Privacy Policy

1. Who We Are

We are a Google Ads and Google Merchant Center policy specialist service operating online. We provide diagnosis and resolution services for advertisers whose accounts have been suspended, restricted, or disapproved under Google’s policies.

For privacy-related questions or requests, contact us at: contact@circumventingsystemspolicy.com

For all other inquiries, the same email address is the primary contact channel.

If you are an EU or UK resident exercising rights under the General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018, you can use the same email address. If you require a designated representative in the EU or UK for GDPR purposes and we do not have one listed in this policy, contact us and we will respond within the timeframes required by law.

2. What Information We Collect

We collect personal information in three categories.

Information you provide directly to us through forms and email:

• Your name
• Your email address
• Your business name and website URL
• The nature of your Google Ads or Merchant Center issue
• Details of your suspension notice, disapproval message, or policy concern
• Any attachments you upload (screenshots, notices, supporting documents)
• Any additional context you share in conversations with us

Information collected automatically when you visit the Site:

• IP address
• Browser type and version
• Operating system
• Pages visited on the Site and time spent on each page
• The referring website or search term that led you to the Site
• Approximate geographic location based on IP address (city or region level)
• Device identifiers and browser cookies

Information from third-party services we use:

• If you connect with us through a third-party platform (LinkedIn, Twitter, WhatsApp, or others), we receive whatever information that platform makes available to us based on your privacy settings.
• If you respond to email campaigns we send through email service providers, we receive engagement data (whether you opened the email, which links you clicked).

We do not collect special categories of personal information (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation) unless you voluntarily share such information in the course of describing your case. If you do share such information, we treat it with the same care as all other personal information and use it only for the purpose of providing the Services.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide the Services:

• To diagnose the policy issue affecting your Google Ads or Merchant Center account
• To prepare appeals, certifications, documentation packages, and other deliverables you have engaged us to produce
• To communicate with you about your case
• To coordinate with you on corrective actions and follow-up reviews

To operate and improve the Site:

• To understand how visitors use the Site
• To identify and fix technical issues
• To improve the content and structure of the Site based on visitor behavior
• To protect the Site from spam, fraud, and security threats

To communicate with you about our business:

• To respond to your inquiries
• To send you the diagnosis or assessment you requested
• To send you quotes, invoices, and engagement-related communications
• To send you occasional updates about our services if you have explicitly opted in

To comply with legal obligations:

• To respond to legitimate requests from law enforcement or government authorities where required by law
• To enforce our Terms of Service
• To exercise or defend legal claims
• To meet tax, accounting, and other regulatory requirements

We do not sell your personal information. We do not share your personal information with third parties for their independent marketing purposes.

4. The Legal Basis for Processing Your Information (GDPR)

For visitors located in the European Union, the European Economic Area, or the United Kingdom, we process personal information on the following legal bases under Article 6 of the GDPR:

Consent: When you submit a contact form, sign up for email updates, or otherwise voluntarily provide personal information, you consent to the processing of that information for the purposes stated at the point of collection. You can withdraw consent at any time by contacting us.

Performance of a contract: When you engage us to provide Services, we process your personal information as necessary to fulfill the engagement.

Legitimate interests: We process certain information (such as analytics data, security logs, and engagement records) based on our legitimate interests in operating, improving, and protecting our business. Where we rely on legitimate interests, we have considered the impact on your rights and concluded that our processing does not override your fundamental rights and freedoms.

Legal obligation: Where we are required by law to process or retain personal information (for tax records, regulatory compliance, or response to lawful government requests), we do so on that basis.

5. Third Parties Who Process Your Information

We use third-party services to operate our business. Some of these services process personal information on our behalf. We have selected each provider based on their security practices and their ability to meet applicable data protection requirements.

The third-party services we use include:

If we share personal information with any third-party processor located outside Pakistan, we do so only when the processor maintains adequate data protection safeguards. For transfers from the EU/EEA/UK to processors outside those regions, we rely on the European Commission’s Standard Contractual Clauses or other approved transfer mechanisms.

6. How Long We Keep Your Information

We retain personal information only as long as necessary to fulfill the purposes for which it was collected.

• Inquiry data (form submissions, emails) from prospects who do not engage us: Retained for 90 days from the date of last contact, then deleted from our systems.
• Engagement data (client files, communications, deliverables) from clients who engage us: Retained for the duration of the engagement plus a minimum of 3 years after the engagement ends, to satisfy professional record-keeping and any potential audit or dispute requirements. After the retention period, the data is deleted or anonymized.
• Financial records (invoices, payment records): Retained for the period required by Pakistani tax law (currently 5 years from the end of the relevant tax year) or longer if any audit or legal proceeding is pending.
• Server logs and security records: Retained for 12 months unless a security incident requires longer retention.
• Analytics data: Retained for the period configured in the analytics provider’s settings, typically between 14 months and 26 months.
• Email list subscribers: Retained until you unsubscribe, at which point your email address is removed from active sending lists within 7 days but may be retained on a suppression list to prevent accidental re-subscription.

