Privacy Policy

Last updated: 18 May 2026

This Privacy Policy explains how FiftyMetrics ("we", "us", or "our") collects, uses, and shares information when you use our service at fiftymetrics.com and dashboard.fiftymetrics.com (collectively, the "Service"). By using the Service you agree to the terms of this policy.

1. Information we collect

Account information

When you create an account we collect your email address, name, and (optionally) your company name. If you sign in with Google, we receive your name, email, and Google profile photo URL from Google.

API credentials for connected platforms

When you connect a third-party platform (such as Stripe, Meta Ads, Google Analytics, TikTok, YouTube, or others), you provide us with the authentication credentials needed to read your data — typically API keys, OAuth refresh tokens, account IDs, and similar values. We store these credentials encrypted at rest using AES-256-GCM. They are decrypted only in memory while we make API calls on your behalf.

Data fetched from connected platforms

To generate your reports, we fetch metrics from the platforms you connect. This may include advertising spend and performance, sales and revenue, traffic and engagement statistics, and similar business metrics. We do not fetch personally identifiable information about your end customers — we work with aggregated and anonymized business metrics.

Service usage data

We collect basic usage data: IP addresses, browser user-agent, timestamps of requests, and error logs. This is used for security, debugging, and capacity planning.

2. How we use information

• Generate AI-powered analytics reports ("FiftyInsights™") summarizing your business performance.
• Display dashboards showing your metrics from the platforms you've connected.
• Deliver reports via the dashboard, email, and (optionally) Telegram.
• Provide customer support and respond to your questions.
• Bill you for the subscription and process payments via Stripe.
• Improve and secure the Service.

3. AI processing

To generate insights, we send a structured summary of your business metrics to Anthropic's Claude API. This data may include aggregated revenue, ad spend, engagement metrics, and trend comparisons. Anthropic does not train its models on our API traffic by default and processes the data per its commercial Terms of Service. We do not send your raw API credentials, customer-level data, or personally identifiable information to Anthropic.

4. Third-party services we use

• Anthropic — AI report generation (Claude API).
• OpenAI — voice-to-text transcription (Whisper API) when you use the microphone in FiftyAgent™.
• Stripe — payment processing for FiftyMetrics subscriptions.
• DigitalOcean — server and database hosting.
• Let's Encrypt — SSL/TLS certificates.
• Google — OAuth-based sign-in (if you choose).
• ImprovMX — incoming email forwarding for our contact addresses.
• Microsoft Clarity — anonymous, aggregated website analytics and session-replay used by us to understand how visitors and customers interact with our site so we can improve usability and fix bugs. See section 6 below for details.

Each provider has its own privacy practices. The platforms you choose to connect (Meta, Google Analytics, TikTok, YouTube, Stripe, etc.) also have their own terms — your use of them remains governed by their policies.

5. Per-platform OAuth integrations — explicit data scopes

This section explains, for each OAuth integration FiftyMetrics offers, the exact name of the application shown to you on the provider's consent screen, the permissions it requests, the data it reads on your behalf, what we do with that data, and what we do not do with it. Each integration below is described as a standalone disclosure so that reviewers and end users can read it in isolation.

5.1 Google OAuth — application name "FiftyMetrics"

The application name shown on Google's authorization screen is FiftyMetrics. When you click "Connect with Google" inside the FiftyMetrics Integrations page, you are redirected to Google's OAuth 2.0 authorization server (accounts.google.com). After you authenticate, Google asks you to grant the following OAuth scopes to FiftyMetrics:

• openid and https://www.googleapis.com/auth/userinfo.email — used to identify you and create or sign you into your FiftyMetrics account.
• https://www.googleapis.com/auth/analytics.readonly — read-only access to the Google Analytics 4 properties you own or have access to.
• https://www.googleapis.com/auth/webmasters.readonly — read-only access to the Google Search Console properties you own or have access to.
• https://www.googleapis.com/auth/youtube.readonly — read-only access to YouTube channel metadata (channel name, video list, public statistics).
• https://www.googleapis.com/auth/yt-analytics.readonly — read-only access to YouTube Analytics (views, watch time, subscriber changes per period).
• https://www.googleapis.com/auth/adwords — read-only access to Google Ads campaign structure and performance data.

