Finch Labs
Integrations & data

How we connect.
How we handle the data.

Per-platform scope, data flow, and retention — written for the marketer evaluating us, the security team reviewing us, and the platform reviewers verifying us.

Integrations

Connected to the platforms that drive growth.

Finch Labs reads campaign performance, conversion outcomes, and product data from the systems where your customers and revenue actually live. Every connection is authorized by the customer via OAuth on a per-account basis, scoped to the minimum data needed for evolutionary fitness scoring and marketing-mix modeling. We do not aggregate, sell, or share customer data across tenants.

Google Ads

Read campaign performance and (optionally) sync optimized creative variants back to the customer's Google Ads account.

Scope
https://www.googleapis.com/auth/adwords
What we read
Ad-account metadata, customer IDs the user has access to, and campaign/ad-set/ad performance metrics (impressions, clicks, conversions, CTR, CPC, ROAS) over a configurable lookback window.
What we do with it
Per-ad fitness scoring inside the evolutionary loop; aggregate trends in the analytics dashboard; (optional, opt-in only) auto-promotion of winning creatives back into the same Google Ads account.
Write access
Off by default. Used only when the customer explicitly enables "auto-promote winning creatives" on their account. Every write action is logged to a tenant-visible audit log.
Retention
Aggregated performance metrics: 24 months. Raw event data discarded after fitness computation. Customer-initiated deletion via data-deletion endpoint.
Google Analytics 4

Read GA4 conversion and revenue events to bridge ad spend to outcomes for fitness scoring. Optional: export Finch-generated audiences back to GA4 for retargeting.

Scopes
analytics.readonly · analytics.edit
What we read
Conversion events (purchase, signup, lead) attributed to ads we know about; revenue values when e-commerce tracking is enabled; audience-segment counts when audience-based fitness is enabled. We do not read demographics, user-level identifiers, or data outside the GA4 properties the user explicitly grants.
Write access (analytics.edit)
Used only when the customer requests audience export from the Finch dashboard. Creates new audiences in the customer's GA4 property; never deletes or modifies pre-existing audiences. Can be demoted to read-only on request.
Retention
Aggregate metrics persisted for trend visualization (24 months); individual events processed in-memory and discarded.
Meta Ads

Read campaign performance from Meta Ads Manager + (optionally) publish optimized creative variants back to the customer's Ad Account.

Permissions
ads_management · ads_read · pages_read_engagement · business_management
What we read
Ad account hierarchy (via business_management), per-ad insights (impressions, clicks, conversions, spend, CTR, CPC, ROAS), Facebook Page engagement metrics (likes, shares, video view-time) for ads attached to the customer's connected Pages.
Write access (ads_management)
Off by default. Used only with explicit opt-in to "auto-promote winning creatives." Writes are limited to the customer's connected Ad Account; never to others.
Retention
Same 24-month retention policy on aggregated metrics.
Shopify

Read product catalog, orders, and customer data to bridge ad spend to actual revenue and feed product information into ad-creative generation.

Scopes
read_products · read_orders · read_customers · read_analytics · read_customer_events
What we read
Product catalog (titles, images, descriptions), order history (totals, line items), aggregated customer counts, and storefront analytics events. Used for product-aware creative generation, customer-cohort retention analysis, and ROAS computation.
Write access
None. Shopify integration is strictly read-only.
Retention
Aggregate analytics and order summaries retained for 24 months. No persistent storage of customer PII beyond aggregated counts.
How we use data

Read what's needed. Write only on request. Delete on demand.

Tenant isolation

Each customer is a separate tenant. Connections, ad accounts, and analytics data are scoped per tenant via row-level security in our Postgres database (Supabase, US region). One tenant's data is never accessible to another tenant's users or operators.

Token storage

OAuth tokens for connected platforms are held by an external token broker (Nango, SOC 2 Type II certified) and are never exposed to Finch's application code. Tokens are referenced by an opaque connection identifier; revocation propagates immediately.

Retention

Aggregated performance metrics retained for 24 months for trend visualization. Raw event data is processed in-memory for fitness scoring and discarded. Customers can request deletion at any time via the data-deletion endpoint; Meta GDPR webhooks (customers/data_request, customers/redact, shop/redact) are implemented for Shopify customers.

What we don't do

We do not sell customer data, do not share it with third parties for advertising, and do not combine it across tenants. We do not read user-level identifiers from GA4. We do not modify Business Manager settings, billing, or user permissions on connected ad accounts. We do not act as a buyer of record — customers spend on their own accounts.

Full details in our Privacy Policy and Terms of Service. Operated by Finch Labs, Inc., a Wyoming corporation. Reach us at privacy@finchlabs.ai for data-handling questions or dpo@finchlabs.ai for GDPR inquiries.

Back to

The platform overview.

Return to the main page to see what Finch and Galton do for Shopify advertisers running paid acquisition.

finchlabs.ai →