Privacy Policy
Last updated: 29 March 2026
FunnelGap ("we", "us", "our") operates the website funnelgap.com and provides landing page intelligence services. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Bundesdatenschutzgesetz (BDSG), and the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG).
1. Data Controller
The data controller responsible for data processing on this website is:
Rejne Rittel UG (haftungsbeschränkt)
Glogauer Str. 19, 10999 Berlin
Email: privacy@funnelgap.com
2. Data We Collect
2.1 Account Data
When you create an account, we collect:
- Email address (for authentication and communication)
- Display name (optional)
- Organisation name (for workspace management)
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.2 Google Ads Data (OAuth Integration)
When you connect your Google Ads account, we request access to read your campaign data through Google's OAuth 2.0 authorization flow. We access:
- Campaign names, status, and performance metrics (impressions, clicks, cost, conversions)
- Ad group names and keyword data (including Quality Score)
- Ad headlines, descriptions, and pin positions (RSA assets)
- Landing page URLs associated with your campaigns
- Landing page experience ratings
We do NOT:
- Modify, create, or delete any data in your Google Ads account
- Access your billing or payment information in Google Ads
- Share your Google Ads data with any third party
- Use your Google Ads data for advertising purposes
- Retain your data after you disconnect your account or delete your FunnelGap account
Storage: Your Google Ads OAuth tokens (access token and refresh token) are stored encrypted in our database (Supabase). Campaign data retrieved via the API is processed in memory during analysis and stored only when you explicitly save a report.
Legal basis: Art. 6(1)(a) GDPR — your explicit consent via the OAuth authorization flow.
Revocation: You can disconnect your Google Ads account at any time from your FunnelGap dashboard. You can also revoke access from your Google Account permissions page. Upon disconnection, we delete your OAuth tokens and any cached campaign data within 24 hours.
2.3 Google API Services — Limited Use Disclosure
FunnelGap's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google Ads data to provide and improve FunnelGap's ad-to-page alignment analysis
- We do not sell, rent, or share Google Ads data with third parties
- We do not use Google Ads data for serving advertisements
- We do not use Google Ads data to build user profiles for purposes unrelated to FunnelGap's functionality
- Human access to Google Ads data is limited to debugging and support, with your consent
2.4 CSV Upload Data
When you upload Google Ads, Meta Ads, or CRM CSV reports, the files are processed in your browser (client-side parsing) and then sent to our API for analysis. We store:
- Parsed campaign metrics (not the raw CSV files)
- Analysis results (alignment scores, heatmap data, waste estimates)
- Saved reports (only when you explicitly click "Save Report")
Uploaded CSV files are not stored on our servers. Processing happens in-memory during the API request.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.5 CRM Pipeline Data
When you upload HubSpot or Salesforce CSV exports, we process contact lifecycle stages, deal amounts, and campaign attribution data. We do NOT store individual contact emails, names, or phone numbers from your CRM export — only aggregated pipeline metrics (lead count, MQL count, pipeline value per campaign).
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
2.6 Landing Page Data
When you submit a URL for audit, we fetch the publicly accessible HTML of that page. We analyse the content structure, tracking setup, and performance. We do not access any authenticated or private pages. The fetched HTML is processed in-memory and not permanently stored.
2.7 Usage and Analytics Data
We collect anonymous usage data to improve our service:
- Google Analytics 4 (GA4): Page views, feature usage, session data. Measurement ID: [to be added]. IP anonymization enabled. Data retention: 14 months.
- Meta Pixel: Conversion tracking for our marketing campaigns. Pixel ID: [to be added]. Used for measuring ad performance on Meta platforms.
- Vercel Analytics: Page performance and Web Vitals data.
Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving our service.
2.8 Payment Data
Payments are processed by Stripe Inc. We do not store your credit card details. Stripe processes payments in compliance with PCI DSS Level 1. We store only your Stripe customer ID and subscription status.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
3. Cookies and Consent
We use the following cookies:
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| fg_beta | Beta access gate | 30 days | Essential |
| sb-* | Supabase authentication | Session | Essential |
| _ga, _ga_* | Google Analytics | 2 years | Analytics |
| _fbp | Meta Pixel | 3 months | Marketing |
Essential cookies are required for the service to function. Analytics and marketing cookies are only set with your consent via our cookie banner.
4. Data Processing Agreements
We use the following sub-processors:
| Provider | Purpose | Location | DPA |
|---|---|---|---|
| Supabase Inc. | Database, authentication | EU (Frankfurt) | Yes |
| Vercel Inc. | Hosting, edge functions | EU (Frankfurt) | Yes |
| Stripe Inc. | Payment processing | EU/US (SCCs) | Yes |
| Google LLC | Analytics, Ads API, PageSpeed | EU/US (DPF) | Yes |
| Meta Platforms | Pixel tracking | EU/US (DPF) | Yes |
5. Data Retention
- Account data: Retained until you delete your account.
- Saved reports: Retained until you delete them or your account.
- Google Ads tokens: Deleted within 24 hours of disconnection.
- CSV upload data: Not stored (processed in-memory only).
- Analytics data: 14 months (GA4), 3 months (Meta Pixel).
- Payment records: 10 years (German tax law, §147 AO).
6. Your Rights (GDPR Articles 15-22)
You have the right to:
- Access (Art. 15): Request a copy of your personal data.
- Rectification (Art. 16): Correct inaccurate data.
- Erasure (Art. 17): Request deletion of your data ("right to be forgotten").
- Restrict processing (Art. 18): Limit how we use your data.
- Data portability (Art. 20): Receive your data in a machine-readable format.
- Object (Art. 21): Object to processing based on legitimate interest.
- Withdraw consent (Art. 7): Withdraw consent at any time (e.g., Google Ads connection).
To exercise any of these rights, contact privacy@funnelgap.com.
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS 1.3), encryption at rest (Supabase), Row Level Security (RLS) on all database tables, OAuth token encryption, and regular security reviews.
8. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. The competent authority is:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Husarenstr. 30, 53117 Bonn
poststelle@bfdi.bund.de
9. Changes
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates when the policy was last revised.
10. Contact
For privacy-related questions: privacy@funnelgap.com
For general inquiries: info@funnelgap.com