What we read with these scopes: your email address, name, and profile photo URL; aggregated Google Analytics 4 metrics (sessions, active users, page views, traffic sources, conversions, revenue); Search Console performance (clicks, impressions, CTR, average position, top queries, top landing pages); YouTube channel-level statistics and per-video aggregated metrics; Google Ads spend, impressions, clicks, conversions, and campaign settings. We store Google's OAuth refresh token encrypted at rest (AES-256-GCM) so that we can renew access tokens without prompting you again.

What we do with it: render it inside your FiftyMetrics dashboard, include aggregated summaries in FiftyInsights™ reports, and log a small amount of metadata (timestamps, success/failure of each API call) for debugging.

What we explicitly do not do: we never write, modify, edit, or delete anything in your Google accounts. We do not access Gmail, Drive, Calendar, Contacts, YouTube comments, YouTube viewer identities, or any data outside the read-only scopes listed above. We do not sell or share Google data with advertisers or other third parties.

How to revoke: at any time, click "Disconnect" next to Google inside the FiftyMetrics Integrations page, or revoke FiftyMetrics directly at https://myaccount.google.com/permissions.

Google API Services User Data Policy — Limited Use compliance. FiftyMetrics' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the FiftyMetrics dashboarding, FiftyInsights™ reports, and FiftyAgent™ chat features described in this section. We do not use this data for any other purpose.
• We do not transfer Google user data to third parties except (a) as necessary to provide or improve the user-facing features above (for example, ephemeral processing by Anthropic's Claude API for AI summaries, with no model training, as described in section 3.4), (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) as part of a merger or acquisition in which the same Limited Use restrictions continue to apply.
• We do not use Google user data to serve advertisements, including retargeting, personalized advertising, or interest-based advertising of any kind.
• We do not allow humans to read Google user data, except (a) with your explicit prior consent for specific data points, (b) for security investigations or to detect, prevent, or otherwise address fraud or abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operational purposes.
• We do not use Google user data to develop, train, fine-tune, or improve generalized or non-personalized AI / ML models. The Anthropic Claude API used by FiftyInsights™ and FiftyAgent™ processes data ephemerally and does not train on FiftyMetrics traffic (see section 3.4).

Data retention for Google data. Your Google OAuth refresh token and the encrypted credential blob are stored only while you have an active FiftyMetrics subscription and an active Google integration. When you click "Disconnect" next to Google on the Integrations page, the encrypted credentials are deleted from our database immediately. Aggregated metric snapshots derived from Google APIs (cached counts, daily series, top-entity tables) are retained for the lifetime of your subscription so that historical trends remain visible in your dashboard; they are permanently deleted within 30 days of account closure. You may request immediate deletion of all your data at any time via our Cookies · Data Deletion · Cookie preferences page.

5.2 Meta OAuth — application name "FiftyMetrics" (Meta App ID 1647323656321476)

The application name shown on Facebook's authorization screen is FiftyMetrics. We use Facebook Login for Business with a fixed Configuration ID. When you click "Connect with Meta" inside the FiftyMetrics Integrations page, you are redirected to Facebook (facebook.com) to authorize FiftyMetrics. Our Business Login configuration requests the following permissions:

• public_profile and email — auto-granted by Facebook Login for Business to identify the connecting Facebook user.
• business_management — list the Meta Business accounts you have access to so we can locate your linked ad account / Pages.
• ads_read — read ad-account-level insights (spend, impressions, clicks, reach, frequency, conversions).
• ads_management — read campaign, ad set, and ad structure and settings. We use this read-only in practice — FiftyMetrics does not toggle, pause, budget-edit, or otherwise modify any Meta Ads object.
• pages_show_list — list the Facebook Pages you administer.
• pages_read_engagement — read posts, post-level impressions, engagement, and reactions on Pages you administer.
• pages_manage_ads — read the Page → ad-account link required to fetch Page-level ad insights. We use this read-only.
• instagram_basic — read the linked Instagram Business account profile (followers, media count, username, name).
• instagram_manage_insights — read aggregated insights for the linked Instagram Business account and its recent media.

