Privacy Policy

Last updated: March 20, 2026.

This privacy policy describes how Potatomaker (“we”, “us”, “our”) collects, uses, stores, and protects your information when you use the Potatomaker platform at potatomaker.io, including our dashboard, MCP server, and related services.

Potatomaker is operated by Joakim Billingskog. For questions about this policy, contact us at [email protected].

What Potatomaker Does

Potatomaker is a platform that lets you manage advertising campaigns through AI assistants. It connects to your ad platform accounts (such as Google Ads) and exposes campaign management operations as tools that AI assistants can use on your behalf. You remain in control through configurable guardrails, approval gates, and a complete activity log of every action taken.

Information We Collect

Account Information

When you sign up, we collect:

  • Email address — used for authentication (magic link login) and account-related communications
  • Name — used for display in the dashboard and team management
  • Organization details — workspace name, display currency, and optional logo

Ad Platform Credentials

When you connect an ad platform account (such as Google Ads), we receive and store:

  • OAuth access tokens and refresh tokens — encrypted at rest using AES-256-GCM encryption, used solely to make API calls to the ad platform on your behalf
  • Account identifiers — your ad platform account IDs and account names, used to route API requests to the correct accounts

We do not store your ad platform password. Authentication uses the standard OAuth 2.0 protocol, and you can revoke access at any time from both Potatomaker and your ad platform’s security settings.

Ad Platform Data

When you or an AI assistant uses Potatomaker to interact with your ad accounts, we access campaign data from your connected ad platforms. This includes campaign names, ad groups, keywords, ads, budgets, bids, performance metrics (impressions, clicks, conversions, spend, etc.), and other campaign management data available through the ad platform’s API.

This data is accessed in real time to fulfill your requests and is not bulk-downloaded or stored beyond what is needed for the activity log (see below).

Activity Log Data

Every action performed through Potatomaker — whether initiated by you directly or by an AI assistant on your behalf — is recorded in an append-only activity log. This log includes:

  • What action was taken (e.g., “bid changed on keyword X”)
  • Before and after values of any changes
  • The reasoning provided by the AI for the action
  • Timestamps and which user or AI session initiated the action
  • Performance context at the time of the action

This activity log is a core feature of Potatomaker. It exists so you have a complete, auditable record of every change made to your ad accounts.

Business Context

You may optionally provide business context (industry, goals, target audience, competitors, brand voice, constraints) to help the AI provide more relevant analysis. This information is stored per-workspace and only used to improve the quality of AI-generated recommendations for your accounts.

Technical Data

We collect standard technical data necessary for operating the service, including session tokens, IP addresses (for security and abuse prevention), and user agent strings.

How We Use Your Information

We use your information solely to provide and operate the Potatomaker service:

  • Account information — to authenticate you, manage your workspaces and team members, and send transactional emails (magic link login, team invitations)
  • Ad platform credentials — to make API calls to your ad platforms on your behalf when you or an AI assistant requests data or makes changes
  • Ad platform data — to display campaign information, generate reports, and execute campaign management operations you request
  • Activity log data — to provide you with a complete audit trail, to measure the accuracy of AI predictions over time, and to surface patterns that improve future recommendations for your accounts
  • Business context — to provide contextually relevant AI analysis and recommendations

We do not use your information for advertising, profiling, or any purpose unrelated to providing the Potatomaker service.

Google API Services — Limited Use Disclosure

Potatomaker’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google Ads data to provide and improve the campaign management features you see in Potatomaker
  • We do not transfer Google Ads data to third parties, except as necessary to provide the service (see “Service Providers” below)
  • We do not use Google Ads data for advertising, retargeting, or interest-based profiling
  • We do not use Google Ads data to determine creditworthiness or for lending purposes
  • We do not sell Google Ads data
  • Human access to your Google Ads data is limited to: (a) with your consent for support purposes, (b) as necessary for security investigations, or (c) to comply with applicable law

Data Storage and Security

  • Encryption at rest: Ad platform OAuth tokens are encrypted using AES-256-GCM before storage. Each token is encrypted with a unique initialization vector.
  • Encryption in transit: All data transmitted between your browser, our servers, and third-party APIs uses TLS encryption.
  • Database security: Our database enforces row-level isolation between workspaces. Users in one workspace cannot access data from another workspace.
  • Access controls: API keys are stored as SHA-256 hashes. Role-based access control (owner, admin, member) governs what team members can do within a workspace.
  • Activity log integrity: The activity log is append-only. Logged entries cannot be modified or deleted (except through the GDPR data deletion process described below).

