Security and your data

Is my data sold, shared or used to train AI?

We don't sell, share or train AI on your data - the Limited Use commitment to Google, the subprocessor list, GDPR rights, and how to verify it yourself.

2 min read

No, no and no. And since in the world of "free" and freemium tools this worry is entirely justified, we explain exactly what our answer rests on.

The Limited Use commitment - what it means in practice

GA4audit's use of information received from Google APIs is governed by the Google API Services User Data Policy, including the Limited Use requirements. This isn't our internal policy - it's a condition imposed by Google on which our API access depends; violating it would cut the product off from Google Analytics. In practice, Limited Use means that data from Google APIs:

is used solely to provide the user-facing feature you can see - generating and presenting your audit report,
is never sold to anyone,
is never passed to third parties (beyond the infrastructure subprocessors acting on our instruction - more below),
is never used for advertising - not ours, not anyone else's, not for building ad profiles,
is never used to train artificial intelligence models - neither general-purpose nor our own.

Who technically "sees" your data

Your data is processed exclusively by the infrastructure providers necessary to run the service, acting on our instruction as data processors:

Google (Firebase Authentication, Cloud Firestore, Google Analytics API) - sign-in, database, the GA4 reading itself,
Google reCAPTCHA Enterprise - abuse and bot protection.

There are no data brokers, ad networks or "analytics partners" on that list. GA4audit's business model is simple and open: we make money on subscriptions, not on data.

Your rights (GDPR)

We process data in line with the GDPR. You have the right of access, rectification, erasure, restriction of processing, portability and objection. You can delete your account with its data yourself in settings (How do I delete my account with all data?); you can also lodge a complaint with your supervisory authority. For privacy matters, write to us - contact details are in the Privacy Policy.

How to verify this yourself

Healthy skepticism is fine, so here are three things you can check without taking our word for it:

1.The permission scopes - Google's consent screen shows exactly what we request; both scopes are read-only (What permissions does GA4audit need?).
2.The access registry - at myaccount.google.com/permissions you can see our access and revoke it at any time.
3.The Privacy Policy - the full list of processed data, purposes and subprocessors is public and required by Google's OAuth app verification process.

Related articles:

More in Security and your data

Didn't find your answer?

Write to us - we respond fast, implementation questions included.

Write to us