Privacy Policy

Last Updated: March 27, 2026

Privacy Policy for GA4 AI Insights Tool

1. Introduction

This Privacy Policy explains how the GA4 Insights Generator service (“we”, “us”, “our”), owned and operated by Dreamnotion Innovations LLP, collects, uses, and protects your data when you use our analytics reporting service. We are committed to ensuring your privacy and protecting your personal data in compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 of India.

2. Data Collection and Processing

Our website uses the GA4 Insights Generator plugin which processes Google Analytics 4 (GA4) data to provide analytics insights. When you connect your Google Analytics account through our plugin:

  • 2.1 Authentication Data

    • We collect and store authentication tokens securely to maintain your Google Analytics connection
    • These tokens are encrypted and stored in our WordPress database
    • No raw Google Analytics credentials are ever stored

  • 2.2 Analytics Data Processing

    • We access your GA4 data through Google’s official Analytics Data API
    • We only request read-only access to your analytics data
    • The plugin uses the following API scopes:
      • analytics.readonly (for accessing GA4 data)
      • userinfo.email (for account identification)
      • userinfo.profile (for basic profile information)

  • 2.3 Data Usage

    • Analytics data is processed solely for generating insights and reports
    • We do not:
      • Store raw analytics data permanently
      • Use your data to train AI models
      • Share your analytics data with third parties
      • Use Google Workspace APIs to develop, improve, or train generalized AI/ML models

3. AI-Powered Insights Generation

The plugin uses OpenAI’s API to generate insights from your analytics data:

  • 3.1 Data Processing for AI Insights

    • Analytics metrics and dimensions are formatted and sent to OpenAI’s API
    • Generated insights are stored temporarily for performance optimization
    • All data transmission is encrypted using industry-standard protocols

  • 3.2 Data Retention

    • Generated reports are stored for a maximum of 30 days
    • Authentication tokens are retained until you disconnect your account
    • You can request deletion of your data at any time

4. User Consent

We require explicit consent before processing any analytics data:

  • 4.1 Consent Collection

    • Users must actively consent before connecting their Google Analytics account
    • Consent preferences are clearly displayed and can be modified
    • Integration with popular cookie consent plugins is supported

  • 4.2 User Rights

    • Right to withdraw consent at any time
    • Right to request data deletion
    • Right to disconnect Google Analytics integration

5. How We Use Your Data

Your data is used for:

  • Creating and maintaining your account
  • Authenticating with Google Analytics
  • Generating analytics insights and reports
  • Sending automated performance reports via email
  • Processing payments and managing subscriptions
  • Maintaining your account preferences
  • Improving our service functionality
  • Ensuring service security
  • Communicating important service updates

6. Security Measures

We implement several security measures to protect your data:

  • 6.1 Data Protection

    • All authentication tokens are encrypted using secure encryption methods
    • SSL/TLS encryption for all data transfers
    • Regular security audits and updates

  • 6.2 Access Controls

    • Strict validation of user access to GA4 properties
    • Regular token rotation and validation
    • Secure error logging and monitoring

7. Third-Party Services

Our plugin interacts with the following third-party services:

  • 7.1 Google Services

    • Google Analytics 4 (GA4)
    • Google Cloud Platform
    • Google OAuth 2.0

  • 7.2 OpenAI

    • GPT-4 API for insights generation
    • Data processing governed by OpenAI’s privacy policy

8. Data Sharing and Third Parties

We interact with the following third-party services:

  • Google Analytics: To access your analytics data (with your permission)
  • OpenAI: For generating AI-powered insights (using anonymized data only)
  • Brevo: For sending email reports (if enabled)
  • Razorpay: For processing payments
  • Cloud Service Providers: For hosting our infrastructure

We ensure all third-party providers comply with applicable data protection regulations and maintain appropriate security measures.

