Yes. Stract only requests the strictly necessary permissions for the service and uses them solely for read operations. Edit permissions are only required in cases where platforms do not provide permissions in read-only mode.
In addition, Stract employs robust measures to ensure the security of your data. The only agent capable of making requests to our server is the script from the Google Sheets extension. When a request reaches our server, we communicate with the platforms (Facebook Ads, Instagram, Google Ads) using the OAuth protocol whenever it is available, which prevents you from having to share any passwords with us. OAuth 2.0 is a protocol focused on authorization, not authentication. Its main function is to allow access to specific resources, such as remote APIs or user information, without directly involving user authentication.
Through OAuth, when you log into a platform, we receive a temporary token and only the necessary permissions for the extractions. We do not store any information related to the accounts you manage, only their IDs and custom fields. So you can rest assured about the integrity and privacy of your data.