Legal

Privacy Policy

Last updated: March 28, 2026

1. Who We Are

GA4Audit.ai is an AI-powered Google Analytics 4 auditing platform operated by Taqi Naqvi. We help businesses identify tracking issues, missing events, and attribution problems in their GA4 setup.

2. Google OAuth & Data Access

This section is critical to understand if you use our Deep Audit feature.

  • Read-only access: We request analytics.readonly and tagmanager.readonly scopes. We cannot modify, delete, or write to your Google Analytics or Tag Manager accounts.
  • Session-only tokens: Your OAuth access token exists only in your browser session. It is never stored on our servers. When you close the page, the token is gone.
  • No data storage: GA4 data pulled during an audit (event counts, traffic sources, property settings) is used to generate your report in real-time. It is not saved, logged, or stored anywhere on our infrastructure.
  • AI processing: Your GA4 data is sent to AI providers (Google Gemini or Anthropic Claude) to generate the audit report. These providers process the data per their own privacy policies and do not retain inputs from API calls.
  • Revoke anytime: You can revoke GA4Audit.ai's access at any time by visiting myaccount.google.com/permissions.

3. Information We Collect

Account information: If you create an account, we store your email address and a bcrypt-hashed password. Email verification tokens are temporary.

Audit reports: Generated audit reports are displayed in your browser. We do not store copies of your audit results on our servers.

Quick Scan data: For URL-based scans, we fetch the publicly accessible HTML of the provided URL to detect GA4/GTM tags. No authentication is required for this scan.

Analytics: We use Google Analytics 4 (G-ZL4D2T8ZXF) to collect anonymous usage data — page views, feature usage, and session metrics. No personally identifiable information is collected.

4. How We Use Your Information

  • To generate your GA4 audit report in real-time
  • To authenticate your account (if created)
  • To improve the audit quality and user experience based on aggregate analytics
  • To send email verification (one-time, during signup)

5. Data Storage & Security

Account data is stored in server-side JSON files on Vercel's infrastructure. Passwords are bcrypt-hashed. GA4 property data from Deep Audits is never persisted. We do not sell, rent, or share your data with any third parties.

6. Third-Party Services

  • Google OAuth — Authentication for GA4 Data API access (read-only)
  • Google Gemini 2.5 Pro — AI report generation (free tier)
  • Anthropic Claude — AI report generation (premium tier)
  • Google Analytics 4 — Anonymous usage analytics
  • Vercel — Hosting, deployment, and edge functions
  • Nodemailer — Email verification delivery

7. Cookies

We use a JWT session cookie for authentication if you create an account. Google Analytics sets cookies for aggregate traffic analysis. You can disable cookies in your browser settings. The quick scan audit works without any cookies.

8. Your Rights

  • Request deletion of your account and associated data
  • Revoke Google OAuth access at any time
  • Clear your browser data to remove all local state
  • Request a copy of any data we hold about you

To exercise these rights, contact us at the email below.

9. Children's Privacy

GA4Audit.ai is a professional tool intended for business use. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of GA4Audit.ai constitutes acceptance of any changes.

11. Contact

Questions about this privacy policy or how your data is handled? Contact: taqinaqviofficial@gmail.com