Skip to main content
WPN

Privacy Policy

Effective immediately

Our Privacy Promise

Little Bear Apps is built on a foundation of privacy-first design. Our Chrome extensions process everything locally on your device, ensuring your personal data never leaves your computer.

This policy explains exactly what information we collect (spoiler: very little), how we use it, and your rights regarding your data.

Information We Collect

Extension Usage

  • Local Processing Only: All extension functionality happens entirely on your device
  • No Analytics: We don't track how you use our extensions
  • No Data Collection: Your files, bookmarks, and content stay on your device

How We Use Information

Website Analytics

This website uses privacy-focused analytics to understand general usage patterns.

  • Page views and popular content
  • Referrer information
  • General geographic regions
  • No personal identification

Contact Forms

When you contact us, we collect only the information you provide.

  • Email address for responses
  • Message content you send
  • Used only to respond to your inquiry
  • Not shared with third parties

Data Sharing & Third Parties

Simple answer: We don't share your data.

Since our extensions process everything locally and we collect minimal website data, there's nothing to share. We don't sell, rent, or trade any information about our users.

Your Rights & Control

Access

Contact us to know what data we have about you (hint: probably none from extensions)

Deletion

Request deletion of any data we have, though extensions store everything locally

Control

You control all your data since it never leaves your device with our extensions

Legal Compliance (GDPR/CCPA)

We comply with GDPR, CCPA, and other privacy regulations. Since our extensions process everything locally, most data protection concerns simply don't apply to our Chrome extensions.

GDPR Rights (European Union):

  • Right to Access: Contact help@littlebearapps.com to request a copy of your data
  • Right to Deletion: We'll delete your data within 30 days of your request
  • Right to Data Portability: Export your data in machine-readable formats (CSV, JSON)
  • Right to Opt-Out: Unsubscribe from marketing emails anytime
  • Right to Rectification: Request correction of inaccurate data

CCPA Rights (California):

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of personal information we've collected
  • Right to Opt-Out of Sale: We don't sell personal information (not applicable)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Complaint Process

If you have concerns about how we handle your data, contact us at help@littlebearapps.com. You also have the right to lodge a complaint with your local data protection authority.

Australian users: Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au

Contact Information

Data Controller

Organisation: Little Bear Apps

Location: Melbourne, Australia

Privacy Contact: help@littlebearapps.com

Response Time: Within 7 business days

Jurisdiction

Little Bear Apps is an Australian business operating under Australian privacy laws (Privacy Act 1988). We also comply with GDPR (European Union) and CCPA (California) where applicable.

Business Hours

Australian Eastern Time (AEST/AEDT)
Monday - Friday, 9:00 AM - 5:00 PM

Website Google Ads API Data Usage

Our website uses the Google Ads API to manage advertising campaigns and measure marketing performance. This applies only when you accept Tier 2 consent (Accept All) on our website.

Data Accessed via Google Ads API

  • Campaign Performance: Impressions, clicks, conversions, costs, CTR, conversion rates
  • Ad Metrics: Ad group performance, keyword metrics, conversion data
  • Conversion Tracking: Chrome extension installation events (Account ID: AW-17525550572)

Purpose of Collection

  • Optimise marketing campaigns and measure return on investment (ROI)
  • Track conversion events (e.g., extension installations) to understand campaign effectiveness
  • Improve ad targeting and reduce wasted ad spend
  • Generate performance reports for internal analytics

Data Retention

  • Audit logs: 90 days, then archived
  • Cached API responses: 7 days, then automatically purged
  • Aggregated campaign metrics: Retained indefinitely for historical analysis

Third-Party Sharing

We do not share your data with third parties except Google (via their API for conversion tracking). Google's use of this data is governed by their Privacy Policy and Google Ads API Terms of Service.

Data Security Measures

Credential Storage

  • All API credentials stored in macOS Keychain (hardware-encrypted via T2/SEP chip)
  • OAuth2 authentication with refresh tokens (no long-lived keys)
  • Application Default Credentials (ADC) via gcloud

Communication Security

  • All API communications over HTTPS/TLS 1.3
  • Certificate pinning for Google API endpoints
  • Encrypted data transmission at all times

Regular Audits

  • Weekly security dependency updates
  • Monthly security audits of API integrations
  • Automated vulnerability scanning

Access Controls

  • Principle of least privilege for API access
  • Role-based access control (RBAC)
  • Access logging and monitoring for all API calls

Incident Response

In the event of a security incident, we will notify affected users within 72 hours and take immediate steps to mitigate the issue.

