What data does GA4 Audits access?

The analytics.readonly scope

When you connect your Google account, GA4 Audits requests the https://www.googleapis.com/auth/analytics.readonly OAuth scope. This scope grants read access to the Google Analytics APIs for properties your account can access. Specifically, it permits:

• Reading GA4 property configuration via the Google Analytics Admin API.
• Querying GA4 reports and aggregated metric data via the GA4 Data API.
• Listing the GA4 accounts and properties your user has access to.

What analytics.readonly explicitly cannot do

The analytics.readonly scope is read-only by design. It is technically impossible for GA4 Audits to use this scope to:

• Modify your GA4 property configuration, settings, or custom dimensions.
• Create, update, or delete any GA4 resources.
• Access raw user-level data — only aggregated reporting data is available via the Data API.

What GA4 Audits cannot access at all

GA4 Audits does not request and has zero access to:

• Gmail or Google Workspace email.
• Google Drive, Docs, Sheets, or Slides.
• Google Ads account data.
• Google Search Console.
• YouTube, Calendar, Contacts, or any other Google service.
• Other users' Google accounts — only the account that authenticated.

Google's OAuth system enforces these boundaries at the API level — it's not a matter of trust or policy alone, but technical enforcement.

Future Google access

The current self-serve flow requests only analytics.readonly. If we ever introduce a separate Google workflow that needs additional access, we will disclose that step separately before you connect it.