🔒 Privacy Policy

Last updated: December 14, 2025

Our Security Commitment:

NS Ads Xperts™ is committed to protecting your privacy and personal data. We comply with personal data protection regulations in Vietnam and international standards.

🔐 Google API Services User Data Policy - Limited Use Disclosure

NS Ads Xperts™'s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

⚠️ Google Ads Connection is OPTIONAL:

You are NOT REQUIRED to connect Google Ads to use the service
If not connected: You can still use all fraud detection features, view the list of IPs to block, and manually add IPs to Google Ads
If connected: The app will automatically sync blocked IPs to your campaigns, saving time

How Google API Improves App Functionality:

✅ Automatic IP blocking sync: Instead of manually copy/pasting each IP into Google Ads interface, the app automatically sends the IP list via API
✅ Time saving: With 100+ IPs to block, manual addition can take hours. API sync takes only seconds
✅ Campaign list linking: The app reads your campaign list from Google Ads, allowing you to choose which campaigns need IP blocking
✅ Avoid duplicates: The app reads the list of blocked IPs from Google Ads to avoid adding duplicates
✅ Quick operation: Click one "Sync to Google Ads" button instead of login Google Ads → Settings → IP Exclusions → Paste each IP

Data We Access from Google APIs (Only when you connect):

ONLY purpose: Sync the list of IP addresses to block to your Google Ads campaigns (IP exclusions)
NO sharing: We do NOT share Google user data with any third parties
NO use for AI/ML: Google user data is NOT used to train AI or machine learning models
NO use for advertising: Google user data is NOT used for marketing or advertising targeting purposes
Security: OAuth tokens are encrypted with AES-256 and only used to call Google Ads API
Control: You can disconnect Google Ads anytime in Settings → Providers

1. Information We Collect

1.1. User Personal Information

When you register and use our service, we collect:

Data Type	Details	Purpose
Account Information	Email, full name, password (encrypted)	Login, authentication, contact
Payment Information	Payment method, transaction history	Process payments, invoices
Domain	Your website domain	Track, analyze clicks
Advertising Account ⚠️ OPTIONAL	Google Ads Customer ID Only when you choose to connect to automatically sync IP blocking via Google Ads API	Connect and automatically sync blocked IPs to Google Ads
OAuth Tokens ⚠️ OPTIONAL	Access Token, Refresh Token (AES-256 encrypted) Only when you choose to connect advertising platforms	Access advertising API (if you choose to connect)

🔐 Security: Passwords are hashed with bcrypt with cost factor 12. OAuth tokens are encrypted with AES-256-CBC before saving to database. We NEVER store passwords in plain text.

📊 Cross-platform Monitoring:

The app can track clicks from multiple advertising platforms (Google Ads, Facebook Ads, TikTok Ads, etc.) through URL tracking parameters. However, currently only API connection with Google Ads is supported for automatic IP blocking sync.

✅ All platforms: Monitor clicks, fraud detection, view list of IPs to block
✅ Google Ads only: Automatically sync IP exclusions via API (optional)
⚠️ Other platforms: Export CSV and manually add IPs to that platform

1.2. Click Tracking Data

When users click on your ads, we collect:

Data	Example	Purpose
IP Address	123.456.789.012	Detect repeated clicks, block fraud
User Agent	Mozilla/5.0 (Windows NT 10.0...)	Identify device, browser, bot
Referrer	https://google.com/search?q=...	Analyze traffic source
Device Info	Desktop, Mobile, Tablet	Analyze by device
Location	Hanoi, Vietnam (from IP)	Geographic analysis
Timestamp	2025-12-10 09:30:15	Timeline, trend analysis
Behavior Data	Time on page, scroll depth, clicks	Detect bots, fraud

⚠️ Note: We do NOT collect sensitive information such as credit card numbers, ID numbers, end-user passwords. Tracking data is only used to detect fraud and improve advertising quality.

2. How We Use Information

2.1. Purpose of Use

Provide service: Track clicks, detect fraud, automatically block IPs
Reports & Analysis: Create dashboards, charts, weekly reports via email
Advertising connection: Sync blocked IPs to Google Ads, Facebook, TikTok
Payment: Process transactions, send invoices
Customer support: Answer questions, resolve technical issues
Improve service: Analyze trends, optimize fraud detection algorithms
Legal compliance: When requested by authorities

2.2. Fraud Detection Algorithm

Our fraud detection system uses rule-based algorithms to analyze click patterns:

✅ Rule-based Detection: Detect repeated clicks, bot patterns, suspicious behaviors based on predefined rules
✅ Real-time Analysis: Analyze click data in real-time to block fraud immediately
✅ Statistical Analysis: Use statistical methods to detect anomalies (not machine learning)
❌ NO AI/ML Training: We do NOT use machine learning or AI training with any data
❌ NO data sharing: Click tracking data is ONLY used for your account, not shared or aggregated with other users

📌 Clarification on Google User Data:

Data from Google APIs (OAuth tokens, Campaign IDs, IP Exclusion Lists) is ONLY used to perform IP blocking sync to your Google Ads campaigns. We strictly comply with Google API Services User Data Policy - Limited Use requirements.

