Privacy policy
Effective July 2026
How the Purple Girafa marketing tooling handles data, and what happens to information it receives from Google APIs.
Purple Girafa is the independent software studio of Vitor Garbim (this site, vitorgarbim.me). This policy covers the Purple Girafa Marketing Automation Suite, an internal tool the studio uses to report on and manage its own advertising, analytics, and search accounts.
The tool is single operator and single tenant. It is not a public product, is not resold, and has no external users or sign ups. If you have a question about anything here, reach out at [email protected].
What data the tool accesses
The tool authenticates with Google using OAuth 2.0 and the studio's own Google account, which owns the linked advertising accounts. Through Google APIs it reads, and where the operator directs, updates data for accounts the studio owns and operates.
- Google Ads: campaign, ad group, keyword, search term, and conversion data, plus the settings needed to manage those campaigns.
- Google Analytics and Search Console: aggregate traffic, search, and performance reporting for the studio's own web properties.
- OAuth tokens issued by Google so the tool can act on the operator's behalf against the studio's own accounts.
How that data is used
Data is used for one purpose only: to let the operator report on and manage the studio's own accounts from a single place. It is never sold, rented, or shared with third parties, and it is never used to build advertising profiles of other people.
The tool does not use Google user data to train generalized or standalone artificial intelligence or machine learning models.
Google API Services user data policy
Purple Girafa's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Storage and security
OAuth credentials and API tokens are stored encrypted in a private, self hosted secrets vault. They are never committed to source control, printed in logs, or shared. The tool runs on the studio's own access controlled infrastructure and is not exposed to the public internet.
Retention and revocation
Reporting data is fetched on demand and is not retained beyond what is needed to render a report or complete a requested change. Access granted to the tool can be revoked at any time from the Google account's third party access settings, which immediately cuts off the tool's ability to reach any account data.
This website
Separately from the tool above, this website (vitorgarbim.me) may use privacy respecting, cookieless analytics to understand aggregate traffic. It does not use tracking cookies, does not sell visitor data, and does not build advertising profiles. The contact form is protected by a human check and delivers messages directly to the studio.
Changes and contact
This policy may be updated as the tooling evolves; the effective date above reflects the latest version. For any question about data handling, or to request that data be deleted, contact [email protected].