Privacy

• We never copy or store your Google Analytics data on our servers, with one narrow exception: when you explicitly create a Share link, that snapshot is cached for the duration you choose, then auto-deleted.
• Every chart you see is fetched live from Google's API using your own access token, on demand.
• We store the bare minimum needed to sign you in: your name, email, profile photo, and an encrypted refresh token, all inside a signed cookie on your own browser.
• We don't sell anything to anyone. There are no ad networks, no third-party trackers, and no analytics-on-analytics tools running on this site.

When you sign in with Google, we receive your name, email address, profile picture, and OAuth tokens that let us read your Google Analytics properties. These tokens are scoped read-only.

This information is encrypted and stored inside a JWT session cookie on your device. We do not maintain a user database. If you clear your cookies, our record of you is gone.

When you load a dashboard, we call Google's Analytics Data API on your behalf using your access token. The response is rendered to your browser and held in memory only long enough to send it back to you. Nothing is written to disk.

The same applies to AI features. When you use Pulse or Ask, the relevant slice of GA4 data is sent to OpenAI to generate a response. Pulse summaries are cached in our Redis for up to one hour so reloading the dashboard feels instant and doesn't burn API credits, after which they're auto-deleted. Ask conversations are never cached.

We also cache your list of GA4 properties (just the names and IDs, no analytics data) for up to 10 minutes, so navigating between views doesn't re-hammer Google's API on every page load. This cache clears immediately when you disconnect Google.

• Google — for sign-in and to fetch your GA4 data, under their privacy policy.
• OpenAI — to generate Pulse summaries and answer Ask questions. Per their API terms, content sent via the API is not used to train their models.
• Vercel — to host the application. Server logs may incidentally capture IP addresses and request paths. We do not analyze these logs.

We set one cookie: a signed session cookie that holds your authentication state. It is httpOnly, secure, and sameSite=lax. We also set a small client-side cookie remembering your last-used GA4 property so we can deep-link you back to it. There are no third-party cookies.

When you click Share on the Overview page, we store a snapshot of the current view in a short-lived Redis cache, keyed by a random ID. The link you copy contains that ID and a signature so tampered links fail fast.

The snapshot auto-deletes when the link expires (24 hours, 7 days, or 30 days, your choice). This is the only piece of analytics data we ever persist, and only because you explicitly asked us to. Anyone with the link can view it until it expires, so treat the URL as you would treat the data itself.

You can sign out at any time from the Settings page, which also exposes a "Disconnect Google" action that revokes our access token with Google. Once revoked, we lose all ability to query your data.

Because we don't maintain user accounts, there is nothing for us to delete on request, deleting the cookie and revoking access is the entire process.

Questions, concerns, or pleasant surprises: DM on X or open an issue on GitHub.

This policy is plain English on purpose. If you need a more formal document for vendor review, write in.