What we read with these scopes: aggregated Meta Ads performance (spend, impressions, clicks, CTR, reach, frequency, placement breakdown, top campaigns and ad sets); your Facebook Page profile (fan count, follower count, category, name) along with the most recent Page posts and their public engagement metrics (impressions, reactions, engaged users); the linked Instagram Business profile (handle, followers, media count) and the most recent media items with their public engagement metrics (likes, comments, reach). We store the long-lived Meta access token encrypted at rest (AES-256-GCM).

What we do with it: render it inside your FiftyMetrics dashboard, include aggregated summaries in FiftyInsights™ reports, and log a small amount of metadata (timestamps, success/failure of each API call) for debugging.

What we explicitly do not do: we do not write, edit, post, schedule, comment, message, like, react to, or delete anything via the Meta Graph API or Instagram Graph API. We do not access Facebook or Instagram private messages, inboxes, or direct messages. We do not read any end-customer personally identifiable information. We do not sell or share Meta or Instagram data with third-party advertisers or marketers outside what is required to operate the Service.

How to revoke: at any time, click "Disconnect" next to Meta inside the FiftyMetrics Integrations page, or revoke FiftyMetrics directly from Facebook → Settings & Privacy → Settings → Business Integrations (or at facebook.com/settings?tab=business_tools).

5.3 TikTok OAuth — application name "FiftyMetrics" (TikTok Login Kit, Client Key awvc521zw1fj4t8z)

The application name shown on TikTok's authorization screen is FiftyMetrics. The app is registered at developers.tiktok.com and uses TikTok Login Kit. When you click "Connect with TikTok" inside the FiftyMetrics Integrations page, you are redirected to tiktok.com to authorize FiftyMetrics. The following scopes are requested:

• user.info.basic — read your TikTok open_id and union_id (anonymized account identifiers).
• user.info.profile — read your public profile fields (display name, bio description, profile photo URL, profile deep link, verified status).
• user.info.stats — read your aggregated counts: follower count, following count, total likes received, and total video count.
• video.list — read the list of your public videos and their per-video aggregated stats (views, likes, comments, shares, duration, cover image URL, share URL, upload timestamp).

What we read with these scopes: your public TikTok profile and lifetime stats, plus up to the 20 most recent of your own public videos with their cover image, caption / description, and aggregated public engagement metrics. We store the TikTok access token (24-hour validity) and refresh token (one-year validity) encrypted at rest (AES-256-GCM) so that we can renew access automatically without prompting you again.

What we do with it: render it inside your FiftyMetrics dashboard, include aggregated summaries in FiftyInsights™ reports, and log a small amount of metadata (timestamps, success/failure of each API call) for debugging.

What we explicitly do not do: we do not post videos, comments, replies, or messages. We do not read TikTok direct messages, private content, drafts, or videos that are not public. We do not access any TikTok account other than the one you explicitly connected. We do not sell or share TikTok data with third-party advertisers or marketers outside what is required to operate the Service.

How to revoke: at any time, click "Disconnect" next to TikTok inside the FiftyMetrics Integrations page. Disconnecting from inside FiftyMetrics also calls TikTok's /v2/oauth/revoke/ endpoint so the grant is removed from TikTok's side and the consent screen re-appears on the next reconnect. You can also revoke FiftyMetrics directly at tiktok.com/setting/app-data-authorization.

5.4 TikTok Marketing API OAuth — application name "FiftyMetrics" (TikTok for Business Developers)

The application name shown on TikTok's authorization screen is FiftyMetrics. This integration is separate from the TikTok Login Kit integration described in section 5.3 and is registered at business-api.tiktok.com. It is required to read your TikTok Ads Manager performance data into FiftyMetrics. When you click "Connect with TikTok Ads" inside the FiftyMetrics Integrations page, you are redirected to TikTok Business to authorize FiftyMetrics with the following permissions:

