ClaudConnectData Storage & Security
Exactly what we store, how we protect it, and what we never touch.
check_circle What we store
Email address — For login and identification. Plain text.
Hashed password — bcrypt (cost 12). Your actual password is never stored.
Google OAuth refresh token — AES-256-CBC encrypted. Used to request access tokens from Google.
Meta access token — AES-256-CBC encrypted. System User tokens never expire.
Monthly query count — A single integer. Resets on the 1st of each month.
Session cookie — Temporary, HttpOnly, Secure. 24-hour expiry.
block What we never store
check_circleCampaign names, ad creative, or keyword lists
check_circleImpression, click, conversion, or spend data
check_circleVideo thumbnails, ad images, or creative content
check_circleAudience lists or targeting configurations
check_circleAny data returned by Google Ads or Meta API responses
check_circleYour Claude conversation content
All campaign data flows directly from Google/Meta APIs to Claude in real time. Our server is an authenticated proxy — data never persists.
lock Encryption standard
Algorithm
AES-256-CBC
Key length
256 bits
IV
Random 128-bit per encryption
Passwords
bcrypt cost 12
Transport
TLS 1.2+
File permissions
chmod 600
Questions? privacy@claudconnect.com