AnalyticsMade
HowAboutPricingFAQ
Sign inSign in

Privacy Policy for AnalyticsMade

This Privacy Policy explains how AnalyticsMade, Danilo Abreu Ott ("we", "us") processes personal data in connection with the use of the AnalyticsMade service and our website, in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law.[web:11][web:14][web:19]

1. Controller and Contact Details

Controller (Art. 4(7) GDPR):[web:19]

AnalyticsMade
Danilo Abreu Ott
Turmstraße 59
72351 Geislingen
Germany
[email protected]

2. Categories of Data, Purposes and Legal Bases

2.1. Website Visitors

When you visit our website, we may process server log data (e.g. IP address, date and time of access, browser type, operating system, referrer URL) for the purpose of ensuring technical operation, IT security and troubleshooting. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR). Data is stored only as long as necessary for these purposes and then deleted or anonymized.[web:15][web:18]

2.2. User Accounts (Customers)

When you register for the Service or use it as a customer, we process:

  • Identification and contact data (e.g. name, email address, company name).
  • Account and subscription data (e.g. plan, billing information, payment status).
  • Communication data (e.g. support requests, emails).

We process this data to perform our contract with you (Art. 6(1)(b) GDPR) and to comply with legal obligations, in particular commercial and tax retention duties (Art. 6(1)(c) GDPR). For optional features, analytics or marketing communication, we may rely on legitimate interests (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR) where required.[web:15][web:18]

2.3. User Authentication (Clerk)

We use Clerk (Clerk, Inc., USA) as our user authentication and identity management provider. When you register or sign in to the Service, Clerk processes the following data on our behalf:

  • Identification data (e.g. name, email address, profile picture).
  • Authentication data (e.g. password hashes, OAuth tokens, session information).
  • Technical data (e.g. IP address, device information, browser type).

Clerk acts as a data processor on our behalf (Art. 28 GDPR). The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR), as authentication is essential for providing the Service. Data transfers to the USA are protected by appropriate safeguards such as EU Standard Contractual Clauses. For more information, please refer to Clerk's privacy policy at https://clerk.com/legal/privacy.

2.4. Google Account and GA4 Access

When you sign in with your Google account via OAuth and connect a GA4 property, we receive:

  • OAuth tokens and related technical credentials enabling access to GA4 reporting APIs.
  • Configuration details (e.g. which GA4 property you have selected).

We use this information solely to retrieve analytics reports from GA4 and present them to you within the Service. We do not use your Google account credentials for any other purpose.[cite:1][web:12][web:18]

The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR), since the retrieval of GA4 data is essential for providing the Service.[web:15][web:18]

2.5. GA4 Analytics Data

Our Service connects to your existing GA4 property and reads aggregated analytics metrics (e.g. page views, events, conversions, traffic sources, device categories). This data is collected and stored by Google Analytics under your control and in accordance with your own GA4 configuration.[web:12][web:16][web:18]

We do not permanently store these raw analytics datasets on our servers. GA4 report data is only processed transiently for the purpose of generating dashboards within your browser session unless otherwise explicitly stated (e.g. short technical caching). We do not build independent user profiles or track visitors outside your GA4 setup.[cite:1][web:18]

You remain responsible for ensuring that your use of GA4 is lawful (e.g. implementation of consent banners, IP anonymisation, data retention settings). Please refer to your own privacy policy and GA4 configuration for details about how GA4 collects and processes personal data of your website or app users.[web:12][web:15][web:18]

2.6. Protection of Google User Data

All communication between AnalyticsMade and Google's servers is protected by industry-standard TLS encryption. Access to your Google data is strictly limited to the authenticated session of the signed-in user and is only used to display aggregated metrics in the dashboard.

We implement technical and organizational measures to protect the confidentiality and integrity of your data, including:

  • Access controls and the principle of least privilege
  • Regular security updates and vulnerability management
  • Monitoring of our infrastructure for security incidents
  • Encryption of data in transit

We do not sell your Google user data or use it for advertising, profiling, or training AI models. We do not share it with third parties except as necessary to operate our service as described in this Privacy Policy.

3. Recipients and Third-Party Services

We may share personal data with the following categories of recipients, where necessary:[web:19]

  • IT and hosting providers who support the technical operation of the Service.
  • Payment processors for handling subscription payments.
  • Professional advisors (e.g. tax advisors, lawyers) where required.
  • Public authorities where we are legally obliged to do so.

In relation to GA4 data, Google Ireland Limited (and, where applicable, Google LLC in the USA) acts as our service provider according to your GA4 settings. Data transfers outside the EU/EEA may be protected by the EU–US Data Privacy Framework or standard contractual clauses, as described in Google’s own documentation.[web:12][web:18]

4. International Data Transfers

Where we transfer personal data to recipients in countries outside the EU/EEA that do not have an adequate level of data protection, we rely on appropriate safeguards such as EU Standard Contractual Clauses or adequacy decisions, unless an exception applies (Art. 44 ff. GDPR).[web:19]

With respect to GA4, please refer to Google’s privacy policy and data processing terms for information about any international transfers performed by Google.[web:12][web:18]

5. Storage Period

We store personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by statutory retention periods (e.g. commercial and tax law).

  • Account and billing generally for the duration of the contract and for up to 10 years thereafter where required by law.
  • Support communication: for as long as needed to process the request and for a reasonable retention period.
  • Technical log generally for a short period unless a security incident or legal obligation requires longer storage.
[web:15][web:18]

6. Cookies and Tracking on Our Website

If we use cookies or similar technologies on our website (e.g. for functional purposes, security, or analytics), we will inform you in our cookie banner and, where required, request your consent in accordance with Art. 6(1)(a) GDPR and applicable ePrivacy rules. You can withdraw your consent at any time with effect for the future.[web:12][web:15][web:18]

7. Your Rights as a Data Subject

Under the GDPR, you have the following rights with respect to personal data concerning you:[web:19]

  • Right of access (Art. 15 GDPR).
  • Right to rectification (Art. 16 GDPR).
  • Right to erasure (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object to processing based on legitimate interests (Art. 21 GDPR).
  • Right to withdraw consent at any time (Art. 7(3) GDPR).

To exercise these rights, you can contact us at the contact details provided above. You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).[web:19]

8. Obligation to Provide Data

You are not legally obliged to provide personal data to us. However, if you do not provide certain data (e.g. account or billing data), we may not be able to enter into or perform the contract with you or provide specific features of the Service.[web:15][web:18]

9. Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR in connection with the Service.[web:19]

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in law, our services or internal processes. The current version is always available on our website. If changes materially affect your rights or obligations, we will inform you in an appropriate manner (e.g. via email or in-app notification).[web:18]

Last updated: February 6, 2026

ImprintTermsPrivacy

© 2026 AnalyticsMade. All rights reserved.

Nobrainer if you already use Google Analytics