You can request earlier deletion of your information at any time by contacting us at contact@circumventingsystemspolicy.com. We will honor deletion requests within 30 days unless we have a legitimate basis to retain the information for longer (such as legal obligations or active dispute resolution).

7. Your Rights

Depending on your location, you have specific rights regarding the personal information we hold about you.

For all users:

• The right to know what personal information we hold about you
• The right to request a copy of your personal information
• The right to request correction of inaccurate information
• The right to request deletion of your information (subject to our legitimate retention obligations)
• The right to withdraw consent for processing based on consent
• The right to opt out of marketing communications at any time

Additional rights for users in the EU, EEA, and UK under GDPR:

• The right to restrict processing of your information in certain circumstances
• The right to object to processing based on legitimate interests
• The right to data portability (to receive your information in a structured, machine-readable format)
• The right to lodge a complaint with a supervisory authority in your country

Additional rights for California residents under the CCPA/CPRA:

• The right to know what categories of personal information we collect and the purposes for collecting it
• The right to know what categories of third parties we share information with
• The right to opt out of the sale or sharing of personal information (we do not sell personal information)
• The right to non-discrimination for exercising these rights

To exercise any of these rights, contact us at contact@circumventingsystemspolicy.com. We will respond within 30 days, or sooner if required by applicable law. We may need to verify your identity before processing certain requests, particularly requests for access or deletion of substantial amounts of data.

8. Cookies and Similar Technologies

The Site uses cookies and similar technologies to function correctly, to remember your preferences, and to understand how visitors use the Site.

Strictly necessary cookies: These cookies are essential for the Site to function. They enable basic functions like page navigation and form submission. The Site cannot function properly without these cookies, and they cannot be disabled.

Analytics cookies: These cookies help us understand how visitors interact with the Site. The data is aggregated and anonymized. You can opt out of analytics cookies through the cookie consent banner on the Site or through your browser settings.

Functional cookies: These cookies remember your preferences (for example, whether you have dismissed a notification banner). They do not track you across other websites.

No advertising cookies: We do not run advertising on the Site and we do not use cookies to deliver targeted advertising. We do not allow third-party advertising networks to set cookies through the Site.

When you first visit the Site, you will see a cookie consent banner. You can accept all cookies or decline non-essential cookies. You can clear your cookie consent at any time by clearing browser storage for this site, or by visiting in a new private browsing window.

Most browsers also allow you to manage cookies through browser settings. Disabling cookies may affect Site functionality.

9. Security

We take the security of your information seriously. We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction.

These measures include:

• HTTPS encryption for all data transmitted between your browser and the Site
• Encryption at rest for sensitive data stored on our infrastructure
• Access controls limiting which team members can access client data
• Multi-factor authentication on all administrative accounts
• Regular review of third-party service providers for security compliance
• Malware scanning of uploaded files before storage
• Routine backup and recovery procedures

No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify you and the relevant authorities within the timeframes required by applicable law.

We recommend that you do not send the following information to us through email or web forms:

• Passwords for any of your accounts (we will never ask for your account passwords; account access, if needed during an engagement, is requested through Google’s official manager account invitation system)
• Full credit card numbers (we use a dedicated payment processor for any payment transactions)
• Customer personal information that we do not need to perform our Services
• Any information you would not want disclosed if the email were intercepted

10. Children’s Privacy

The Services are intended for businesses and adult professionals. The Site is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and you believe your child has provided us with personal information, contact us at contact@circumventingsystemspolicy.com and we will take steps to delete the information.

11. International Data Transfers

We operate from Pakistan. When you submit information through the Site or by email, that information is received and processed on infrastructure that may be located in Pakistan, the country where our hosting and email providers operate, or other countries where our third-party processors operate.

For users in the EU, EEA, and UK: data transferred outside these regions to countries that have not received an adequacy decision from the European Commission is protected by appropriate safeguards including Standard Contractual Clauses or equivalent mechanisms approved under GDPR.

For users in California and other US states with data protection laws: data may be transferred to countries with different data protection frameworks. By using the Site and submitting information through it, you consent to such transfers subject to the protections described in this policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, applicable law, or for other operational reasons.

When we update this policy, we will:

• Change the “Last updated” date at the top of the policy
• For significant changes, provide notice through a banner on the Site or through email to active clients

We encourage you to review this Privacy Policy periodically. Continued use of the Site after the effective date of any update constitutes acceptance of the updated policy.

If you do not agree with an updated policy, you should stop using the Site and contact us to request deletion of your information.

13. Contact Us About Privacy

For any questions, concerns, requests, or complaints related to this Privacy Policy or our handling of your personal information:

We aim to respond to all privacy-related inquiries within 5 business days, and to formal rights requests (access, correction, deletion, portability) within 30 days as required by GDPR and similar regulations.

If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority in your jurisdiction.