Privacy Policy

1. Introduction

This Privacy Policy explains how TagAssistant.ai ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our service. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR and CCPA.

TagAssistant.ai is operated by Holosun ApS. By using our Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account with TagAssistant.ai using Firebase Authentication, we collect:

• Email address
• User ID (generated by Firebase)
• Authentication provider information (Google, email/password)
• Account creation date

2.2 Google Analytics Data (via OAuth2)

When you connect your Google Analytics account via OAuth2, we access and store:

• GA4 Property Information: Property ID, Property name, Measurement ID (G-XXXXXXX)
• Account Information: Account ID and account name from GA4 Admin API
• Analytics Data: Pageview metrics, user counts, traffic sources (for display in overview cards)
• Property Settings: Data retention settings, data streams, measurement configuration

2.3 OAuth2 Scopes We Request

We request the following OAuth2 scopes from Google:

• https://www.googleapis.com/auth/analytics.readonly - Read your Google Analytics data
• https://www.googleapis.com/auth/analytics.edit - View and manage GA4 Admin API access for property information

Why we need these permissions: These scopes allow us to analyze your Google Analytics configuration, display property metrics, and provide AI-powered recommendations for tag management. We do not modify your Analytics data or settings without your explicit action through our interface.

2.4 Website Scan Data

When you scan a website using TagAssistant.ai, we collect and store:

• Domain name
• Website type (e-commerce, blog, corporate, etc.)
• Detected tracking scripts (Google Analytics, GTM, Facebook Pixel, etc.)
• Tracking IDs and configuration details
• Consent management platform detection results
• Page structure and HTML metadata
• Screenshots of scanned pages (stored in Google Cloud Storage)

2.5 Usage Information

We automatically collect:

• IP address (for security and rate limiting)
• Browser type and version
• Device information
• Pages visited and features used
• API requests and response times
• Error logs and debugging information

2.6 Cookies and Local Storage

We use the following types of cookies and browser storage:

• Authentication Cookies: Firebase session tokens for maintaining your login
• Functional Cookies: User preferences and interface settings
• Analytics Cookies: Google Analytics for understanding service usage (optional, can be disabled)

3. How We Use Your Information

We use the collected information for:

3.1 Service Provision

• Scanning and analyzing your websites for tracking configuration
• Displaying Google Analytics data and metrics
• Generating AI-powered recommendations for tag management
• Creating and managing conversation timelines with AI assistant "Tessa"
• Providing API access for programmatic interaction

3.2 Service Improvement

• Analyzing usage patterns to improve features
• Training and refining AI models for better recommendations
• Debugging errors and optimizing performance
• Understanding which features are most valuable to users

3.3 Communication

• Sending service-related notifications (scan completion, errors)
• Responding to support inquiries
• Announcing important product updates (with opt-out option)

3.4 Security and Compliance

• Preventing fraud and unauthorized access
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting against security threats

4. How We Store Your Information

4.1 Storage Infrastructure

Your data is stored using Google Cloud Platform services:

• Firebase/Firestore: User accounts, scan results, conversation chapters, domain metadata
• Google Cloud Storage: Screenshots and exported reports
• Google Secret Manager: OAuth2 credentials and API keys (encrypted)

All data is encrypted at rest using Google Cloud's default encryption. Data in transit is encrypted using TLS 1.3.

4.2 Data Retention

• Active Account Data: Retained while your account is active
• Scan Results: Retained for 90 days after creation (or until account deletion)
• OAuth2 Tokens: Stored securely until you revoke access
• Deleted Accounts: All data permanently deleted within 30 days of account deletion
• Backups: May persist in encrypted backups for up to 30 days for disaster recovery

4.3 Geographic Location

Data is primarily stored in Google Cloud regions in the United States and Europe. OAuth2 tokens and scan results may be processed in multiple regions for performance optimization.

5. How We Share Your Information

5.1 Third-Party Services

We use the following third-party services that may access your data:

• Google Cloud Platform: Infrastructure hosting and data storage
• Firebase: Authentication and real-time database
• Google APIs: OAuth2 authentication and Analytics data access
• Google Gemini: AI-powered analysis and recommendations

5.2 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your Google Analytics data is accessed solely to provide you with our service.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our rights, property, or safety.

6. Your Rights and Choices

6.1 Access Your Data

You can view most of your data directly in the TagAssistant.ai interface. For a complete data export, contact us at hello@tagassistant.ai.

6.2 Revoke OAuth2 Access

You can revoke Google Analytics access at any time:

• Through the TagAssistant.ai interface (GA connection settings)
• Through your Google Account permissions at https://myaccount.google.com/permissions

Revoking access will stop us from accessing your Google Analytics data but will not delete previously collected scan results. To delete scan results, see section 6.4.

6.3 Update Your Information

You can update your email address and account settings through the Firebase authentication interface in your account settings.

6.4 Delete Your Data

You have the right to request deletion of your data:

• Contact hello@tagassistant.ai to request account and data deletion
• We will delete all your data within 30 days of verification
• Some data may persist in encrypted backups for up to 30 additional days
• We may retain aggregated, anonymized data for analytics purposes

6.5 Opt-Out of Marketing

You can opt out of marketing emails by clicking the unsubscribe link in any email. You will still receive essential service notifications.

6.6 Do Not Track

We honor browser Do Not Track (DNT) signals for optional analytics cookies but may still collect essential operational data necessary for service functionality.

7. Security Measures

We implement security measures including:

• Encryption at rest and in transit (TLS 1.3)
• OAuth2 token encryption using Google Secret Manager
• Firebase security rules restricting data access
• Cloud Run IAM authentication for API access
• Regular security audits and vulnerability scanning
• Rate limiting to prevent abuse
• Access logging and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our security practices.

8. Children's Privacy

TagAssistant.ai is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at hello@tagassistant.ai.

9. International Data Transfers

If you access TagAssistant.ai from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to this transfer. We comply with applicable data protection laws regarding international transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email notification for material changes
• Displaying a notice in the application interface

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at hello@tagassistant.ai. You also have the right to lodge a complaint with your local data protection authority.

12. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data we collect, use, and share
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of sale of personal data (we do not sell personal data)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

To exercise these rights, contact us at hello@tagassistant.ai.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: