Last updated: June 1, 2026
This Privacy Policy explains how GooseCabbage ("we", "us") collects, uses, and shares information when you use our website and services. By using the service, you agree to the practices described here.
GooseCabbage AI LLC ("GooseCabbage", "we", "us") provides AI agents that discover, simulate, deploy, and optimize Google Ads campaigns. Customers — including businesses and the agencies that manage them — connect their own Google Ads and Google Analytics accounts and authorize our agents to operate campaigns on their behalf within the guardrails they configure. This policy explains what we collect, how we use it, and the choices you have.
Information you provide. Your name and email (via our authentication provider), your business profile (company name, website, industry, target audience, conversion goal), materials and promotional ideas you submit, campaign settings such as budget caps and exploration preferences, billing details collected by our payment processor, and the content of messages you send to support or to our agents.
Information we receive from Google. When you connect a Google Ads or Google Analytics account, we receive, with your authorization, the accounts you can access; account metadata (name, currency, time zone); campaign structure (ad groups, ads, keywords, bids, statuses); performance and analytics metrics (impressions, clicks, spend, conversions, and similar); and the email and basic profile of the Google account you connect, used only to identify the linked account.
Information collected automatically. Product-usage events, IP address, device and browser type, and error and performance data used to operate, secure, and debug the service.
The personas our Pre-Flight Simulator scores ads against are synthetic — AI-generated profiles derived from your business inputs and market data. They are not real individuals, and simulation results do not involve the personal information of actual people.
We use your information to operate and improve the service: authenticating you, running Business Discovery and simulations, generating recommendations, and creating, deploying, and optimizing campaigns on your behalf within the guardrails you set and subject to your approval for higher-impact changes. We also use it to process payments, provide support, send service-related communications, and protect against fraud and abuse.
We do not sell your personal information for money, and we do not use the data we receive from Google APIs to train general-purpose AI models. Connected advertising and analytics data is used solely to deliver the features you enable. (For how advertising technologies on our marketing site are treated under U.S. state privacy laws, see "Your rights and choices.")
GooseCabbage's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request only the scopes needed to operate the service (Google Ads and Google Analytics access, plus basic identity), and we use Google user data only to provide and improve the user-facing features that are prominent in the application.
We do not transfer Google user data to others for advertising or other unrelated purposes, we do not use it to train generalized AI models, and we do not allow humans to read it except with your consent, for security, to comply with law, or in aggregated and anonymized form. You can revoke our access at any time from within the service or from your Google account settings.
We share information with service providers who process data on our behalf — including cloud hosting and storage, our authentication provider, our payment processor, the AI model providers that power our agents, a web-search provider used to ground our agents' research, transactional email, and error monitoring (which may include masked session replays used only to debug issues) — each bound to use it only to provide their service to us. We share data with Google when executing the actions you authorize on your connected accounts. We may disclose information when required by law or to protect our rights and users, and information may transfer as part of a merger or acquisition. On our marketing site we may also share limited identifiers with advertising and analytics providers as described under "Cookies, analytics, and advertising technologies." We do not sell your personal information for money.
We retain account data, campaign metadata, and agent decision history for the life of your account so you can audit the service's actions, and we retain billing records as required by law. Google OAuth tokens are kept until you disconnect or delete your account, and performance metrics cached from Google are kept only briefly for in-app display. When you delete your account, we delete or anonymize your information within 30 days, except where we must retain it by law.
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of California and other U.S. states with comprehensive privacy laws, and users in the EEA, UK, and Switzerland, have these rights; we honor them for users worldwide. To exercise them, contact us using the details below, or disconnect Google access from within the service to immediately stop further processing of Google data.
Opt out of "sale" or "sharing" for advertising. We do not sell your personal information for money. However, the advertising technologies on our marketing site (see "Cookies, analytics, and advertising technologies") may be considered a "sale" or "sharing" of personal information for cross-context behavioral advertising under California (CPRA) and similar U.S. state laws. You can opt out at any time by rejecting non-essential cookies in the consent banner, using the "Your Privacy Choices" link in the footer, or by enabling a Global Privacy Control (GPC) signal in your browser, which we treat as a valid opt-out request. We will not discriminate against you for exercising your rights.
EEA, UK, and Switzerland. Where the GDPR or UK GDPR applies, our legal basis for processing is the performance of our contract with you, your consent (which you can withdraw at any time), or our legitimate interests in operating, securing, and improving the service. Non-essential cookies on our marketing site are set only after you consent. You may also lodge a complaint with your local data protection authority.
Inside the GooseCabbage application (the signed-in product) we use only strictly necessary cookies and local storage — to keep you signed in, protect against cross-site request forgery, and remember your preferences. The application itself does not use advertising cookies.
Our public marketing website — the pages you can browse without signing in — may additionally use analytics and advertising technologies to measure traffic and the performance of our marketing. When enabled, these can include Google Analytics, Google Ads, and Google Tag Manager, advertising pixels or tags from Meta, LinkedIn, Microsoft (Bing), TikTok, Reddit, and X, and Microsoft Clarity for aggregated heatmaps and session replay. Several of these set their own cookies and may receive identifiers such as your IP address, device information, and ad click IDs to measure and improve advertising.
Where required, we ask for your consent before setting non-essential cookies and run our tags in a consent-aware mode until you choose. You can accept, reject, or customize non-essential cookies in the consent banner, change your decision at any time using the "Your Privacy Choices" link in the website footer, and we honor browser opt-out signals such as Global Privacy Control (GPC).
We use administrative, technical, and physical safeguards designed to protect your information, including encryption of traffic in transit, encryption of OAuth tokens at rest, per-tenant data isolation, and limited, logged access to production systems. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; if a breach affects your data, we will notify you as required by law.
The service is intended for businesses and adults. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact us and we will delete it.
GooseCabbage is operated from the United States. If you access the service from elsewhere, your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your jurisdiction. By using the service you consent to that transfer.
We may update this Privacy Policy from time to time. When we make material changes we will update the "last updated" date above and, where appropriate, notify you through the service or by email.
If you have questions about this Privacy Policy or our data practices, contact us at legal@goosecabbage.com.