• User Info — read your TikTok for Business user account identifier and display name so we can identify the connecting user.
• Advertiser Info / Ad Account — list the TikTok Ads Manager advertiser accounts you have access to, and read each account's name, currency, status, balance, and timezone.
• Business Center (read-only) — read the Business Center(s) you have access to, so we can locate the advertiser accounts linked under them.
• Campaign Management (read-only) — read campaign, ad group, and ad structure: name, status, objective, budget, bid strategy, optimization goal, start/end times. We do not modify any of these via the Marketing API.
• Reporting / Insights — read aggregated performance reports at advertiser, campaign, ad group, and ad level: spend, impressions, clicks, CTR, CPC, CPM, conversions, conversion value, video views, watch time, and breakdowns by placement, country, age, gender, and creative type.
• Audience (read-only) — read the names, sizes, and types of the custom and lookalike audiences attached to your advertiser account, so we can show which audiences your campaigns are targeting. We do not read individual audience member data and we cannot upload, modify, or delete audiences.
• Creative Insights (read-only) — read aggregated performance of your ad creatives (titles, thumbnails, video URLs, per-creative metrics) so we can show which creatives perform best.

What we read with these scopes: aggregated TikTok Ads performance (spend, impressions, clicks, CTR, CPM, CPC, conversion events and values, ROAS) at advertiser-account, campaign, ad-group, and ad level; the structure and settings of your campaigns, ad groups, and ads; placement, geo, age, gender, and creative-type breakdowns; the names and sizes of audiences attached to your advertiser account; and the public metadata of your ad creatives (titles, thumbnails, video URLs, per-creative metrics). We store the TikTok Marketing API access token and refresh token encrypted at rest (AES-256-GCM) so that we can renew access automatically without prompting you again.

What we do with it: render it inside your FiftyMetrics dashboard (Meta Ads / Google Ads / TikTok Ads side-by-side comparison, conversion funnel, top-performing campaigns and creatives), include aggregated summaries in FiftyInsights™ reports and FiftyAgent™ chat responses, and log a small amount of metadata (timestamps, success/failure of each API call) for debugging.

What we explicitly do not do: we never create, edit, pause, resume, duplicate, archive, or delete campaigns, ad groups, ads, or creatives via the Marketing API. We never modify budgets, bids, targeting, or audiences. We do not upload custom audiences or contact lists. We do not access end-customer personally identifiable information (email addresses, phone numbers, or any other identifiers of people who interacted with your ads). We do not sell or share TikTok Ads data with third-party advertisers or marketers outside what is required to operate the Service. Our access is strictly read-only insights for the purpose of dashboarding and analysis.

How to revoke: at any time, click "Disconnect" next to TikTok Ads inside the FiftyMetrics Integrations page. You can also revoke FiftyMetrics directly from inside TikTok Ads Manager → Business Settings → Apps (or by deleting the FiftyMetrics app from your Business Center's authorized-app list).

5.5 LinkedIn OAuth — application name "FiftyMetrics" (LinkedIn Client ID 77nhvmgkxj9jhg)

The application name shown on LinkedIn's authorization screen is FiftyMetrics. The app is registered at developer.linkedin.com and uses LinkedIn's OAuth 2.0 implementation. When you click "Connect LinkedIn" inside the FiftyMetrics Integrations page, you are redirected to linkedin.com to authorize FiftyMetrics. The following scopes are requested:

• openid — OpenID Connect subject identifier so we can identify you as a returning user across sessions.
• profile — your LinkedIn first name, last name, locale, and profile photo URL.
• email — the primary email address associated with your LinkedIn account.
• r_ads — read-only access to the LinkedIn Ads accounts your LinkedIn user has access to (account name, type, currency, status, test-account flag).
• r_ads_reporting — read-only access to your LinkedIn Ads performance data: impressions, clicks, spend, CTR, CPC, CPM, video views, video completions, conversions, lead-generation form fills, and engagement metrics (likes, comments, shares, follows, reactions) at account and campaign level.

What we read with these scopes: your LinkedIn identity (name, primary email, profile photo URL, locale); the list of LinkedIn Ads accounts your LinkedIn user has access to and each account's metadata; aggregated LinkedIn Ads performance metrics (spend, impressions, clicks, conversions, leads, video views, watch time, engagement) at account and campaign level over the selected date range. We store the LinkedIn OAuth access token (60-day validity) and refresh token (when granted) encrypted at rest using AES-256-GCM so that we can renew access without prompting you again.

