Snifflytics
Startseite Produkte Preise Blog Kontakt
DE EN
Jetzt starten

Privacy Policy

How Snifflytics collects, uses, and protects your data — including our handling of Google user data under the Google API Services User Data Policy.

Last updated: May 21, 2026
Contents
  1. Overview
  2. Google user data & Limited Use
  3. What we collect
  4. How we use information
  5. Sharing & third parties
  6. Data retention
  7. Security
  8. Your rights & choices
  9. International transfers
  10. Children's privacy
  11. Changes to this policy
  12. Contact

1. Overview

Snifflytics ("we", "us", "our") provides an AI-powered audit tool for Google Analytics 4 (GA4) properties. This Privacy Policy explains what information we collect when you use snifflytics.com, how we use it, who we share it with, and the rights you have over it.

By using Snifflytics you agree to the practices described below. If you do not agree, please do not use the service.

2. Google user data & Limited Use

Limited Use Disclosure

Snifflytics's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 Scopes we request

When you sign in with Google, we request the following OAuth scopes. We request the minimum scopes needed to run an audit and we do not request any additional scopes in the background.

Scope Why we need it
analytics.readonly See and download your Google Analytics data — read your GA4 account, property, and stream configuration plus aggregated report data so we can run audit checks and produce your audit report.
userinfo.email See your primary Google Account email address — used to identify your Snifflytics account and to send you transactional emails (audit-ready notifications, password resets, support replies).
userinfo.profile See your basic profile info (name and profile picture) so we can personalize the dashboard.

2.2 How we use Google user data

We use data obtained through Google APIs only to:

  • Run the audit checks you request and display the resulting report inside Snifflytics.
  • Show you a history of your past audits inside your account.
  • Identify you for sign-in, billing, and support.

2.3 What we do not do with Google user data

  • We do not use Google user data to serve, target, or measure advertising.
  • We do not sell or rent Google user data to any third party.
  • We do not transfer Google user data to third parties except as necessary to provide or improve the user-facing features of Snifflytics, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.
  • We do not allow humans to read Google user data, except: (a) with your affirmative consent for a specific message; (b) where necessary for security purposes such as investigating abuse; (c) to comply with applicable law; or (d) where the data has been aggregated and anonymized and is used for internal operations.
  • We do not use Google user data to train generalized or third-party AI/ML models. AI features (for example, the AI audit narrative) operate only on your own audit results within your session and outputs are returned only to you.

2.4 Revoking access

You can revoke Snifflytics's access to your Google account at any time at myaccount.google.com/permissions. You can also delete your Snifflytics account from your profile page or by emailing privacy@snifflytics.com; we will delete the associated audit data within 30 days.

3. What we collect

  • Account information: name, email address, and (optionally) company name and role, provided either through Google sign-in or our signup form.
  • Google Analytics configuration and report data: the GA4 accounts, properties, streams, and report data returned by the Google Analytics APIs while running an audit, as described in Section 2.
  • Audit history: the audits you run and the resulting reports.
  • Usage data: pages viewed, features used, and basic interaction events used to operate and improve the service.
  • Technical data: IP address, browser type, device information, and cookies used for session management and security.
  • Communications: messages you send through our contact form or by email.

4. How we use information

  • Provide the service: run audits, generate reports, and operate your account.
  • Support: respond to questions and resolve issues you report.
  • Improve the service: understand which features are useful and fix bugs. Improvement uses only aggregated or anonymized data; we do not train models on identifiable Google user data.
  • Security and abuse prevention: protect Snifflytics and its users from fraud, abuse, and security risks.
  • Legal compliance: meet our legal obligations and enforce our terms.

5. Sharing & third parties

We share information only with the following categories of recipients, and only as needed:

  • Infrastructure providers: Google Cloud (hosting, Cloud SQL database, Cloud Run).
  • Email delivery: SendGrid, for transactional and account-related emails.
  • AI processing: Anthropic (Claude), used to generate the AI narrative section of audit reports. Only the relevant audit findings for your report are sent; we do not send raw GA4 report data beyond what is needed for the narrative.
  • Legal authorities: where we are legally required to disclose information.
  • Successor entities: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell your personal information or your Google user data.

6. Data retention

  • Account information: for the life of your account, plus up to 30 days after deletion.
  • Audit reports and GA4 data snapshots: up to 12 months from generation, or until you delete them, whichever is sooner.
  • Support communications: up to 24 months from last interaction.
  • Technical and security logs: up to 90 days.

You can request earlier deletion at any time — see Section 8.

7. Security

  • TLS encryption for all data in transit and encryption at rest for stored data.
  • OAuth tokens are stored encrypted and are scoped to the minimum permissions needed.
  • Access to production systems is restricted to authorized personnel and logged.
  • Regular dependency, vulnerability, and configuration reviews.

No system is perfectly secure. If you believe your account has been compromised, please contact security@snifflytics.com immediately.

8. Your rights & choices

Depending on where you live (including under the GDPR and the CCPA/CPRA), you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information ("right to be forgotten").
  • Port your information in a machine-readable format.
  • Object to or restrict certain processing.
  • Withdraw consent you previously gave us, including by revoking Google access at myaccount.google.com/permissions.
  • Opt out of the "sale" or "sharing" of personal information — note that we do not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, email privacy@snifflytics.com or use the controls in your profile page. We respond within 30 days.

9. International transfers

Snifflytics is operated from the United States and processes data in the United States and the European Union. Where we transfer personal information across borders, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission.

10. Children's privacy

Snifflytics is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "Last updated" date above and, where required, notify you by email or through the app. Continued use of Snifflytics after a change means you accept the updated policy.

12. Contact