Agency Features

Q: How does the agency-brand model work?

Agencies create or connect to brand organizations. Each brand has its own isolated data. Agencies manage platform connections and reporting for their assigned brands with granular permissions.

Q: How do I share credentials across clients?

When an agency connects Google Ads via OAuth, those credentials can be reused across multiple brand accounts. The agency authenticates once and selects which ad accounts to assign to each brand.

How does the agency-brand model work?

ROAS Reports has two organization types: Agency and Brand. An agency can manage multiple brands. Each brand has its own isolated data — agencies see only what they've been granted access to.

The relationship works both ways:

Agencies get a unified view across all their client brands
Brands maintain full ownership of their data and control who has access

Brands can exist in three states:

Unclaimed — Created by an agency, waiting for the brand owner to claim it
Claimed — A brand owner has claimed the organization via email invitation
Connected via request — An existing brand granted access to an agency

How do I add a client brand?

From your agency dashboard, use the organization switcher to add a new brand. You have two paths:

Create a new brand

Click Add Brand
Enter the brand name and details
The brand is created under your agency
Optionally invite the brand owner via email so they can claim it

Request access to an existing brand

Click Request Access
Enter the brand's email or organization details
Specify which platforms you want to manage
The brand owner reviews and approves (or denies) the request

What are platform permissions?

When an agency connects to a brand, the brand controls which platforms the agency can access. Options include:

All platforms — agency can manage everything
Specific platforms — e.g., only Google Ads, or only Meta Ads

Access levels can also be set to:

Full — read and write access (manage connections, trigger syncs)
Read-only — view data but cannot make changes

Brands can update or revoke platform permissions at any time without losing any data.

How do I share credentials across clients?

When you connect Google Ads via OAuth from your agency account, those credentials can be reused across your client brands. You authenticate once with Google, and then assign specific ad accounts to specific brands.

Credentials can be scoped as:

Personal — only you can use them
Organization — shared across your agency team

All credentials are encrypted with AES-256-GCM. OAuth tokens refresh automatically before they expire.

Access audit view

Brand owners can see a complete audit of who has access to their data. The access audit view shows:

Direct team members and their roles
Agency users with access, grouped by agency
Which platforms each agency can see
Individual agency user access (can be revoked independently)

This gives brands full transparency into who is viewing and managing their advertising data.

For more on team roles and permissions, see Team Management.