Question 1

What does read and write access mean?

Accepted Answer

All plans connect with the same Google Ads API scope. On Free and Accountability plans, viaCMO analyses your account data (campaigns, keywords, conversions, change history) but never modifies anything. On the Action plan, VIA sessions can execute approved changes via the API, but only after you review the batch summary and click CONFIRM.

Question 2

What data does viaCMO access?

Accepted Answer

viaCMO accesses Google Ads data only: campaigns, ad groups, keywords, ads, audiences, conversions, change history, and performance metrics. We do not see anything in your Google Ads account beyond that — no Google Ads billing-method details, no customer-list audiences with PII, no Google Analytics, Gmail, Search Console, or any other Google service. (Your viaCMO subscription billing is handled separately through Stripe and is unrelated to the Google Ads connection.)

Question 3

Can viaCMO see my customers' personal data?

Accepted Answer

No. viaCMO does not access customer lists, audience uploads, or any customer PII you have stored in Google Ads. We see aggregate performance data — impressions, clicks, conversions, costs — and the search-term reports Google provides (which Google itself filters for low-volume queries that could be identifying). We do not extract, store, or process customer records from your CRM, website forms, or any source outside the Google Ads account.

Question 4

How is my data stored and protected?

Accepted Answer

OAuth access and refresh tokens are encrypted at rest using AES-256-GCM. Your Google account password is never accessed, seen, or stored — viaCMO only holds the access tokens Google issues. Account data is isolated per user in our database using row-level security, so no other customer can read your data. Persistent data is hosted with Supabase in Sydney, Australia. Connections are secured with TLS. We use a vetted set of subprocessors (listed at viacmo.com.au/subprocessors) and follow the Notifiable Data Breaches scheme under the Privacy Act 1988. Full security commitments are set out in our Privacy Policy.

Question 5

What happens if I revoke access?

Accepted Answer

You can revoke viaCMO's access in 10 seconds through your Google account settings. Once revoked, we can no longer read any data from your account. Your historical reports remain available in your viaCMO dashboard, but no new data will be collected.

Question 6

Does viaCMO comply with Australian privacy law?

Accepted Answer

Yes. viaCMO complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. We only collect what we need to provide the service, encrypt sensitive data at rest, and follow the Notifiable Data Breaches scheme. You can request access to or deletion of your personal information at any time, subject to limited statutory retention obligations (for example, tax records). We do not sell your data or use it for advertising. We disclose information only to the subprocessors who help operate the platform — listed at viacmo.com.au/subprocessors.

Question 7

Can viaCMO access anything beyond Google Ads?

Accepted Answer

No. The OAuth scopes we request are limited to your Google Ads account (auth/adwords) plus your basic Google profile information (name and email, used to identify your account). viaCMO cannot access Gmail, Google Analytics, Google Search Console, YouTube, Drive, or any other Google service.

How Your Google Ads Data is Protected

Read Access vs Write Access

Analyse

Execute

What viaCMO Can See

What viaCMO Cannot See

How Write Access Works

Revoke Access in 10 Seconds

How Your Data is Stored

Encrypted credentials

Account isolation

Enterprise infrastructure

TLS 1.3

Australian Privacy Law

Questions About Security

Find Out What Your Google Ads Are Actually Doing