Report security concerns to: security@littlebearapps.com

SEO Ads Expert - Google Ads Data Collection

When you connect SEO Ads Expert to your Google Ads account, we collect the following data:

Google Ads Data Collected

  • OAuth Access Tokens: Refresh tokens that allow us to access your Google Ads account on your behalf
  • Campaign Performance Data: Metrics including impressions, clicks, conversions, costs, CTR, CVR for campaigns, ad groups, keywords, and ads
  • Account Information: Google Ads customer ID, account name, currency settings
  • Search Terms Data: Query-level performance for search term analysis
  • User Preferences: Your automation settings, notification preferences, and saved configurations

Other Data Collected

  • Email address (for account creation and notifications)
  • Usage logs (features accessed, actions taken)
  • Browser information (user agent, IP address for security)

How We Use Google Ads Data

We use your Google Ads data solely to provide SEO Ads Expert services:

1. Generate Optimization Recommendations

  • Analyze campaign performance using Thompson Sampling algorithms
  • Identify waste, opportunities, and optimisation strategies
  • Provide budget reallocation suggestions

2. Apply Approved Changes

  • Execute user-approved budget adjustments
  • Implement bid strategy modifications
  • Add/remove keywords based on user authorisation

3. Track and Audit

  • Maintain change history logs
  • Provide before/after value tracking
  • Enable rollback functionality

4. Display Analytics

  • Show performance dashboards
  • Generate custom reports
  • Export data in user-requested formats

We DO NOT

  • Share your Google Ads data with third parties
  • Sell or resell your advertising data
  • Use your data to train models for other users
  • Aggregate your data with other accounts without explicit permission

Data Storage & Retention

Storage Location

  • Data stored on secure servers in Australia
  • Database: SQLite with encryption at rest
  • AES-256 encryption for sensitive data

Retention Periods

  • Performance Data: 7-day cache, then deleted
  • Audit Logs: 90-day retention, then archived
  • OAuth Tokens: Until access revoked or account deleted
  • Account Data: Until deletion requested

Automatic Deletion

Performance cache is automatically purged every 7 days. Old audit logs are archived after 90 days. We do not retain data indefinitely.

Security & Encryption

Encryption

  • OAuth tokens encrypted at rest (AES-256)
  • All API communications via TLS 1.3
  • Database encryption for sensitive data

Access Controls

  • Role-based access permissions
  • Session timeouts (30 minutes idle)
  • Access logging and monitoring
  • Multi-factor authentication available

Token Security

  • Refresh tokens stored in secure credential vault
  • Never logged or exposed in error messages
  • Automatic rotation where applicable
  • Revocation support via Google Account settings

Incident Response

Security incidents are reported within 72 hours and affected users are notified promptly.

Contact: security@littlebearapps.com

Third-Party Data Sharing

We DO NOT share your Google Ads data with third parties except:

1. Service Providers

  • Hosting infrastructure (secure Australian servers)
  • These providers have data processing agreements
  • They cannot use your data for their own purposes

2. Legal Requirements

  • We may disclose data if required by law, subpoena, or court order
  • We will notify you unless legally prohibited

We NEVER

  • Sell your Google Ads data to advertisers or data brokers
  • Share your performance metrics with competitors
  • Use your data for purposes other than providing SEO Ads Expert services
  • Aggregate your data with other users without explicit opt-in

Your Data Rights (SEO Ads Expert)

Access & Export

Request a copy of all data we've collected about you. Export your performance data and audit logs at any time.

Contact: privacy@littlebearapps.com

Correction

Update your account information anytime. Correct inaccurate data in your profile. Contact us to fix data errors.

Deletion

Request complete account and data deletion. We honor deletion requests within 30 days, including OAuth tokens, performance cache, audit logs, and user data.

Contact: privacy@littlebearapps.com

Portability

Export your data in machine-readable formats (CSV, JSON). Transfer your data to another service via in-app export feature.

Revoke Access

Disconnect your Google Ads account anytime. Revoke OAuth permissions via Google Account settings. Deletes all associated Google Ads data within 7 days.

Opt-Out of Automation

Disable all auto-apply features via kill switch. Opt out of email summaries. Use manual-approval-only mode.

Google Ads API Usage

SEO Ads Expert uses the Google Ads API to read your campaign performance data, apply user-approved optimisations, and track changes for audit and rollback purposes.

API Access

  • Scope requested: https://www.googleapis.com/auth/adwords
  • Access method: OAuth 2.0 with your explicit consent
  • You can revoke access anytime via Google Account settings

Google's Use of Your Data

Our Relationship with Google

We are an independent third-party developer. We are not affiliated with, endorsed by, or sponsored by Google. Google Ads is a trademark of Google LLC.

Questions & Updates

Contact Us

Have questions about this privacy policy or our data practices?

Privacy Inquiries & Data Requests

privacy@littlebearapps.com

Response time: Within 1-2 business days

Security Incidents

security@littlebearapps.com

General Support

help@littlebearapps.com
Send us a message

Policy Updates

We may update this privacy policy from time to time. When we do:

  • Last Updated date will be changed at the top of this page
  • Significant changes will be notified via email (if you've linked an account)
  • Continued use of our services after changes constitutes acceptance
  • You can review the full history of changes by contacting us

Current Version: 2.0

Last update: October 9, 2025