Privacy Policy

AdPlug MCP ("AdPlug", "we", "us") is a hosted Model Context Protocol (MCP) platform that lets performance marketers connect their advertising accounts and manage them through AI tools such as Claude, ChatGPT, Cursor, and other MCP-compatible clients.

AdPlug is operated by MeanData IT SRL. Our website is adplug.app.

• To authenticate you and provide access to your MCP endpoint
• To execute ad platform API calls on your behalf when requested by your AI tool
• To enforce usage limits based on your subscription tier
• To display your usage history and connected accounts in your dashboard
• To send you service-related emails (connection issues, usage alerts, billing)

We do not sell your data. We do not use your ad account data for advertising, benchmarking, or any purpose other than fulfilling your MCP tool requests.

We share data with these services only as needed to provide the product:

• Supabase — Authentication and database hosting. Stores your profile, encrypted credentials, and usage logs. Located in US-East.
• Google Cloud (Cloud Run) — Hosts our API server. Processes your MCP requests. Located in US-East.
• Google Ads API / LinkedIn Ads API — We make API calls to these platforms using your OAuth tokens to fulfill your requests.
• Paddle — Payment processing and subscription management. Handles billing as merchant of record.
• Cloudflare — DNS and TLS termination for adplug.app.

AdPlug supports OAuth 2.1 authentication for MCP clients (such as Claude Desktop and ChatGPT). When you authorize an MCP client:

• The client registers itself via Dynamic Client Registration (DCR)
• You see a consent screen showing the client name and requested permissions
• You can approve or deny the request
• If approved, the client receives a time-limited access token (JWT)
• You can revoke access at any time from your dashboard

We do not share your ad account data with MCP client developers. The MCP client acts as a conduit — it sends your requests to our server, and we return results directly to your AI conversation.

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• OAuth tokens — deleted immediately when you disconnect a platform or delete your account.
• Usage logs — retained for the duration of your audit log period (7 days Free, 30 days Pro, 90 days Agency). Older logs are permanently deleted.

• All OAuth tokens are encrypted at rest (AES-256 / Fernet)
• All connections use HTTPS (TLS 1.3)
• MCP endpoint requires authentication on every request
• OAuth 2.1 with PKCE for MCP client authentication
• Row-Level Security (RLS) in the database — users can only access their own data
• Rate limiting to prevent abuse (60 requests/minute per IP)

You can:

• Access your data — view your profile, connections, and usage in the dashboard
• Delete your data — disconnect platforms or delete your account from the dashboard settings
• Revoke access — disconnect any ad platform at any time; we immediately delete the stored OAuth tokens
• Export your data — contact us at privacy@adplug.app for a data export

If you are in the EU/EEA, you have additional rights under GDPR including the right to restrict processing and the right to data portability. Contact us to exercise these rights.

We use essential cookies only for authentication (Supabase session cookies). We do not use tracking cookies, analytics cookies, or advertising cookies.

We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of AdPlug after changes constitutes acceptance of the updated policy.

For privacy-related questions or requests, contact us at: privacy@adplug.app

MeanData IT SRL
Bucharest, Romania