Our infrastructure is hosted on Railway in the EU West region. Application servers and database are located within the European Union.

Service Providers

We use the following third-party service providers to operate Potatomaker:

ProviderPurposeData Shared
Railway (EU West)Application and database hostingAll data stored in Potatomaker
Resend (US)Transactional email deliveryEmail addresses, for login and invitation emails only
Anthropic (US)AI model provider for skill executionAd platform data included in skill execution requests, processed in real time, not stored by Anthropic beyond their standard API data handling
Google Analytics (US)Usage analytics via Google Tag ManagerAnonymized usage data (page views, feature usage, general interaction patterns). No ad platform data is shared with Google Analytics
Google (US)Google Ads APIOAuth tokens and API requests for campaign management

We do not sell, rent, or share your data with any other third parties.

International Data Transfers

Our application servers and database are hosted in the EU West region. Your core data (account information, ad platform credentials, activity logs, and business context) is stored and processed within the European Union.

Some of our service providers are based in the United States (Resend for email delivery, Anthropic for AI model execution, and Google for the Google Ads API). Data shared with these providers is limited to what is described in the Service Providers section above. Where applicable, these transfers rely on the EU-U.S. Data Privacy Framework or standard contractual clauses.

Data Retention

  • Account data is retained for as long as your account is active.
  • Activity log data is retained for as long as your account is active, as it forms a core feature of the service. We may implement configurable retention periods in the future.
  • Ad platform credentials are retained until you disconnect the ad platform or delete your account. You can disconnect a platform at any time from your workspace settings.
  • Session data expires automatically (sessions have a limited time-to-live).

When you delete your account, all your personal data, activity logs, and stored credentials are permanently deleted.

Your Rights

For all users

You can at any time:

  • Access your data — view and export your data from the dashboard at Settings → Account → Data
  • Disconnect ad platforms — revoke Potatomaker’s access to your ad accounts from Settings → Workspace → Connections
  • Delete your account — permanently delete all your data from Settings → Account → Data

Additional rights for EU/EEA users (GDPR)

Under the General Data Protection Regulation, you have additional rights including:

  • Right of access — request a copy of all personal data we hold about you
  • Right to rectification — request correction of inaccurate personal data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restrict processing — request that we limit how we use your data
  • Right to object — object to our processing of your data

To exercise any of these rights, use the self-service tools in your account settings or contact us at [email protected]. We will respond within 30 days.

Legal basis for processing (GDPR Article 6):

  • Contract performance — processing your account data, ad platform credentials, and campaign data is necessary to provide the Potatomaker service you signed up for
  • Legitimate interest — activity logging and decision intelligence features serve our legitimate interest in providing a valuable audit and analytics service, balanced against your right to privacy
  • Consent — optional features such as business context and AI-generated recommendations are based on your voluntary input

Children’s Privacy

Potatomaker is a business tool for advertising professionals. We do not knowingly collect data from anyone under 18 years of age. If you believe a minor has created an account, please contact us and we will delete it.

Cookies

Potatomaker uses essential cookies required for authentication and session management. We also use Google Analytics (via Google Tag Manager) to understand how the service is used — this includes page views, feature usage, and general usage patterns. Google Analytics may set cookies on your device to collect anonymized usage data.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, retargeting cookies, or third-party tracking for ad personalization.

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes to how we handle your data, we will notify you by email before the changes take effect and update the “Last updated” date above.

Contact

For questions about this privacy policy or to exercise your data rights:

Email: [email protected]

Data Controller: Joakim Billingskog, operating Potatomaker as an independent project. Potatomaker is currently in an invite-only testing phase.