Privacy Policy – AnalyticsAssistant.ai

Last updated: 2025-12-13

Overview

AnalyticsAssistant.ai connects to your Google Analytics 4 (GA4) account with your permission to read reporting data. We request the minimum scopes needed to provide our service (including analytics.readonly) and we never modify your Analytics properties or data.

Data Accessed from Google

AnalyticsAssistant.ai uses Google APIs to access the following Google user data:

Google account information

  • Email address
  • OpenID identifier

Used to authenticate the user and link their AnalyticsAssistant account and subscription to the correct Google account.

Google Analytics 4 reporting data

  • Aggregated metrics such as sessions, users, conversions, revenue and other standard GA4 metrics.
  • Aggregated dimensions such as date, channel group, source / medium, campaign, landing page, product, device, country.

AnalyticsAssistant.ai does not modify your GA4 property or other Google products. We use the analytics.readonly scope only to read reporting data.

OAuth tokens

  • Access and refresh tokens issued by Google to call the Analytics Data API on behalf of the user.

How We Use Google User Data

We use the Google user data described above for the following purposes:

  • To authenticate users and associate their GA4 connection and subscription with the correct AnalyticsAssistant account.
  • To request GA4 reporting data in order to:
    • Display dashboards and reports inside the AnalyticsAssistant application.
    • Generate automated, plain‑English summaries and recommendations about website and campaign performance.
  • To maintain secure, authorised access to GA4 on behalf of the user via OAuth tokens.

We do not use Google user data for:

  • Advertising or marketing our own products to other users.
  • Building or selling aggregated profiles of end‑users.
  • Training generalized or public machine learning models.

Any use of Google user data is strictly limited to providing and improving the AnalyticsAssistant service to the user who granted access.

Sharing of Google User Data

We do not sell Google user data.

We may share or process Google user data with the following categories of service providers, solely as data processors:

  • Hosting and infrastructure providers (e.g. Vercel, database and key‑value store providers) — to host our application, store configuration and OAuth tokens, and operate the service.
  • Analytics and error‑monitoring tools — to monitor the health and performance of the application, using de‑identified or minimal data where possible.
  • AI model provider (e.g. OpenAI) — when a user explicitly requests an AI summary, we send aggregated GA4 report data for that request (for example, per‑channel metrics). This data is used only to generate the requested summary and is not used to train or improve public models.

All such providers are bound by contractual obligations to use the data only to provide services to AnalyticsAssistant and to protect it in accordance with applicable data‑protection laws.

We may also disclose information if required by law, regulation, or legal process, or to protect our rights, users, or the public.

Data Storage & Protection

  • OAuth access and refresh tokens are stored only on our backend in secure, access‑controlled storage. They are never stored in the browser or exposed to front‑end JavaScript.
  • Session cookies are HttpOnly and scoped to our domain.
  • Our infrastructure providers store data in secure data centers with industry‑standard physical and technical safeguards.
  • Access to production systems is restricted to authorised personnel with a legitimate need and is logged.

We implement appropriate technical and organisational measures to protect against unauthorised access, disclosure, alteration or destruction of data.

Data Retention & Deletion

We retain Google user data (including GA4 connection configuration and OAuth tokens) for as long as:

  • The user’s AnalyticsAssistant account remains active; and
  • The connection to their GA4 property is enabled.

If a user disconnects Google Analytics within the application, we delete the associated OAuth tokens from storage and stop requesting data for that property.

If a user closes their AnalyticsAssistant account or requests deletion, we delete their account, associated OAuth tokens and configuration, subject to minimal retention needed for legal, security or accounting purposes (for example, billing records).

Users may revoke AnalyticsAssistant’s access to their Google account at any time via the Google Account permissions page. Once revoked, we can no longer access new GA4 data on their behalf.

Users can request deletion of their account and associated data at any time by emailing support@analyticsassistant.ai or via the in‑app account settings page (when available).

Compliance with Google API Services User Data Policy

AnalyticsAssistant.ai’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.