❌ NOT used for AI/ML training: Google user data is NOT used to train machine learning models
❌ NOT used for analytics: No performance analysis, no comparison with other users
✅ ONLY used for sync: Only to read campaign list and send IP exclusions to campaigns you select

3. Sharing Information with Third Parties

3.1. Third Parties We Share With

Third Party	Shared Data	Purpose
VNPay	Email, payment amount, order code	Process payments
Google Ads API	IP addresses to block (only sent, no user data received)	Sync IP exclusions to YOUR campaigns (optional)
Email Service (SMTP)	Email, name, report content	Send notification emails
Cloud Hosting Provider	All data (encrypted at rest)	Store database, files

3.2. We Do NOT Share

We NEVER sell, rent, or share your personal information with:

Third-party advertising companies (ad networks)
Unrelated marketing partners
Parties not listed above

3.3. How We Use Google User Data (Details)

📌 Important: Google Ads connection is OPTIONAL. You can fully use the service without connecting.

When you do NOT connect Google Ads:

The app still detects fraud clicks and displays the list of IPs to block
You can export the IP list as CSV
You manually add IPs to Google Ads (Settings → Account Settings → IP Exclusions)
No data is shared with Google

When you CHOOSE to connect Google Ads:

Google Data	How We Use	Not Used For
OAuth Access Token	Authenticate to call Google Ads API (add IP exclusions)	❌ AI training ❌ Marketing ❌ Third-party sharing
Google Ads Customer ID	Identify your Google Ads account for sync	❌ Long-term storage ❌ Behavior analysis
Campaign List	Read campaign list from your Google Ads account to display in dropdown selector	❌ Store campaign details ❌ Track performance ❌ Compare with other users
Campaign IDs (selected)	Send IP exclusions to campaigns you have selected (you can choose which campaigns receive IP blocking)	❌ Change other campaign settings ❌ Access campaign budget/bids
IP Exclusion Lists	Read list of blocked IPs to avoid duplicates	❌ Save to database ❌ Use for other purposes

🔒 Commitment on Google User Data:

OAuth tokens are AES-256 encrypted before saving to database
Tokens automatically expire after 60 minutes (refresh token used for renewal)
When you disconnect Google Ads, tokens are immediately deleted from database
We do NOT log API request/response content containing user data
API calls are made real-time, no caching

💡 Comparison: Manual vs API Connection

Feature	No Connection (Manual)	With Connection (API)
Fraud Detection	✅ Yes	✅ Yes
View IP List	✅ Yes	✅ Yes
Export CSV	✅ Yes	✅ Yes
Thêm IP vào Google Ads	⚠️ Manual (copy/paste each IP)	✅ Automatic via API (1 click)
Thời gian xử lý	⏱️ 30-60 minutes (with 100+ IPs)	⚡ 5-10 seconds
Chọn campaigns	❌ Must add each campaign separately	✅ Select multiple campaigns at once
Tránh duplicate	⚠️ Must check manually	✅ Automatic check

Conclusion: API connection saves 95% of time compared to manual operation, but is completely OPTIONAL. You can choose whichever method suits you.

4. Data Security

4.1. Technical Measures

Encryption:

HTTPS/TLS 1.3: All connections are end-to-end encrypted
AES-256-CBC: OAuth tokens, sensitive data
Bcrypt (cost 12): User passwords
Encryption at rest: Database is encrypted on disk

System Protection:

Firewall: Block unauthorized access
WAF (Web Application Firewall): Prevent SQL Injection, XSS
Rate Limiting: 100 requests/minute to prevent DDoS
2FA (Two-Factor Authentication): Optional for important accounts

Access Control:

Role-based Access Control (RBAC): Admin, User roles
Session Management: Session timeout 7 days (can be revoked)
OAuth Scopes: Only request minimum necessary permissions

4.2. Operational Measures

Backup: Automatically backup database every 6 hours, keep 30 days
Monitoring: 24/7 monitoring, alerts on anomalies
Incident Response: Security incident response plan
Employee Training: Train staff on information security
Third-party Audits: Regular security audits

