Pricing Docs

Privacy Policy

Effective date: March 27, 2026

Overview

Lever ("we," "us," or "our") operates a hosted MCP (Model Context Protocol) server that connects AI agents to advertising platforms including Google Ads and Meta Ads. This Privacy Policy describes how we collect, use, and protect your information when you use our service at leverhq.app.

Information We Collect

Account information. When you sign up, we collect your email address and name to create and manage your account.

OAuth tokens. When you connect an ad platform (Google Ads, Meta Ads), we store encrypted OAuth access and refresh tokens on your behalf. These tokens allow Lever to make authorized API calls to the ad platforms. We never see or store your ad platform passwords.

API usage data. We log metadata about each MCP tool call: timestamps, tool name, success/failure status, and resource IDs. This is used for billing, quota enforcement, and the audit log you see in your dashboard.

Website analytics. We use Google Analytics to collect anonymized usage data on our marketing site (pages visited, referral source, device type). No personally identifiable information is sent to Google Analytics.

Product analytics. We use PostHog to understand how you interact with the Lever dashboard. This includes page views, clicks, and session recordings (visual replays of your browsing session). Form inputs are automatically masked in recordings. Session data is linked to your account to help us improve the product experience.

Information We Do Not Collect

Lever is a pass-through service. We do not collect or store:

  • Your ad campaign data, performance metrics, or creative assets
  • Your ad platform passwords or developer tokens
  • The content of queries your AI agent sends through Lever
  • End-user data from your ad campaigns (e.g., customer lists, conversion data)

All ad data flows directly between your AI agent and the ad platform APIs. Lever facilitates the connection but does not store or process the ad data itself.

How We Use Your Information

  • Provide the service. Authenticate your requests, connect to ad platforms on your behalf, and enforce safety rails (budget caps, draft-preview-confirm).
  • Billing and quotas. Track API call usage against your plan limits.
  • Audit logging. Record what actions your agent took, so you can review them in your dashboard.
  • Service communication. Send account-related emails (e.g., quota warnings, security alerts, service updates).
  • Improve the service. Analyze aggregated, anonymized usage patterns to improve reliability and performance.

Data Sharing

We do not sell your personal information. We share data only in these limited cases:

  • Ad platforms. We transmit your OAuth tokens to Google Ads and Meta Ads APIs to execute the actions your agent requests. This is the core function of the service.
  • Infrastructure providers. We use Cloudflare for hosting and edge compute. Your data is processed on Cloudflare's infrastructure under their data processing agreement.
  • Payment processing. Billing is handled by our payment provider. We do not store your credit card details.
  • Legal requirements. We may disclose information if required by law, legal process, or to protect the rights and safety of Lever or others.

Data Security

We protect your data with:

  • Encryption of OAuth tokens at rest and in transit
  • HTTPS for all connections
  • API key authentication for all MCP requests
  • Budget caps and safety rails to prevent unauthorized ad spend
  • Audit logging of all write operations

Data Retention and Deletion

OAuth tokens are retained as long as your account is active and the platform connection is enabled. You can disconnect a platform at any time from your dashboard, which immediately deletes the stored tokens.

Audit logs are retained for 90 days and then automatically deleted.

Account deletion. You can request full account deletion by emailing us at the address below. We will delete all your data, including OAuth tokens and audit logs, within 30 days of your request.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your account and all associated data
  • Disconnect any ad platform at any time, revoking Lever's access
  • Export your audit log data
  • Object to processing of your personal data

To exercise any of these rights, contact us at the email below.

Cookies

Our marketing site uses Google Analytics and PostHog, which set cookies to measure site traffic and understand usage patterns. The Lever dashboard uses PostHog for product analytics and session recordings, along with essential cookies required for authentication and session management. We do not use advertising cookies.

Third-Party Platform Policies

When you connect Google Ads or Meta Ads through Lever, your use of those platforms is also governed by their respective privacy policies:

Children's Privacy

Lever is a business tool and is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service. The "Effective date" at the top of this page indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

[email protected]