LDOO Privacy Policy

LDOO Limited ("LDOO", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, retain, and protect your data when you use the LDOO application, website, and connected integrations.

This policy applies to information you provide directly to LDOO, information generated through your use of the Service, and data you authorize LDOO to access from connected third-party platforms such as analytics, advertising, CRM, commerce, video, spreadsheet, and behavioral analytics services, including Google, Meta, LinkedIn, X, HubSpot, Shopify, Microsoft, and other integrations we support now or in the future.

1.1 Account Information: your name, email address, password or authentication credentials, company details, billing details, and team account information you provide when registering or subscribing.

1.2 Connected Platform Data: data from marketing and analytics platforms you choose to connect. Current integrations include Google Analytics 4, Google Search Console, YouTube Analytics, Google Ads, Google Sheets, Meta Ads, LinkedIn Ads, X Ads, HubSpot CRM, Shopify, and Microsoft Clarity, and may expand as we add more integrations. This data may include account and property identifiers, campaign and traffic metrics, search performance data, video analytics, spreadsheet metadata and cell values you link, e-commerce order and revenue fields where applicable, and other reporting data exposed by the connected service.

1.3 Connected Account Access Data: account identifiers needed to maintain a connection, granted scopes or permissions, encrypted OAuth tokens or other credentials, sync timestamps, selected properties/accounts, and integration configuration data.

1.4 Usage Data: device information, IP address, browser type, login activity, audit logs, feature usage, and support interactions.

1.5 AI-Generated Data: answers, reports, portals, summaries, recommendations, and other analytics generated by LDOO from your connected data and prompts.

We use your data to:

• Provide, secure, and operate LDOO.
• Authenticate, maintain, and troubleshoot connected integrations.
• Sync, store, organize, and display connected platform data inside your LDOO workspace.
• Generate answers, reports, portals, alerts, and other user-facing analytics features you request.
• Manage subscriptions, billing, payments, and customer support.
• Monitor usage, prevent abuse, investigate incidents, and improve platform functionality.
• Comply with legal obligations and enforce our terms.

We may anonymize and aggregate data across customers for analytics, service reliability, and product improvement. Aggregated data does not identify you, your end users, or any connected account.

For users in applicable jurisdictions, we process personal data under the following legal bases:

• Performance of contract.
• Legitimate interests.
• Compliance with legal obligations.
• Consent where applicable.

5.1 We do not sell personal data, connected platform data, or Google user data.

5.2 We may share data with subprocessors acting on our behalf for hosting, database infrastructure, authentication, email delivery, payments, customer support, monitoring, and AI processing needed to provide requested LDOO features.

5.3 Connected platform data, including Google user data, is shared or transferred only as necessary to provide or improve the user-facing features you request in LDOO, and not for targeted advertising, data brokerage, resale, credit-worthiness decisions, or lending purposes.

5.4 We may disclose data where legally required or where necessary to protect rights, safety, security, and property.

5.5 In the event of a merger, acquisition, or business transfer, your data may be transferred subject to continued privacy protections consistent with this policy.

6.1 LDOO accesses data from connected platforms only to provide and improve the user-facing features you request, such as syncing data, organizing workspace records, generating answers and reports, creating portals, surfacing alerts, and maintaining integration health and security.

6.2 Google API data and AI / ML model training

AI/ML model training (Google and Workspace APIs). User data obtained through Google APIs — including data accessed via Google Workspace APIs (for example, the Google Sheets API for spreadsheets you explicitly link) and data accessed via other Google APIs listed below — is not used to train, fine-tune, or improve generalized artificial intelligence, machine learning, or foundation models. It is used solely to operate LDOO for your account: for example, to run read-only syncs, store queryable copies in your workspace, and to generate the specific answers, reports, alerts, and other outputs you request.

Specific Google APIs and categories of data (read-only). Depending on which integrations you connect, LDOO may access the following Google APIs and categories of information (always subject to the OAuth scopes you approve and this policy): Google Analytics / GA4 (property and reporting metrics); Google Search Console (search performance and property metadata); Google Ads API (advertising account and campaign reporting — read-only use in LDOO; we do not change your campaigns through this integration); YouTube Data API v3 (channel metadata, thumbnails, and video list/search results for channels you select); YouTube Analytics API (aggregated channel metrics such as views and watch time); Google Sheets API (spreadsheet metadata and cell values for spreadsheets you link by URL or ID). We retain this data only as needed to provide the Service and as described in the retention section below.