9. Data Retention

We retain your data as follows:

  • Account information: Until you delete your account or revoke access
  • Analytics reports: For 30 days after generation
  • Authentication tokens: Until expired or revoked
  • Email tracking data: For 90 days
  • Payment information: As required by financial regulations (typically 7 years)

10. Your Data Rights

Under applicable data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Restrict or object to processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

11. Exercising Your Rights

To exercise your data rights:

12. Cookie Usage

We use cookies to:

  • Maintain your authentication status
  • Store your report preferences
  • Ensure secure access to your data
  • Analyze usage patterns to improve our service

You can manage cookie preferences through your browser settings.

13. International Data Transfers

Your data may be processed in different countries where our service providers operate. We ensure appropriate safeguards are in place through:

  • Standard contractual clauses
  • Data processing agreements
  • Compliance with cross-border data transfer regulations
  • Additional technical and organizational measures

14. Children’s Privacy

Our service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified through:

  • Email notifications
  • Plugin dashboard notices
  • Website announcements

16. Contact Information

For privacy-related inquiries:

17. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you have concerns about how we process your data.

18. Compliance with Digital Personal Data Protection Act

As a data fiduciary under India’s Digital Personal Data Protection Act, 2023, we commit to:

  • Processing your personal data only for the purposes disclosed in this Privacy Policy
  • Retaining personal data only as long as necessary for the stated purposes
  • Implementing reasonable security safeguards to prevent data breaches
  • Notifying relevant authorities and affected users in case of significant data breaches
  • Honoring your rights as a data principal, including access, correction, and erasure
  • Obtaining explicit consent before processing sensitive personal data
  • Ensuring compliance when transferring data across borders

Updates to This Policy

We may update this section of our privacy policy as we enhance the GA4 Insights Generator plugin. Users will be notified of any significant changes to how we process their data.

tm tagger — Privacy Policy

Effective date: 25 March 2026

tm tagger is a Chrome extension built by Thrivemattic. This policy explains what data the extension accesses, how it is used, and how it is stored.

What Data We Access

  • Active tab URL — When you open the extension popup, we read the URL of your current tab to auto-detect the platform (e.g., LinkedIn, Reddit). We only read the hostname; we do not access page content, cookies, or browsing history.
  • Clipboard — When you click “Copy to Clipboard,” the generated UTM URL is written to your clipboard. We never read from your clipboard.

What Data We Store

All data is stored locally on your device using chrome.storage.local. Nothing is sent to any server. Stored data includes:

  • URL library — A list of destination page URLs you configure, organized by site and category.
  • Campaign presets — Saved UTM campaign configurations you create.
  • Generation history — A log of UTM URLs you have generated (up to 500 entries), stored locally for your reference.
  • Favorites — URLs you have starred for quick access.
  • Custom detection rules — Any custom platform detection rules you create.

Network Requests

The extension makes HTTP HEAD requests only to domains you explicitly grant access to, in order to validate that destination URLs are reachable and detect redirects that may strip UTM parameters. You are prompted before any domain is accessed for the first time.

No data is sent to any analytics service, tracking pixel, or third-party server. The only external request is google.com/s2/favicons to display site favicons for unrecognized platforms in the detection banner.

Data Sharing

We do not collect, transmit, or share any user data with any third party. All data stays on your device.

Permissions Explained

  • activeTab — Read the current tab’s URL when the popup is opened, for platform detection.
  • storage — Store URL library, presets, history, and settings locally on your device.
  • clipboardWrite — Copy generated UTM URLs to your clipboard when you click the copy button.
  • contextMenus — Add a right-click menu item to pre-fill the UTM builder with the current page URL.
  • optional_host_permissions — When you choose to validate a URL, the extension requests access to that domain to make an HTTP HEAD request. You are prompted before any new domain is accessed. Permission is only requested for domains in your URL library.

Changes to This Policy

If we update this policy, we will update the effective date above. Continued use of the extension after changes constitutes acceptance.

Contact

For questions about this privacy policy, contact hello@thrivemattic.com.