4.3. In Case of Data Breach

If a data breach occurs, we commit to:

Notify you via email within 72 hours
Clearly describe affected data
Guide protection steps (change password, revoke tokens)
Report to authorities (if necessary)
Apply remediation measures immediately

5. Data Storage and Deletion

5.1. Storage Duration

Data Type	Storage Duration	Reason
Account Information	Until you delete account + 30 days	In case you return
Click tracking data	12 months	Analysis, reporting
IP blocked	6 months (can be manually deleted)	Maintain blocking effectiveness
Payment history	10 years	Comply with accounting law
Email logs	90 days	Debugging, support
OAuth tokens	Until you disconnect + 7 days	Token cleanup

5.2. Right to Delete Data

You have the right to request deletion of your personal data at any time:

Delete account: In Profile page → Delete Account
Delete click data: Contact [email protected]
Delete IP blocked: In Blocked IPs page → Bulk Actions → Delete
Revoke OAuth: In Providers page → Disconnect

⚠️ Note: After deleting data, we CANNOT recover it. Please consider carefully before proceeding. Payment data will still be retained for 10 years per accounting law (but not displayed in the system).

6. User Rights

6.1. Right to Access

You have the right to view and download all your personal data:

Account information: In Profile page
Click data: Export CSV in Tools page → Clicks Export
IP blocked: Export CSV in Blocked IPs page
Payment history: In Subscription page → Payment History

6.2. Right to Rectification

You can edit your personal information in the Profile page:

Full name
Email (need to verify new email)
Password
Domain

6.3. Right to Erasure

You can delete data as described in section 5.2.

6.4. Right to Data Portability

You can export data to CSV format to use elsewhere.

6.5. Right to Object

You have the right to object to the use of data for:

Marketing: Unsubscribe from email marketing anytime (if any)
Weekly Reports: Turn off automatic weekly reports in Settings → Notifications

7. Cookies and Tracking Technologies

7.1. Cookies We Use

Cookie	Type	Duration	Purpose
PHPSESSID	Essential	7 days	Login session
remember_token	Functional	90 days	"Remember me" login
domain_context	Functional	30 days	Remember viewing domain

📌 Note: We do NOT use Google Analytics or any third-party analytics cookies. All cookies are first-party and essential for app functionality.

7.2. Cookie Management

You can:

Block cookies: In browser settings (note: all cookies are essential, blocking will prevent app from working)
Delete cookies: Clear browser data (will logout from current session)
View cookies: F12 → Application → Cookies to check saved cookies

8. Children Protection

Our service is NOT intended for children under 18 years old. We do not knowingly collect information from children. If we discover data from children, we will delete it immediately.

9. Data Storage and Transfer

🇻🇳 Data Storage:

Servers: All data is stored in Vietnam
Database: MySQL database hosted in Vietnam
Backup: Automatic backup at the same datacenter
❌ NO international storage: Do not use third-party cloud services (AWS, Google Cloud, Azure)

9.1. International Data Transfer

When you connect Google Ads API (OPTIONAL):

Only IP address lists are sent to Google servers to perform IP exclusions sync:

Platform	Data SENT	Data RECEIVED	Server Location
Google Ads API	IP addresses to exclude (only when you connect)	Campaign list, IP exclusion lists, Confirmation response (not stored)	US, Ireland (GDPR compliant)

📌 Important: We do NOT send your personal information (email, name, payment info) to Google. OAuth tokens are only used to authenticate API calls and are encrypted during transmission (HTTPS/TLS 1.3).

📊 Other Platforms (Facebook Ads, TikTok Ads, etc.):

The app does NOT connect API with these platforms
Only track clicks via URL tracking parameters (no account needed)
DO NOT collect OAuth tokens or account credentials from these platforms
You export the IP list and manually add to those platforms

10. Policy Changes

We may update the Privacy Policy periodically
Notify via email at least 30 days before taking effect
Update date displayed at the top of the page
Continued use of the service means you accept the changes

11. Security Contact

🔒 Data Protection Officer (DPO)

Email: [email protected]

Hours: Mon-Fri, 9:00 AM - 6:00 PM (GMT+7)

If you have questions or complaints about data security:
Please contact the DPO. We commit to respond within 7 business days.

Company: NetSolutions Vietnam Co., Ltd
Address: 57 Bau Cat 6, Tan Binh Ward, Ho Chi Minh City
Tax ID: 0315715146

We are committed to protecting your privacy and data.
Thank you for trusting NS Ads Xperts™! 🙏

← Back to Dashboard