Privacy Policy

This Privacy Policy explains how Matchfyre ("Matchfyre", "we", "us") collects, uses, and protects information in connection with the Matchfyre service available at matchfyre.com and app.matchfyre.com (the "Service"). Matchfyre is operated by an individual entrepreneur (entreprise individuelle) registered in France; see our Mentions légales for editor details.

Matchfyre is a tool for freelance and agency advertisers. It personalizes a customer's existing landing pages to match paid-ad search intent, captures the resulting conversions, and shows a cost-per-lead (CPL) / ROI dashboard. We do not build or host our customers' landing pages.

1. Who is the controller

For account and billing data, Matchfyre is the data controller.

For data captured on our customers' landing pages (i.e. data about the customers' own website visitors), Matchfyre acts as a data processor (sub-contractor) on behalf of the customer, who is the controller. The terms of that processing are set out in our Data Processing Addendum.

2. Information we process

a) Account & identity data

When you sign up, our authentication provider (Clerk) processes your name, email address, and authentication metadata. We use this to create your account, workspaces, and roles.

b) Google Ads data (and, later, Microsoft/Bing Ads)

If you connect a Google Ads account, you authorize Matchfyre via Google OAuth (scope https://www.googleapis.com/auth/adwords). We access your Google Ads data on a read-only basis:

• Account structure: campaigns, ad groups, keywords, ad copy, and targeting (geo, language, audiences, campaign type).
• Performance metrics: cost, impressions, and clicks by ad group, keyword and day.

We use this data only to:

1. generate a suggested personalization plan for your landing pages, and
2. compute your real cost-per-lead (CPL) and ROI in the dashboard.

We do not modify your Google Ads account, place bids, change budgets, or take any write action.

Microsoft/Bing Ads integration is not yet available ("coming soon"). When released, the same read-only principles will apply.

c) Landing-page visitor & conversion data (processed on behalf of our customers)

Our JavaScript snippet, when installed by a customer on their landing page, processes:

• URL parameters from the ad click (e.g. gclid, msclkid, adgroupid, targetid, location criteria IDs) used to match search intent and for attribution;
• conversion events: form submissions ("form leads") and clicks on phone links / call buttons ("call clicks"), which we record and label separately and honestly (a call click is not a completed call);
• a first-party cookie set on arrival, read on the customer's confirmation/thank-you page to attribute a conversion (the confirmation-page fallback).

The snippet is designed to be non-blocking: personalization runs locally from URL parameters, and telemetry is sent fire-and-forget (sendBeacon / fetch keepalive). The snippet does not read the content of third-party form iframes; it relies on provider events (e.g. Typeform, HubSpot, Calendly) or the confirmation page.

d) Site & technical data

Standard server/edge logs (IP address, user agent, timestamps) for security and operation, processed by our hosting provider Cloudflare. Our marketing site uses cookieless analytics (see the Cookie Policy).

3. How we use information

• Provide, operate, and secure the Service.
• Generate the AI-assisted personalization plan and compute CPL/ROI.
• Communicate with you about your account and support.
• Comply with legal obligations.

We do not sell personal data, and we do not use Google user data for advertising.

4. Google API Services: Limited Use disclosure

Matchfyre's use and transfer to any other app of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained from Google Ads is used only to provide and improve user-facing features of the Service (the personalization plan and the CPL/ROI dashboard); it is not sold, not used for advertising, not transferred to third parties except as necessary to provide the Service or for security/legal reasons, and not used to train generalized AI/ML models.

Matchfyre generates the personalization plan using Anthropic (Claude) as an AI sub-processor. Where account-structure data is transmitted to Anthropic solely to produce your plan, it is processed under contractual terms that prohibit using your data to train their models, consistent with the Limited Use requirements above.

5. How we share information (sub-processors)

We share data with vetted service providers acting on our behalf:

• Cloudflare: hosting, CDN, edge compute, security.
• Neon: managed PostgreSQL database.
• Clerk: authentication and identity.
• Google: Google Ads API (the data already originates from Google).
• Anthropic (Claude): generating the personalization plan (no training on your data).

A current list of sub-processors is maintained in our DPA. We do not otherwise sell or rent personal data.

6. Security

• Google/Microsoft Ads OAuth tokens are encrypted at rest (AES-GCM); never stored in plaintext.
• Data is isolated per tenant by workspace_id on every query.
• Access is least-privilege and limited to operating the Service.

7. Data retention

We retain account data while your account is active and as required for legal/accounting purposes. Conversion and metrics data are retained to power the dashboard; you can request deletion of a workspace's data. On account closure, data is deleted or anonymized within a reasonable period.

8. International transfers

Our providers may process data in the EU and the US. Where data is transferred outside the EEA, it is covered by appropriate safeguards (e.g. EU Standard Contractual Clauses).

9. Your rights

Depending on your location (incl. GDPR for EU/EEA users), you may have rights to access, rectify, erase, restrict, or port your personal data, and to object to processing. To exercise these rights, contact [email protected]. For visitor data captured on a customer's landing page, requests are directed to that customer (the controller); we assist them as processor.

10. Children

The Service is for business use and not directed to children under 16.

11. Changes

We may update this Policy. Material changes will be posted here with a new "Last updated" date.

12. Contact

Matchfyre, 15 rue Jean Moulin, 69300 Caluire-et-Cuire, France. Contact: [email protected].