6.2.1 Exact OAuth scopes requested. The scopes below are the complete set LDOO requests from Google. All are read-only except Google Ads, which uses the only available scope (LDOO performs read-only operations only). LDOO never requests write, modify, or full-Drive scopes.

• https://www.googleapis.com/auth/analytics.readonly — read GA4 property list and reports (sessions, users, engagement, conversions) for the properties you connect.
• https://www.googleapis.com/auth/webmasters.readonly — read Search Console properties and search performance reports (clicks, impressions, position, CTR) for the properties you connect.
• https://www.googleapis.com/auth/youtube.readonly — read channel metadata, video lists, and thumbnails for channels you select.
• https://www.googleapis.com/auth/yt-analytics.readonly — read aggregated channel analytics (views, watch time, retention) for channels you select.
• https://www.googleapis.com/auth/adwords — read Google Ads account structure, campaign performance, and cost metrics for the accounts you connect.
• https://www.googleapis.com/auth/spreadsheets.readonly — read spreadsheet metadata and cell values for the individual Google Sheet you paste or pick. No Drive list, no cross-file access.

If you disconnect an integration inside LDOO or revoke access from your Google Account permissions page, LDOO can no longer call the corresponding API.

6.2.2 Exact OAuth scopes for non-Google providers. LDOO requests the following OAuth scopes from non-Google connected platforms. All are read-only; LDOO never writes to, modifies, or creates records in your connected accounts.

• Meta (Facebook/Instagram Ads): ads_read (read ad account performance — campaigns, ad sets, insights), pages_read_engagement (required by Meta as a dependency of ads_read), business_management (enumerate the ad accounts you have access to so you can choose one to connect).
• LinkedIn Ads: r_ads (read ad accounts and campaigns), r_ads_reporting (read campaign performance metrics).
• Shopify: read_orders (read order-level revenue and fulfilment data), read_products (read the product catalog to resolve order line items). LDOO never requests write scopes; your store, products, and settings cannot be modified through this integration.
• Microsoft Clarity: API key only (no OAuth). You generate a project-scoped read key inside Clarity and paste it into LDOO; LDOO reads session-level user-behaviour metrics for that project only.

You can revoke any of these connections at any time from the relevant provider's integrations/apps page, or by disconnecting the integration inside LDOO.

6.3 We do not use connected platform data for targeted advertising, personalized advertising, data brokerage, resale, credit-worthiness, lending, or unrelated secondary purposes.

6.4 Where needed to provide requested functionality, we may provide relevant connected platform data to service providers acting on our behalf, including infrastructure providers and Anthropic for requested natural-language answers and reports. Those providers may process the data only under our instructions and may not use it for their own advertising or for training their generalized models on your Google user data.

6.5 LDOO's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google user data is accessed, used, stored, and shared subject to the restrictions in this policy.

6.6 You may revoke LDOO's access to any connected account at any time through the relevant provider settings where available, or by disconnecting the integration inside LDOO. If we materially change how LDOO accesses, uses, stores, or shares Google user data, we will update this policy and any relevant in-product notices.

We retain data only for as long as needed to provide the Service and meet legal, accounting, security, and contractual obligations.

• Account and billing records are retained for the period required to operate your subscription and comply with law.
• OAuth tokens and integration configuration are retained until you disconnect the integration, revoke access, or delete your account, subject to limited backup and recovery windows.
• Synced platform data and generated outputs are retained while your workspace is active unless you delete them earlier or request deletion.
• Logs, security records, and backups may be retained for a limited period to prevent abuse, investigate incidents, and restore systems.

When data is no longer required, we delete, de-identify, or securely destroy it. You may request deletion of your data at any time by contacting legal@ldoo.com.

We implement industry-standard security measures, including:

• Encryption in transit and encryption at rest for sensitive data, including stored integration secrets and tokens.
• Secure hosting infrastructure, database protections, and environment-level secret management.
• Access controls, authentication, least-privilege permissions, and audit logging.
• Monitoring, incident response, and operational safeguards designed to protect confidentiality, integrity, and availability.

Data may be processed in countries outside your jurisdiction, including New Zealand, the United States, and Europe. We implement appropriate safeguards for international transfers.

You may:

• Access your personal data.
• Request correction or deletion.
• Object to certain processing.
• Withdraw consent (where applicable).

Contact legal@ldoo.com to exercise your rights.

LDOO is not intended for children under 16. We do not knowingly collect data from minors.

We may update this Privacy Policy periodically. Material changes will be communicated through the Service, on our website, or by email where appropriate.

LDOO Limited
legal@ldoo.com