Sweet Spot Analytics orbital mark
SSA glowing text
Sweet Spot wordmarkANALYTICS

Privacy

Your data, on your terms

Last updated: November 10, 2025. Sweet Spot Analytics is an AI assistant for GA4 and Search Console. We only collect the inputs needed to answer your questions.

Account & identity

Name, and email. We do not request optional profile scopes.

GA4 + GSC credentials

Encrypted OAuth tokens for the read only access to GA4 and Search Console properties you connect. No other connectors are available today.

Conversation content

Prompts and replies so you can review past answers. We never use customer prompts, metrics, or credentials to train proprietary or third-party AI models.

Operational telemetry

IP address, device/browser info, and high-level feature usage captured via Google Analytics for fraud prevention and verification audits.

How we use information

  • Authenticate you, run conversations, and fetch metrics you request from GA4 or Search Console.
  • Secure the platform with audit logs, anomaly monitoring, and access controls.
  • Send essential notices such as approval decisions, security alerts, or billing confirmations.

Limited retention & no AI training

  • OAuth tokens remains in encrypted form using AES-256-GCM. Disconnecting removes tokens completely.
  • Chat transcripts persist for the life of your workspace so you can audit past answers. Deleting a chat removes it immediately.
  • We never use customer prompts, metrics, or credentials to train proprietary or third-party AI models.

Subprocessors & integrations

We only support Google Analytics 4 and Google Search Console connections today. When future platforms are added, this list will be updated before data is processed.

Supabase

Stores encrypted credentials, user profiles, and chat history with row-level security.

OpenAI

Process prompts with GPT-5 series models.

Google APIs

Return GA4 + Search Console data via scopes you explicitly approve.

Cookies & telemetry

  • Essential cookies keep you signed in, remember consent choices, and secure your session.
  • Google Analytics 4 provides aggregate product telemetry.
  • We do not run marketing pixels or third-party advertising trackers inside the Sweet Spot Analytics app.

How we share Google data

  • Supabase acts as our database vendor, so encrypted OAuth tokens, workspace metadata, and chat history are stored there solely to provide the service you request.
  • OpenAI receives only the prompt content required to generate an answer. OAuth tokens and GA4/GSC export data are never shared with OpenAI.
  • Google APIs receive the requests we make on your behalf and return the GA4 or Search Console metrics you have approved. We do not forward those metrics to any other analytics or advertising platforms.
  • We will only disclose Google user data outside of these processors if you ask us to (for example, by exporting a report), or if we are required to respond to a valid legal request or to investigate security issues. We never sell Google user data.

Security & compliance

  • Supabase row-level security isolates each workspace; secrets are encrypted with AES-256-GCM at rest.
  • OAuth tokens are encrypted before storage, scoped to the GA4 or GSC properties you approve, and rotated per Google requirements.
  • Audit logs and anomaly monitoring alert our on-call team to suspicious activity; access is just-in-time and reviewed quarterly.

Your controls & rights

  • Manage or revoke Google connections directly inside the chat settings.
  • Delete conversations directly inside the chat interface.
  • Export or request deletion of workspace data by emailing support@sweetspotanalytics.com.

Need something else, or exercising CCPA/GDPR rights? Email support@sweetspotanalytics.com and we reply within two business days. We will notify you here before any material change to this policy.