Privacy Policy
This policy describes what data the Ask Ads MCP server — the remote, read-only gateway that connects AI assistants (such as ChatGPT and Claude) to your Yandex Direct account — collects and how it is handled. It applies to this website and the MCP endpoint served on this domain. The main Ask Ads web product at askads.ru has its own privacy policy.
1. Who we are
The service is operated by ALEKSANDR KOVALKO PR BEOGRAD, a sole proprietorship registered in the Republic of Serbia (registration number 68581974, tax ID/PIB 115720536), Dunavski kej 48, 11000 Belgrade, Serbia (the “Operator”, “we”). Contact: support@askads.ru.
2. What we collect
- Yandex account basics received when you sign in with Yandex: account identifier, login, e-mail address, display name and avatar (if Yandex provides them).
- Your Yandex OAuth token, which authorizes read-only access to your Yandex Direct data. It is stored encrypted at rest and is never disclosed to your assistant or any other third party.
- OAuth credentials we issue to your assistant: client registrations, single-use authorization codes and access/refresh tokens. Only SHA-256 hashes of these tokens are stored — the database never contains the tokens themselves.
- Technical logs (timestamps, IP addresses, requested tool names) kept for security, abuse prevention and troubleshooting.
3. What we do not collect
- Advertising data is not stored. Campaigns, statistics and balances are fetched from the Yandex Direct API on each request and passed straight to your assistant without being persisted on our servers.
- We do not see your conversations. What you discuss with your assistant stays between you and the assistant provider; only the specific tool calls it makes reach us.
- No analytics or advertising cookies. This site sets only a transient session cookie during the sign-in flow; the language preference on the landing page is kept in your browser’s local storage and never sent to us.
4. How your data flows
When your assistant requests data, we resolve your stored Yandex token, call the Yandex Direct API in read-only mode and return the result to the assistant. Data retrieved this way is then processed by your assistant provider (for example OpenAI or Anthropic) under its own privacy policy — please review it as well. Your Yandex token itself never leaves our server.
5. Hosting and sub-processors
The gateway runs on servers hosted with Hetzner (EU). The encrypted token vault is stored in a managed Yandex Cloud database. All connections use TLS in transit.
6. Retention
- Your encrypted Yandex token — until you disconnect the app or revoke access.
- Tokens issued to your assistant — until they expire (access tokens within hours, refresh tokens within 30 days) or are revoked.
- Technical logs — for a limited period required for security and operations.
7. Your rights and choices
- Disconnect the app in your assistant’s settings at any time.
- Revoke the gateway’s access in your Yandex account settings (id.yandex.ru → data access) — the stored token becomes useless immediately.
- Request access to, correction of, or deletion of the records we hold about you by e-mailing support@askads.ru. We honour the rights granted by the applicable data protection law of the Republic of Serbia.
8. Changes
We may update this policy from time to time; the current version is always published on this page with the date above.
9. Operator details
Registration number: 68581974 · Tax ID (PIB): 115720536
Dunavski kej 48, 11000 Belgrade (Stari Grad), Serbia
E-mail: support@askads.ru