This Privacy Policy describes how Dash4Me ("we", "us", the "Service"), operated by Ievgenii Kobzar (sonar4ik), collects, uses, and protects information when you use dash4me.com and next.dash4me.com. By using the Service, you agree to the practices described below.
1. Data we collect
- Account data: email address, name, and profile picture (when you sign in with Google).
- Google Search Console / Analytics data: read-only access to sites, queries, pages, clicks, impressions, CTR, position, and Google Analytics 4 metrics — only for properties you explicitly authorize.
- OAuth tokens: Google access and refresh tokens, stored encrypted. Used exclusively to fetch data you request. Never shared.
- Bing Webmaster Tools API keys: if you enter them, stored encrypted and used only to call Bing APIs on your behalf.
- Usage logs: technical logs (IP, user agent, request path, timestamp) retained for up to 30 days for debugging and abuse prevention.
- Cookies: session cookie for authentication (NextAuth). No third-party tracking or advertising cookies.
2. How we use your data
- To render your dashboard, charts, and reports.
- To send magic-link sign-in emails and transactional notifications (e.g. shared-access invitations).
- To operate, secure, and improve the Service.
- We do not sell your data. We do not use GSC, GA4, or Bing data for advertising.
3. Google API Services User Data Policy
Dash4Me's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only request the minimum scopes needed (Search Console readonly, Analytics readonly, Indexing, Site Verification).
- We do not use Google user data for advertising.
- We do not allow humans to read your Google data, unless you grant explicit permission, or we need to do so for security, legal, or abuse-prevention reasons.
- You can revoke access at any time in your Google account permissions.
4. Data sharing
We share data only with: (a) infrastructure providers required to run the Service (hosting, email delivery); (b) organization members you explicitly invite to share access with. We never sell data or share it with advertisers.
5. Data retention & deletion
- Account & OAuth tokens: kept while your account is active.
- Logs: up to 30 days.
- You can delete your account at any time — all personal data, tokens, and cached GSC data are erased within 7 days.
- Email deletion requests to [email protected].
6. Your rights (GDPR)
If you are in the EU/EEA or UK, you have the right to access, correct, export, or delete your personal data, and to restrict or object to its processing. Contact us at [email protected].
7. Security
Data is transmitted over TLS. OAuth tokens and API keys are encrypted at rest. The database is protected with access controls. No system is 100% secure — if we become aware of a breach that affects you, we will notify you.
8. Children
The Service is not intended for users under 16. We do not knowingly collect data from children.
9. Changes
We may update this Policy. The "Last updated" date reflects the latest revision. Material changes will be announced in-app or by email.