Privacy Policy
Compass AI Technologies Pvt. Ltd. · Last updated: 12 June 2026
Compass AI Technologies Pvt. Ltd. (“Compass,” “we,” “us,” or “our”) operates the Compass platform at my-compass.ai and app.my-compass.ai (the “Service”): a business-to-business marketing-intelligence dashboard that helps businesses and agencies connect and manage their Google marketing accounts.
This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. By using the Service, you agree to this Policy. This is a business product intended for organizations and their authorized staff. It is not directed to, or intended for, children.
Information We Collect
We collect information from the following sources:
a) Information you provide directly
- Account registration: your name, email address, and password (passwords are managed through our authentication provider and are not stored by us in plain text).
- Profile information: your role, organization, and the clients or brands you are authorized to manage.
- Content you provide: files you upload for marketing features (for example, creative assets or feed templates) and the configuration you enter.
- Support communications: information you share when you contact us.
b) Information from third-party services
- Single Sign-On (SSO): when you sign in with Google, we receive your basic profile and email address to create and secure your account.
- Connected integrations: when you connect a Google account, we receive data from that service on your behalf and with your authorization, including Google Business Profile (locations, profile details, reviews, posts, media, and insights), Google Ads (advertising accounts and campaign performance), Google Search Console (sites and search-analytics), and Google Analytics (GA4 metrics). We also store the OAuth access and refresh tokens needed to maintain these connections, in encrypted form.
c) Information collected automatically
- Technical and usage data generated when you use the Service, such as IP address, device and browser type, log files, and interaction data (the pages you view and actions you take). We use this for security, troubleshooting, and operating the Service.
d) Cookies and similar technologies
- We use only essential and functional storage (browser cookies and local storage) for session management, authentication, and to remember interface preferences such as theme and layout.
- We do not use advertising cookies, web beacons, third-party analytics trackers, or marketing pixels.
How We Use the Information
We use the information described above for the following business purposes:
- Service delivery: to operate, maintain, secure, and provide the core features of the Service, including syncing and displaying data from your connected Google accounts and managing your Google Business Profile content at your direction.
- Improvement and development: to understand aggregated usage trends and to develop and improve features. We do not use your personal data, or any data obtained through Google APIs, to develop, improve, or train generalized artificial-intelligence or machine-learning models.
- Communication: to send administrative and transactional messages (such as account, security, and billing notices), to respond to support requests, and to send occasional product updates. You can opt out of non-essential or promotional emails at any time.
- Personalization: to tailor your in-app experience to the platforms and dashboards relevant to your account.
- Security and compliance: to detect, prevent, and respond to fraud, abuse, and security incidents, and to meet legal obligations.
Plain English Summary
We do not serve targeted advertising and do not use your data, or Google user data, for advertising purposes.
We do not sell your personal information. We share information only as described below:
- Service providers (sub-processors): trusted vendors who process data on our behalf under contractual confidentiality and security obligations: Google Cloud Platform (hosting, databases, storage, encryption, and logging), Google Firebase (authentication), Google Workspace / Gmail API (transactional and notification email), and the Google Business Profile, Google Ads, Search Console, and Analytics APIs (the integrations you connect).
- Other users in your organization: information may be visible to other authorized users who share access to the same client, brand, or workspace within your account.
- Business transfers: if we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal data.
- Legal compliance and protection: we may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of Compass, our users, or others, or to prevent fraud or security issues.
Your Rights and Choices
You have control over your information:
- Access and correction: you can view and update your account and profile information within the Service, or request access or correction by emailing us.
- Disconnecting integrations: you can disconnect any connected Google account at any time within the Service. You may also revoke Compass’s access directly from your Google Account at myaccount.google.com/permissions. When you disconnect, we revoke and delete the associated OAuth tokens.
- Deletion: you can request deletion of your account and associated personal data by emailing us. Following deletion, we remove or anonymize your personal data, subject to limited retention required by law (see Section 5).
- Email choices: you can unsubscribe from non-essential or promotional emails using the link in those emails. Administrative and security messages are necessary for the Service and cannot be opted out of while your account is active.
- Cookies: because we use only essential and functional storage, disabling it in your browser may prevent the Service from working correctly.
Depending on your jurisdiction (including under India’s Digital Personal Data Protection Act, 2023), you may have additional rights, such as the right to grievance redressal. You can exercise these by contacting us using the details in Section 9.
Data Storage, Security, and Retention
- Security: we protect data using industry-standard measures, including encryption in transit (TLS) and encryption of stored OAuth tokens (using Google Cloud Key Management Service, with per-client keys for Google Business Profile), secrets held in a managed secrets service, role-based access controls, private (non-public) database connectivity, and malware scanning of uploaded files. No method of transmission or storage is completely secure, but we work to protect your information.
- Storage location: data is primarily stored and processed in Google Cloud’s Mumbai, India region.
- Retention: we retain your information for as long as your account is active or as needed to provide the Service. After account closure or integration disconnection, we delete or anonymize your personal data within approximately 90 days, except where longer retention is required to comply with legal, tax, or regulatory obligations, or to resolve disputes and enforce our agreements. OAuth tokens are revoked and deleted promptly upon disconnection.
- Cross-border transfers: while our primary processing region is India, some service providers (such as Google) may process certain data in other countries. Where data is transferred across borders, we rely on providers that maintain appropriate safeguards.
Children’s Privacy
The Service is a business product intended for use by organizations and their authorized adult staff. It is not directed to children, and we do not knowingly collect personal information from anyone under the age of 18. We do not serve advertisements, and we do not sell personal data. If you believe a child has provided us personal information, please contact us and we will delete it.
Google API Services: Limited Use Disclosure
Compass’s access to, use, storage, and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide and improve the user-facing features you enable (managing your Google Business Profile and viewing your Google Ads, Search Console, and Analytics data).
- We do not use Google user data for advertising.
- We do not sell Google user data, and we do not transfer it to others except as necessary to provide these features, to comply with applicable law, or with your explicit consent.
- We do not use Google user data to develop, improve, or train generalized AI or ML models.
The Google scopes we may request include business.manage, adwords, Search Console (webmasters.readonly), Analytics (analytics.readonly), gmail.send (to send notifications on your behalf), and openid / email (to identify your account).
Changes to This Policy
We may update this Privacy Policy from time to time to reflect our current practices and to ensure compliance with applicable laws. When we post changes, we will revise the “Last updated” date at the top of this Policy. If we make any material changes to how we collect, use, store, or share your personal information, we will notify you on our website or by sending an email to the address associated with your Compass account. We recommend that you review this page periodically to stay informed of any changes.
Plain English Summary
We won’t make major changes without notice, but it’s still a good idea to check this page now and then.
How to Contact Us
If you have any questions about this Privacy Policy or the Service, or wish to make a complaint or raise a grievance, please contact us:
Grievance Officer
Compass AI Technologies Pvt. Ltd.
Hasemane Hall, 1st Floor, Kanakapura Main Road,
JP Nagar 6th Phase, Jarganahalli,
Bengaluru, Karnataka 560078, India