Privacy Policy

Last updated: 2026-03-24

Data accessed (Google OAuth scopes)

When you connect Google in SiteMetricz, we request only the minimum read-only scopes required to generate reports:

  • https://www.googleapis.com/auth/analytics.readonly — read access to Google Analytics 4 property metrics and dimensions used in your reports.
  • https://www.googleapis.com/auth/webmasters.readonly — read access to Google Search Console data (for example: search performance, sitemaps, and crawl related reporting endpoints).
  • openid and email (Google identity) — used to identify your Google account and associate authorized access with your SiteMetricz workspace.

We do not request write scopes for Google Analytics or Google Search Console through this integration.

Data usage

Google user data is used only to provide SiteMetricz product functionality, including:

  • Fetching selected GA4 and Search Console data to build your requested reports.
  • Computing trends, comparisons, summaries, and health/status indicators.
  • Showing connected account/property state and maintaining connection integrity.
  • Troubleshooting sync or access issues when requested by you.

We do not use Google user data for advertising, and we do not sell Google user data.

Data sharing

We do not sell or broker Google user data. We share data only when necessary to operate the service:

  • With infrastructure/service providers acting as processors (for example hosting, logging, billing, and support tooling) under contractual and security controls.
  • If required by law, regulation, or valid legal process.
  • Within your own workspace context to users you authorize in your organization.

We do not share Google user data with third parties for independent marketing purposes.

Data storage and protection

Access credentials and service data are protected with layered controls including encrypted transport (HTTPS), restricted access, least-privilege service design, and controlled credential handling.

Access to production systems is limited to authorized personnel and operational processes. We monitor and audit service operations to detect abuse and maintain system reliability.

Data retention and deletion

  • Google access tokens and connection metadata are retained only while your integration is active and needed for report generation.
  • You can revoke access at any time from your Google account permissions and/or by disconnecting Google inside SiteMetricz.
  • Upon verified deletion/disconnect request, we remove associated integration records within a reasonable operational window (typically within 30 days), except where longer retention is required for legal, accounting, or security obligations.

Cookies and tracking

SiteMetricz uses functional cookies such as sm_theme for theme preference. Analytics cookies may be set on marketing pages when analytics scripts are enabled.

You can block or clear cookies in your browser. Some functionality (such as persistent theme preference) may be reduced.

Third-party processors

  • Cloudflare: DNS/CDN/security routing
  • Paddle: billing and payment processing
  • Resend/Postmark: transactional and support email delivery (as configured)
  • Google APIs: authenticated access to your selected GA4/GSC properties

Your rights and contact

You can request access, correction, export, or deletion of personal data where applicable by contacting us through Contact. We target responses within 30 days.

You can also manage or revoke Google app access directly from your Google Account security settings.