Privacy Policy

Last Updated: March 18, 2025

Privacy Policy for GA4 AI Insights Tool

1. Introduction

This Privacy Policy explains how the GA4 Insights Generator service (“we”, “us”, “our”), owned and operated by Dreamnotion Innovations LLP, collects, uses, and protects your data when you use our analytics reporting service. We are committed to ensuring your privacy and protecting your personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 of India.

2. Data Collection and Processing

Our website uses the GA4 Insights Generator plugin which processes Google Analytics 4 (GA4) data to provide analytics insights. When you connect your Google Analytics account through our plugin:

  • 2.1 Authentication Data

    • We collect and store authentication tokens securely to maintain your Google Analytics connection
    • These tokens are encrypted and stored in our WordPress database
    • No raw Google Analytics credentials are ever stored

  • 2.2 Analytics Data Processing

    • We access your GA4 data through Google’s official Analytics Data API
    • We only request read-only access to your analytics data
    • The plugin uses the following API scopes:
      • analytics.readonly (for accessing GA4 data)
      • userinfo.email (for account identification)
      • userinfo.profile (for basic profile information)

  • 2.3 Data Usage

    • Analytics data is processed solely for generating insights and reports
    • We do not:
      • Store raw analytics data permanently
      • Use your data to train AI models
      • Share your analytics data with third parties
      • Use Google Workspace APIs to develop, improve, or train generalized AI/ML models

3. AI-Powered Insights Generation

The plugin uses OpenAI’s API to generate insights from your analytics data:

  • 3.1 Data Processing for AI Insights

    • Analytics metrics and dimensions are formatted and sent to OpenAI’s API
    • Generated insights are stored temporarily for performance optimization
    • All data transmission is encrypted using industry-standard protocols

  • 3.2 Data Retention

    • Generated reports are stored for a maximum of 30 days
    • Authentication tokens are retained until you disconnect your account
    • You can request deletion of your data at any time

4. User Consent

We require explicit consent before processing any analytics data:

  • 4.1 Consent Collection

    • Users must actively consent before connecting their Google Analytics account
    • Consent preferences are clearly displayed and can be modified
    • Integration with popular cookie consent plugins is supported

  • 4.2 User Rights

    • Right to withdraw consent at any time
    • Right to request data deletion
    • Right to disconnect Google Analytics integration

5. How We Use Your Data

Your data is used for:

  • Creating and maintaining your account
  • Authenticating with Google Analytics
  • Generating analytics insights and reports
  • Sending automated performance reports via email
  • Processing payments and managing subscriptions
  • Maintaining your account preferences
  • Improving our service functionality
  • Ensuring service security
  • Communicating important service updates

6. Security Measures

We implement several security measures to protect your data:

  • 6.1 Data Protection

    • All authentication tokens are encrypted using secure encryption methods
    • SSL/TLS encryption for all data transfers
    • Regular security audits and updates

  • 6.2 Access Controls

    • Strict validation of user access to GA4 properties
    • Regular token rotation and validation
    • Secure error logging and monitoring

7. Third-Party Services

Our plugin interacts with the following third-party services:

  • 7.1 Google Services

    • Google Analytics 4 (GA4)
    • Google Cloud Platform
    • Google OAuth 2.0

  • 7.2 OpenAI

    • GPT-4 API for insights generation
    • Data processing governed by OpenAI’s privacy policy

8. Data Sharing and Third Parties

We interact with the following third-party services:

  • Google Analytics: To access your analytics data (with your permission)
  • OpenAI: For generating AI-powered insights (using anonymized data only)
  • Brevo: For sending email reports (if enabled)
  • Razorpay: For processing payments
  • Cloud Service Providers: For hosting our infrastructure

We ensure all third-party providers comply with applicable data protection regulations and maintain appropriate security measures.

9. Data Retention

We retain your data as follows:

  • Account information: Until you delete your account or revoke access
  • Analytics reports: For 30 days after generation
  • Authentication tokens: Until expired or revoked
  • Email tracking data: For 90 days
  • Payment information: As required by financial regulations (typically 7 years)

10. Your Data Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

11. Exercising Your Rights

To exercise your data rights:

  • Use the plugin settings to manage your data preferences
  • Contact us at [email protected] for specific requests
  • Revoke Google Analytics access through your Google Account settings
  • For Indian users: Contact our Grievance Officer at [email protected]

12. Cookie Usage

We use cookies to:

  • Maintain your authentication status
  • Store your report preferences
  • Ensure secure access to your data
  • Analyze usage patterns to improve our service

You can manage cookie preferences through your browser settings.

13. International Data Transfers

Your data may be processed in different countries where our service providers operate. We ensure appropriate safeguards are in place through:

  • Standard contractual clauses
  • Data processing agreements
  • Compliance with cross-border data transfer regulations
  • Additional technical and organizational measures

14. Children’s Privacy

Our service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified through:

  • Email notifications
  • Plugin dashboard notices
  • Website announcements

16. Contact Information

For privacy-related inquiries:

  • Email: [email protected]
  • Address: 4, Premier Rabbi Apartments, 6th Cross Inner Ring Road, Srinivagilu, Bangalore 560047, Karnataka, India
  • Grievance Officer (for Indian users): Sandeep Kelvadi, [email protected]

17. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you have concerns about how we process your data.

18. Compliance with Digital Personal Data Protection Act

As a data fiduciary under India’s Digital Personal Data Protection Act, 2023, we commit to:

  • Processing your personal data only for the purposes disclosed in this Privacy Policy
  • Retaining personal data only as long as necessary for the stated purposes
  • Implementing reasonable security safeguards to prevent data breaches
  • Notifying relevant authorities and affected users in case of significant data breaches
  • Honoring your rights as a data principal, including access, correction, and erasure
  • Obtaining explicit consent before processing sensitive personal data
  • Ensuring compliance when transferring data across borders

Updates to This Policy

We may update this section of our privacy policy as we enhance the GA4 Insights Generator plugin. Users will be notified of any significant changes to how we process their data.