Privacy Policy

Effective date: 2026-05-27 · Last reviewed: 2026-05-27 · Operator: NEXLESS LP / Nexless HD Agency

1. Scope

This policy describes how the Nexless Marketing Engine ("the Engine") — an internal MCP-based platform operated by NEXLESS LP for Nexless HD Agency — handles data. The Engine is internal-facing: it is used by Nexless HD Agency operators to manage Google Ads, Analytics, Search Console, Merchant Center, Tag Manager, YouTube, Workspace, Firebase, GCP, and Business Profile surfaces on behalf of Nexless HD Agency clients. It is not a customer-facing application; agency clients do not authenticate to the Engine.

2. Data we access (and why)

The Engine accesses Google API data only via authorized OAuth scopes granted by the operator. The following categories are reachable, by surface:

Google Ads — Customer (account) metadata, campaign/ad-group/keyword configuration, performance metrics. Used to provision and optimize agency-managed campaigns.
Analytics (GA4) — Property metadata + aggregated session/event metrics on properties the operator has been granted access to. Read-only.
Search Console — Verified property list, aggregated search-performance data, URL-inspection results. Read-only.
Merchant Center — Product feed, account status, Ads-account linkage state. Read + write for agency-managed accounts.
Tag Manager — Account, container, workspace, tag, trigger configuration. Read + write within agency-managed containers.
YouTube — Channel metadata, video metadata, channel analytics (impressions/views/watch time). Read-only.
Workspace — Drive file metadata (read), Gmail message-ID metadata (read), Calendar event metadata (read), Sheets values (read + write). Gmail body content is NOT accessed; the Engine holds gmail.send only.
Firebase — Project metadata and Remote Config values for agency-managed Firebase projects.
GCP — Project / service / IAM-binding metadata via gcloud subprocess. Read by default; mutations require operator confirmation.
Business Profile — Location metadata + public reviews for agency-managed listings.

3. Data we do NOT collect

End-user personal data from agency clients' websites (the Engine does not deploy beacons or trackers on agency client properties; that role belongs to Google's own tags installed via Tag Manager).
Gmail message bodies, IMAP/POP3 content, attachments.
Payment card data or billing instrument details.
Government-issued identifiers (passport, SIN, SSN, etc.).
Health, sensitive demographic, or special-category data as defined under GDPR Art. 9 or applicable Canadian privacy law.
Browsing or device fingerprinting telemetry from operators.

4. Storage & security

OAuth refresh tokens are stored at rest in an encrypted-on-disk YAML vault (paperclip-config/credentials/vault.yaml) with filesystem permissions 0600. The vault directory is excluded from version control by .gitignore.

Access tokens (1-hour TTL) are held in process memory only; never written to disk; never logged.

Audit trail — every mutation invoked via the Engine is logged with: tool name, input hash, safety-tier classification, confirmation token, timestamp, operator identifier. Audit records are stored in an internal MongoDB collection accessible only to NEXLESS LP operators.

Network — all Google API traffic uses HTTPS. The Engine binds to stdio (no network listener) when running locally; remote operator access is gated by a separate authenticated admin console.

5. Data retention & deletion

OAuth refresh tokens: retained until revoked by the operator at myaccount.google.com/permissions or rotated via the credential-onboarding script.
API response payloads: in-process only; not persisted unless the operator explicitly writes them to disk or a Sheet.
Audit records: retained for a minimum of 12 months for operational diagnostics, then archived. Operator can request earlier deletion by emailing the contact below.

6. Sharing & disclosure

The Engine does not share, sell, transfer, or otherwise disclose data accessed via Google APIs to any third party. Data flows are limited to:

The operator's local machine (or controlled NEXLESS LP infrastructure)
Google's own APIs (when calling them)
The internal MongoDB audit log

The Engine is not affiliated with, endorsed by, or sponsored by Google LLC. "Google Ads", "Google Analytics", "Search Console", "YouTube", "Tag Manager", "Merchant Center", "Workspace", "Firebase", "Business Profile", and "Google Cloud Platform" are trademarks of Google LLC.

7. Compliance frameworks

The Engine is built to be compatible with:

Google API Services User Data Policy (including the Limited Use requirements for Workspace and other restricted scopes)
Google Ads API Required Minimum Functionality (RMF) — see the Compliance section on the home page
PIPEDA (Canada) — applicable to NEXLESS LP as a Canadian entity
Quebec Law 25 (Loi modernisant des dispositions législatives en matière de protection des renseignements personnels) — applicable as NEXLESS LP is registered in Quebec
GDPR principles (data minimization, purpose limitation, security of processing) — applicable where agency clients are EU-based

8. Rights of agency clients

Where the Engine processes data on behalf of an agency client whose Google account is managed under our MCC, that client retains all rights granted by the underlying Google API terms — including the right to revoke MCC access at any time via their own Google Ads UI. Doing so disconnects the Engine immediately and irrevocably.

9. Changes to this policy

Material changes will be reflected in the "Effective date" above. The current version is always available at nexlessmedia.com/privacy.html.

10. Contact

Privacy questions, deletion requests, or compliance inquiries:

Daniel Shamir
NEXLESS LP
Email: dshamir@blucap.ca