Privacy Policy · DropLens — GA4 Revenue Dashboard

DropLens is a revenue-analytics dashboard for Google Analytics 4 (GA4) e-commerce properties. This policy explains exactly what we collect, what we don't, and how to remove your data.

Plain-English summary

What you should know in one paragraph: When you sign in with Google and connect a GA4 property, we store your Google account ID and email, the GA4 property IDs you grant access to, an OAuth refresh token (so we can re-fetch reports without prompting you again), and your trial/billing state. We do not store your GA4 reports. Each time you open the dashboard, our Cloud Function fetches fresh data from Google's GA4 Data API and streams it to your browser, where it is rendered and then discarded.

Data controller

The data controller for DropLens is the operator of droplens.app. For all privacy questions, contact privacy@droplens.app.

What we collect

We collect only the minimum needed to run the service. Concretely:

Google account identity — your Google account UID, email address, display name, and profile picture URL. Provided by Firebase Authentication when you sign in with Google.
GA4 OAuth refresh token — a long-lived credential issued by Google that lets our backend re-request short-lived access tokens for the https://www.googleapis.com/auth/analytics.readonly scope. Stored encrypted in Firestore at /oauthTokens/{uid}.
GA4 property metadata — the numeric property IDs, display names, and currency codes of properties you connect. Plus a per-property membership record at /properties/{propertyId}/users/{uid} noting the date you were added.
Trial & billing state — per property, we store: trialStartedAt, trialEndsAt, trialUsed, status (one of never_trialed, trialing, trial_expired, active, inactive), and (once billing is wired) paddleCustomerId and paddleSubscriptionId. Stored at /properties/{propertyId}.
OAuth state nonces — short-lived random strings used to prevent CSRF on the OAuth callback. Stored at /oauthStates/{state} and deleted after the callback completes (typically within seconds).
Operational logs — Firebase / Google Cloud automatically log request metadata (timestamp, IP, user-agent, status code) for security and abuse prevention. We do not write our own access logs.

What we do not store

We deliberately do not persist any of the following:

No raw GA4 data. Sessions, orders, revenue, item values, funnel events, channel breakdowns, category breakdowns — none of it is written to our database. It is fetched on demand, sent to your browser, and discarded server-side once the response is returned.
No behavioural data about your customers. We never see individual user IDs, IP addresses, or events from your GA4 property — only aggregated metrics, which Google delivers in aggregated form by design.
No long-term access tokens. Short-lived GA4 access tokens are kept in memory only for the duration of an API call.
No analytics on you. We do not use Google Analytics on DropLens itself. We use Umami (cookieless, no consent banner) for aggregate page-view and product-usage counts — see Cookies & tracking.

GA4 scope & data flow

When you click "Connect Google Analytics", Google asks you to grant DropLens the analytics.readonly scope. This is a sensitive scope: it allows reading every GA4 property your Google account has access to. Google requires us to disclose, in clear terms, exactly how we use it.

Here is the full data flow:

You sign in with Google and grant the analytics.readonly scope.
Google returns an OAuth refresh token to our Cloud Function. We store it encrypted in Firestore.
You select a property from the dropdown. Our Cloud Function uses the refresh token to mint a short-lived access token and calls the GA4 Data API on your behalf.
The Cloud Function returns the report JSON directly to your browser. We do not persist the report.
Your browser computes KPIs, funnel rates, waterfalls, and renders charts entirely client-side.

We use the analytics.readonly scope for one and only one purpose: to produce the revenue dashboard you signed up for. We do not use it for advertising, profiling, training AI models, sharing with third parties, or any purpose unrelated to displaying your own data back to you. This complies with the Google API Services User Data Policy, including the Limited Use requirements.

Why we use the data we collect

Account identity — to authenticate you and associate property memberships with your account.
OAuth refresh token — to fetch GA4 reports on your behalf without prompting you to re-authorize on every visit.
Property metadata & memberships — to show you the list of properties you can open, and to enforce per-property access control.
Trial & billing state — to enforce the 7-day free trial and, after that, to gate access to paid subscribers.

Legal basis (GDPR)

For users in the EU/EEA/UK, our legal bases under the GDPR are:

Contract performance (Art. 6(1)(b)) — for account identity, OAuth tokens, property memberships, and billing state, all of which are required to provide the service you signed up for.
Legitimate interests (Art. 6(1)(f)) — for operational logs and abuse prevention. You can object at any time at privacy@droplens.app.

Retention

OAuth refresh tokens — kept until you revoke access (Google account permissions page) or delete your account. Tokens that Google has already invalidated are purged on next use.
Account & property records — kept while your account is active. Deleted within 30 days of an account-deletion request.
Billing records — retained for the period required by applicable tax law (typically 7 years in the EU), even after account deletion, in anonymized form where possible.
OAuth state nonces — deleted within seconds of the OAuth callback; in any case auto-expired within 10 minutes.
Operational logs — retained by Google Cloud per its default log-retention policy (30 days for most logs).

Third parties & subprocessors

DropLens relies on the following processors. Each is bound by its own privacy and security commitments.

Google LLC — Firebase Authentication, Firestore, Cloud Functions, Firebase Hosting, GA4 Data API. Data is processed in the europe-west1 region. See Firebase Privacy and the Google Privacy Policy.
Paddle.com Market Ltd (when billing is enabled) — Merchant of Record for subscriptions. Paddle collects payment details directly; we never see your card number. See the Paddle Privacy Policy.
Umami Software, Inc. — Umami Cloud, cookieless page-view and product-usage analytics. We send only the page URL, referrer, and aggregated event names (e.g. "drivers_modal_open") with non-identifying labels (channel/device/tab). No personal identifiers, no GA4 data, no property names are sent. See the Umami Privacy Policy.

We do not sell personal data. We do not share data with advertisers. We do not use your data to train machine-learning models.

Cookies & tracking

DropLens uses only strictly necessary storage:

Firebase Authentication keeps a session cookie / IndexedDB record so you stay signed in.
The dashboard caches your selected property and date range in localStorage so the app remembers your last view.

We do not use advertising or cross-site tracking cookies. Our Umami analytics are cookieless (no localStorage either) and do not require a consent banner under ePrivacy. Umami collects only page URL, referrer, browser, OS, country, and aggregated event names — it never sets a unique identifier on your device.

Your rights

Under the GDPR and similar regimes (UK GDPR, CCPA), you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data ("right to be forgotten"), subject to legal retention requirements for billing.
Restrict or object to processing.
Receive a portable copy of your data.
Lodge a complaint with your local data protection authority.

To exercise any of these, email privacy@droplens.app. We respond within 30 days.

Revoking access & deleting your data

You can revoke our access to your Google Analytics at any time:

Open the Google Account permissions page.
Find "DropLens" in the list of third-party apps.
Click "Remove access".

This invalidates our refresh token immediately — we lose the ability to call GA4 on your behalf. To also delete your account record and all property memberships from our database, email privacy@droplens.app with the subject "Delete my account". We confirm completion within 30 days.

Security

OAuth refresh tokens are stored in Firestore with security rules that deny all client-side reads and writes — only our server-side Cloud Functions (running under the Admin SDK) can access them. Billing fields are similarly server-only. All traffic is HTTPS. We follow the principle of least privilege for service accounts and rotate keys periodically.

Children

DropLens is a B2B tool and is not directed at children under 16. We do not knowingly collect data from minors.

Changes to this policy

We will post any material changes to this page and update the "Last updated" date at the top. For significant changes, we will also email account holders.

Contact

Privacy questions, data requests, or security disclosures: privacy@droplens.app.