to answer your messages and monitor the health of the campaigns you entrust to it.
- Roger never makes a change to your Google Ads account without your explicit approval in the conversation.
- Your Google data is never used to train AI models, and is never shared with third parties other than the sub-processors listed below.
- You can revoke Roger's access at any time from myaccount.google.com/permissions or from your Roger dashboard. Revocation removes the OAuth tokens we hold within 24 hours.
Google API Services User Data Policy
Roger's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Roger only uses Google user data to provide and improve user-facing features that are prominent in the application.
- Roger does not transfer Google user data to third parties except as necessary to provide the Service, with user consent, or for security and legal compliance purposes.
- Roger does not use Google user data for serving advertisements.
- Roger does not allow humans to read Google user data unless you have given affirmative consent, it is necessary for security purposes, or it is required by law.
Browser extension
Roger ships a Chrome browser extension that renders the same chat interface inside Chrome's side panel. The data Roger collects through the extension is the same as the data collected through the web app (account information, Google OAuth credentials, and conversation history), plus one extension-specific element:
- Active tab URL and title, read only when the
user is currently viewing a Google ad-ops product (
ads.google.com,analytics.google.com,tagmanager.google.com,search.google.com,merchants.google.com). Any other tab is filtered out inside the browser and never leaves the device. The URL and title are sent to Roger as conversational context so the assistant can answer questions like "what is this page" without the user re-describing it.
The extension does not:
- Read the contents of any web page (DOM, text, forms, images, or cookies).
- Monitor clicks, keystrokes, scroll position, or any other user activity.
- Track tabs outside the Google ad-ops allowlist above.
- Inject scripts into any website.
- Execute remote code in the extension's own context. The extension package is fully self-contained; the side panel embeds the Roger web app as a sandboxed iframe over HTTPS.
Retention of extension-collected data follows the same rules as the
web app (see Retention below): conversational context (including
active tab URL and title) is part of the conversation history and is
deleted within 30 days of account closure. You can uninstall the
extension at any time from chrome://extensions; this
immediately stops all data collection from the browser.
Sub-processors
Roger relies on the following sub-processors to operate the Service:
| Sub-processor | Role | Location |
|---|---|---|
| Railway | Application hosting and PostgreSQL database | EU / US (region-dependent) |
| Google LLC | OAuth authentication and Google Ads API | EU / US |
| Stripe | Payment processing and subscription billing | US / EU |
| Postmark (Wildbit) | Transactional email delivery (sign-in links) | US |
| Bugsnag (SmartBear) | Application error tracking | US |
| Plausible Analytics | Cookieless, anonymous analytics for the marketing site | EU |
| Anthropic / OpenAI | Language models powering the agent. Your data is not used for training (zero-data-retention option enabled). | US |
How we use your data
- Provide and maintain the Service
- Execute your requests on Google Ads (analyse, modify, alert)
- Detect and fix bugs and incidents
- Communicate with you (sign-in emails, support, invoices)
- Improve the product (aggregated statistics, never individually identifiable)
- Comply with our legal obligations
Retention
- Account and conversations: retained while your account is active. Deleted within 30 days of account closure.
- Google OAuth tokens: deleted within 24 hours of revocation, or immediately upon account closure.
- Technical logs: retained for 30 days, then purged.
- Invoices: retained for 7 years (Belgian accounting law).
Your rights (GDPR)
You can access, correct, export, or delete your data at any time. To exercise these rights, email hello@heyroger.ai. See also our GDPR page for detail.
Security
All communications are encrypted in transit with TLS. OAuth tokens are encrypted at rest. Code and infrastructure access is restricted to a small set of administrators.
Minors
Roger is a professional tool. The Service is not intended for people under the age of 16.
Changes
We will notify you by email at least 30 days before any significant change to this policy takes effect.
Contact
Vincenzo.be SRL · hello@heyroger.ai