The overriding rule is: we read only what's needed to generate your report - and that's the only thing we use it for. Below is the full, concrete list, no generalities.
Property configuration data (GA4 Admin API)
These are your property's "settings" - information about how GA4 is configured:
Why: most configuration-category checkpoints rely on this data. A wrong currency or time zone distorts every other report - which is why the audit starts here.
Reporting data (GA4 Data API)
These are aggregated statistics - information about what GA4 measures:
purchase records continuously or has gaps),transaction_id coverage, presence of the coupon parameter),Important: we work on aggregated data - the kind you see in GA4 reports. We don't build profiles of individual visitors to your website and we don't track specific people.
Your Google account data (at sign-in)
When you sign in with Google, we receive the standard set: email address, name and profile picture. They're used solely to operate your GA4audit account.
What we don't read
How long and where this data lives
Audit results are stored as a report on your account - kept until you delete it (or delete your account). Infrastructure: Firebase / Google Cloud in a European Union region. Details: Where and for how long are my reports stored?
Related articles: