Read-only access,
clearly explained

Only analytics.readonly is requested. Our API calls are GET-only. No writes are possible.

• https://www.googleapis.com/auth/analytics.readonly only
• No write permissions requested or possible
• Cannot modify property settings or events
• Verified through Google's scope enforcement

Authorization code flow with PKCE. Your password never touches our servers.

• Authorization code flow with PKCE
• Your password never touches our servers
• Tokens automatically expire after 1 hour
• Refresh tokens stored with Fernet encryption

Fernet (AES-128-CBC + HMAC-SHA256). Keys in environment variables, never in source control.

• Fernet symmetric encryption (AES-128-CBC)
• HMAC-SHA256 for token integrity verification
• Encryption keys stored in environment variables
• Tokens never logged or stored in plaintext

Raw API data is discarded after processing. Only check results and scores are persisted.

• Raw API data discarded after processing
• Only audit results persisted (pass/fail/scores)
• No visitor-level data stored
• No PII collected or retained

TLS 1.2+ everywhere. HSTS headers block protocol downgrade attempts.

• TLS 1.2+ for all data in transit
• HSTS headers on all endpoints
• Read-only API requests to Google services
• No plaintext HTTP endpoints

Each request runs in an ephemeral container with no shared state.

• Container-level process isolation
• No shared state between requests
• Ephemeral containers destroyed after use
• Managed infrastructure on Google Cloud Run

Tenant boundaries enforced at the database layer, not just at the API.

• RLS policies on every table
• Users can only access their own data
• Database-level enforcement (not just API)
• Tenant boundaries enforced at the database layer

Disconnect from your dashboard or from myaccount.google.com/permissions. Tokens deleted immediately.

• One-click disconnect from dashboard
• Revoke directly from Google account
• Tokens deleted immediately upon revocation
• All cached audit data purged within 24 hours