Legal
Terms of Service &
Data Processing Agreement
Last updated: March 19, 2026
Provider: Bodh, Rotterdam, Netherlands · KVK: [INSERT KVK NUMBER] · legal@getbodh.com
1. Scope of Service
Bodh (the "Platform") is a performance marketing intelligence tool that connects to third-party APIs — Google Ads, Google Analytics 4, Meta Ads, and Shopify — to provide businesses ("Clients") with centralised campaign monitoring and performance reporting. By connecting your advertising accounts you authorise Bodh to access these APIs on your behalf for the purposes described in these Terms.
2. Google API — Limited Use Disclosure
Bodh's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Bodh currently operates in a read-only capacity. Any future features involving campaign modification will be clearly disclosed and require explicit user authorisation.
- Google Ads API: Used to read campaign performance data and surface insights for review within the Platform.
- Google Analytics 4 API: Used to read traffic and conversion data to calculate ROAS and generate performance dashboards.
- Data obtained via Google APIs is never sold to third parties, never used for advertising purposes, and never used for any purpose other than providing the Service to the Client who authorised access.
- Revocation: You may revoke Google access at any time via the Integrations tab in your Bodh dashboard or directly through your Google account security settings.
3. Meta Business Tools
Bodh uses the Meta Marketing API to read ad account performance data and generate simplified reports.
Bodh currently operates in a read-only capacity. Any future features involving campaign modification will be clearly disclosed and require explicit user authorisation.
- ads_read: Used to pull campaign insights and generate performance reports within the Platform.
- The Client represents that all data is collected under a GDPR-compliant consent mechanism, including Google Consent Mode v2 where applicable for EEA traffic.
- Revocation: You may revoke Meta access at any time via the Integrations tab in your Bodh dashboard or through your Meta Business settings.
4. Shopify Integration
Bodh connects to your Shopify store via the Shopify API to read order and revenue data. This data is used solely to calculate ROAS and provide performance context within the Platform. We do not modify your Shopify store data. You may revoke access at any time from the Integrations tab or from your Shopify admin under Apps.
5. Data Processing Agreement (GDPR / UAVG)
This section constitutes a binding Data Processing Agreement (DPA) between the Client (Data Controller) and Bodh (Data Processor) under Article 28 of the GDPR and the Dutch Implementation Act (UAVG).
5.1 Processing Instructions
Bodh shall process personal data only on documented instructions from the Controller. Personal data processed may include business account identifiers, advertising identifiers, and campaign attribution identifiers, solely as required to provide the Service.
5.3 Security Measures
- Encryption of all API OAuth tokens at rest (AES-256).
- TLS 1.3 encryption for all data in transit.
- Role-based access control (RBAC) — no employee has access to Client data without operational necessity.
- All data storage is within the European Economic Area.
5.4 Data Retention
Account data is retained for the duration of the active account. Advertising performance data is retained for up to 24 months to enable historical analysis. Upon account termination or written request, all personal data will be deleted within 30 days. Requests may be submitted to legal@getbodh.com.
5.2 Sub-processors
The Controller grants general authorisation to Bodh to engage the following sub-processors:
- Supabase Inc. — Database and authentication, hosted on AWS eu-west-1 (Ireland).
- Vercel Inc. — Application hosting, EU region (Amsterdam).
- Google Ireland Ltd. — Advertising and analytics APIs.
- Meta Platforms Ireland Ltd. — Advertising API.
6. Client Warranties
- Consent Mode v2: If the Client has end-users in the EEA, the Client has implemented Google Consent Mode v2 and obtains explicit consent for ad_storage and analytics_storage.
- Privacy Policy: The Client's website features a privacy policy that discloses the use of third-party processors (including Bodh) and provides links to Google and Meta's privacy terms.
- No Prohibited Data: The Client will not transmit sensitive personal data (health, religion, financial, or similar categories) to the Platform.
7. Your Rights Under GDPR
As a data subject you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion ("right to be forgotten").
- Object to or restrict processing.
- Data portability.
- Withdraw consent at any time without affecting prior processing.
- Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
To exercise any of these rights email legal@getbodh.com. We will respond within 30 days.
8. Limitation of Liability
Bodh shall not be liable for any suspension of the Client's Google, Meta, or Shopify accounts resulting from the Client's failure to comply with the policies of those respective platforms. To the fullest extent permitted by law, Bodh's total liability shall not exceed the amount paid by the Client in the three months preceding the claim.
9. Governing Law
These Terms are governed by the laws of the Netherlands. Any disputes arising from these Terms shall be submitted to the competent court in Rotterdam.
10. Changes to These Terms
We may update these Terms from time to time. We will notify registered users by email of material changes at least 14 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance.
11. Contact
For questions about these Terms, data requests, or API compliance enquiries, contact us at legal@getbodh.com.
© 2026 Bodh, Rotterdam, Netherlands. All rights reserved.