What we do with it: render it inside your FiftyMetrics dashboard (LinkedIn Ads block alongside Meta Ads, Google Ads, and TikTok Ads for cross-channel comparison; authenticated LinkedIn identity on the LinkedIn Ads detail page), include aggregated summaries in FiftyInsights™ reports and FiftyAgent™ chat responses, and log a small amount of metadata (timestamps, success/failure of each API call) for debugging.

What we explicitly do not do: we never create, edit, pause, resume, archive, or delete campaigns, ad groups, ads, or creatives via the LinkedIn Marketing API. We never modify budgets, bids, audiences, or targeting. We do not post on your behalf or on your organization's behalf, send connection invitations, send messages, react, comment, or otherwise interact with LinkedIn members. We do not access your LinkedIn connections list, messaging, feed, or any data outside the read-only scopes listed above. We do not read end-customer personally identifiable information about people who interacted with your ads. We do not sell or share LinkedIn data with third-party advertisers or marketers outside what is required to operate the Service.

How to revoke: at any time, click "Disconnect" next to LinkedIn inside the FiftyMetrics Integrations page. You can also revoke FiftyMetrics directly at linkedin.com/psettings/permitted-services.

6. Cookies, local storage, and analytics

Local storage (first-party). We use browser localStorage to store your authentication token (JWT) so you stay signed in across page loads, and to remember UI preferences like your selected date range.

Microsoft Clarity (third-party analytics and session replay). We use Microsoft Clarity (operated by Microsoft Corporation) on both fiftymetrics.com and dashboard.fiftymetrics.com to understand aggregate, anonymous usage of our website and dashboard — page views, click locations, scroll behaviour, time on page, and replays of typical user journeys. Clarity helps us identify usability problems and bugs we cannot see in our backend logs. Clarity sets first-party cookies (such as _clck and _clsk) and may transmit visitor IP addresses to Microsoft as part of standard web analytics. Clarity automatically masks sensitive form inputs (passwords, payment fields). We do not link Clarity recordings to your FiftyMetrics account identity, and we do not use Clarity for advertising. Microsoft's processing is governed by their Clarity privacy documentation and the Microsoft Privacy Statement.

How to opt out of Clarity. You can opt out by enabling "Do Not Track" or "Global Privacy Control" in your browser, by installing a privacy extension that blocks clarity.ms, or by clearing the _clck / _clsk cookies for our domain. We will add a cookie-consent banner before any production launch in jurisdictions that require opt-in consent (e.g. EEA, UK).

We do not use third-party advertising cookies, retargeting pixels, or any tracking technology that links your visit to advertising networks.

7. Sharing your information

We do not sell your personal information. We share data only with the third-party processors listed above, only to the extent necessary to provide the Service. We may disclose information if required by law, subpoena, or court order, or to protect our rights and the safety of our users.

8. Data security

We protect your data with industry-standard measures: all traffic uses HTTPS; API credentials are encrypted at rest with AES-256-GCM; passwords are hashed with bcrypt; database access is restricted to our application servers. No system is perfectly secure, but we work hard to keep yours safe and will notify you of a breach affecting your account within a reasonable timeframe.

9. Data retention

We retain your account and report history while your subscription is active. If you cancel, we keep your data for up to 30 days to allow restoration, then delete it. You can request immediate deletion at any time by emailing info@fiftymetrics.com.

10. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction or deletion of your data.
• Export your data in a portable format.
• Withdraw consent for processing.
• Lodge a complaint with a data protection authority (EEA / UK).

To exercise any of these rights, contact us at info@fiftymetrics.com.

11. Children

FiftyMetrics is intended for business use and is not directed to anyone under 16. We do not knowingly collect information from children.

12. International data transfers

Our servers are located in the European Union (Frankfurt). If you access the Service from outside the EU, your information will be transferred to and processed in the EU. For our third-party processors (Anthropic, Stripe, Google), data may be transferred to and processed in the United States or other jurisdictions.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll change the "Last updated" date above and, for material changes, notify you by email or via the dashboard. Continued use of the Service after changes means you accept the updated policy.

14. Contact us

If you have any questions about this Privacy Policy or our data practices:

SC FISKAL MANAGEMENT SRL
Bucharest, Romania
info@fiftymetrics.com
+1 680 219 6420