Security

1. Data access — how we connect to Google Ads

We connect to Google Ads exclusively through Google's OAuth 2.0 flow. You sign in with Google and authorize Blync to access the specific scopes we request — we never see, request, or store your Google password.

• OAuth-only access. You can revoke our access at any time from myaccount.google.com. Revoking ends our ability to read or modify your account on the same trip.
• Read-only analysis by default. Audits, scans, and findings only read data. Mutations (pausing a campaign, adding a negative keyword) are never executed without an explicit confirmation step from you — either in the dashboard (“Apply Fix”) or in chat (“Confirm”).
• Audit trail. Every applied change is recorded with who approved it, when it ran, and the data needed to undo it.

2. OAuth scopes explained

We request the following Google scopes:

• https://www.googleapis.com/auth/adwords — read account structure, metrics, and conversion data, and (only on user confirmation) apply mutations.
• https://www.googleapis.com/auth/content — required to discover and read Google Merchant Center accounts when you opt into Merchant Center support.
• email — used to identify which Google account authorized the connection (so you can manage multiple connected identities).

We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google product.

3. What we store

We store the smallest amount of Google Ads data needed to deliver the service. Specifically:

• Account metadata — customer IDs, account names, currencies, time zones.
• Scan results and findings — the diagnostic output (headlines, dollar-impact figures, supporting fields). We do not retain the raw GAQL responses indefinitely; they live only as long as needed to derive findings, then are pruned.
• Action history — records of every change you applied or rolled back via Blync.
• Account intelligence — derived industry, location, monthly-spend estimate, and channel mix.
• Chat history — your messages to the AI advisor and its responses, scoped to a single account.

We do not store raw ad creative, campaign mutations performed outside Blync, billing details from Google Ads, or any data unrelated to the authorized scopes above.

4. Encryption

• In transit: TLS 1.3 for all client–server traffic, and for the connections between our service, Google APIs, and Stripe. Connections that don't negotiate at least TLS 1.2 are rejected.
• At rest: Database storage uses AES-256 encryption via Google Cloud SQL's envelope encryption (Google-managed keys backed by Cloud KMS). Backups inherit the same encryption.
• OAuth tokens: Refresh tokens are stored encrypted at rest along with the rest of the database; they are only decrypted in-process when we need to refresh an access token, and are never logged or transmitted to third parties.

5. Infrastructure

The Blync service runs entirely on Google Cloud Platform in the United States.

• Application: Cloud Run (us-central1), serving the Next.js application with automatic TLS, autoscaling, and per- request isolation.
• Database: Cloud SQL for PostgreSQL with automated daily backups and 7-day point-in-time recovery.
• Background jobs: Cloud Scheduler triggers our weekly scans and email pipeline. Cloud Run Jobs run the BigQuery sync.
• Secrets: Stored in Google Cloud Secret Manager and injected at runtime; not present in container images, environment files in version control, or logs.
• Monitoring: Sentry for error tracking; Cloud Logging for request/audit logs.

6. Access control inside Blync

When more than one person on your team needs access to a single Google Ads account, Blync supports three roles:

• Owner — first user to connect the account. Full access including billing, transfer of ownership, and disconnection.
• Manager — can run scans, view all findings, and execute approved changes.
• Viewer — read-only access to findings, reports, and dashboards; cannot apply changes or modify settings.

Role changes are restricted to Owners. Mutation actions (“Apply Fix”, chat-driven changes) check the caller's role at execution time, not just at proposal time.

7. Data retention and your rights

You can delete your Blync account and every record we hold about you at any time, from Workspace Settings → Danger zone → Delete my account. The deletion is immediate and irreversible: it cascades through every table that references your user, cancels any active Stripe subscription, and removes the OAuth tokens that let us reach Google on your behalf. Logs from before the deletion are retained for up to 30 days for security incident review, then purged.

You can also revoke our Google Ads access independently of deleting your Blync account via myaccount.google.com/permissions. When you do that, our scans for that account will start failing and you'll see a re-connect prompt on the dashboard.

For California (CCPA), Virginia (VCDPA), and similar state privacy requests, contact us at the address below and we will process the request within the timeline required by the applicable law.

8. SOC 2 preparation

We are not currently SOC 2 attested. We have adopted the controls a Type I audit will measure against — least-privilege IAM, encrypted backups, audit logging on mutation paths, vendor management, and a written incident-response runbook — in advance of beginning a formal audit. If you need a vendor security questionnaire completed ahead of a procurement decision, email security@blyncdigital.com and we will respond within five business days.

9. Reporting a vulnerability

If you believe you have found a security issue affecting Blync, please email security@blyncdigital.com with reproduction steps and any supporting evidence. We will acknowledge receipt within two business days and keep you informed of remediation progress. We do not currently run a paid bug-bounty program, but we will recognize researchers who report valid issues responsibly.

10. Contact