Security and your data

What data do you read from my Google Analytics account and what for?

The full list of data we read from Google Analytics: property configuration (Admin API), aggregated reporting data (Data API) and Google account data - plus what we don't read and why we need each item.

2 min read

The overriding rule is: we read only what's needed to generate your report - and that's the only thing we use it for. Below is the full, concrete list, no generalities.

Property configuration data (GA4 Admin API)

These are your property's "settings" - information about how GA4 is configured:

administrative settings: currency, time zone, data retention period,
data streams and the state of enhanced measurement,
the list of key events (conversions) and their configuration,
attribution settings: model, lookback windows, referral exclusions,
integration status: connections to Google Ads, Search Console, BigQuery,
the property's user list and roles (read-only - for the checkpoints concerning access hygiene).

Why: most configuration-category checkpoints rely on this data. A wrong currency or time zone distorts every other report - which is why the audit starts here.

Reporting data (GA4 Data API)

These are aggregated statistics - information about what GA4 measures:

event counts over time (e.g. whether purchase records continuously or has gaps),
transaction quality metrics (e.g. the share of zero-value purchases, transaction_id coverage, presence of the coupon parameter),
conversions and sessions by channel, device and landing page (for the CRO and attribution checkpoints),
anomaly signals: sudden spikes, bot traffic, duplicates.

Important: we work on aggregated data - the kind you see in GA4 reports. We don't build profiles of individual visitors to your website and we don't track specific people.

Your Google account data (at sign-in)

When you sign in with Google, we receive the standard set: email address, name and profile picture. They're used solely to operate your GA4audit account.

What we don't read

content from any other Google service (mail, Drive, calendar),
data that could identify individual visitors to your website,
anything from Google Ads or Search Console accounts - regarding integrations, we only read what's visible in the GA4 configuration.

How long and where this data lives

Audit results are stored as a report on your account - kept until you delete it (or delete your account). Infrastructure: Firebase / Google Cloud in a European Union region. Details: Where and for how long are my reports stored?

Related articles:

More in Security and your data

Didn't find your answer?

Write to us - we respond fast, implementation questions included.

Write to us