Google API Data Use Disclosure

How Finsyght Uses Google Data

Effective date: May 29, 2026

This page explains exactly what Google data Finsyght accesses, why, and how it is protected — in compliance with the Google API Services User Data Policy.

Limited Use Compliance Statement

Finsyght's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google data only to provide and improve Finsyght features that are visible to you.
We do not use Google data to serve advertising to you.
We do not allow humans to read your Google data unless you have given us explicit permission or it is necessary for security purposes.
We do not use or transfer Google data for any purpose that you haven't consented to.
We do not sell Google data.
We do not transfer Google data to third parties except as necessary to provide the Service, and subject to confidentiality obligations.

Google Permissions We Request

When you connect a Google account to Finsyght, we will request one or more of the following permissions (OAuth scopes), depending on which integration you choose:

Google Ads — https://www.googleapis.com/auth/adwords

What this permission allows:

Read and manage Google Ads campaigns. Finsyght uses this scope in read-only mode exclusively.

What Finsyght reads:

Campaign names, statuses, and types
Aggregated metrics: impressions, clicks, CTR, conversions, conversion value, cost, average CPC, ROAS
Your Google Ads Customer ID(s) — to identify which account to display

What Finsyght does NOT do:

We never create, edit, pause, resume, or delete campaigns, ad groups, ads, keywords, or budgets
We never access your audience lists, remarketing lists, or individual user data from your ads
We never access your billing information or payment methods
We never make bidding changes or optimization adjustments

Read-only: The Google Ads API currently provides a single scope that covers both read and write access. Finsyght uses this scope for read operations only. No write API calls are made to your Google Ads account.

Google Analytics — https://www.googleapis.com/auth/analytics.readonly

What this permission allows:

Read-only access to your Google Analytics (GA4) data.

What Finsyght reads:

Sessions, users, pageviews, bounce rate
Goal completions and conversion events
Traffic source breakdowns (aggregated)
Your GA4 Property IDs — to identify which property to display

What Finsyght does NOT do:

We do not access individual user sessions, personally identifiable visitor data, or raw event logs
We do not modify GA4 properties, goals, or configuration

Google Sign-In (user login) — openid, profile, email

What this permission allows:

Authenticate you with your Google account instead of creating a password.

What Finsyght reads:

Your name and email address — used to create or identify your Finsyght account
Your Google User ID — used as an identifier; not shared with anyone

How We Store and Use Your Google Tokens

Access Tokens

Short-lived tokens (typically 1 hour) used to make API calls on your behalf. Stored encrypted (AES-256) in our database. Used only to fetch your ad metrics.

Refresh Tokens

Long-lived tokens used to automatically obtain new access tokens. Stored encrypted (AES-256). Used only to re-fetch your dashboard data without requiring you to re-authorize each time.

Token security: Tokens are never logged, never included in error messages, and never transmitted to any third party. They are decrypted in memory only at the moment of an API call and immediately discarded.

How Long We Keep Google Data

Data Type	Retention Period	Deletion Trigger
Google Ads metrics (impressions, clicks, spend, etc.)	24 months from sync date	Automatic after 24 months, or upon account/integration deletion
Google Analytics metrics	24 months from sync date	Automatic after 24 months, or upon account/integration deletion
OAuth access token	Until expiry (~1 hour)	Auto-deleted on expiry or disconnection
OAuth refresh token	Until revocation	Deleted within 48 hours of disconnecting Google or deleting account
Google login name & email	Duration of account	Deleted within 30 days of account deletion

How to Revoke Finsyght's Access to Your Google Data

You can revoke Finsyght's access to your Google account at any time using any of these methods:

Option 1 — From Finsyght Settings (recommended)

Go to Settings → Data Sources, find the Google Ads or Google Analytics connection, and click "Disconnect." This removes the tokens from our system immediately and stops all data syncing.

Option 2 — From your Google Account

Visit Google Account Permissions , find "Finsyght," and click "Remove Access." This revokes the tokens at Google's end; Finsyght will detect the revocation on the next sync and mark the connection as inactive.

Option 3 — Delete your Finsyght account

Visit our Data Deletion page or email privacy@finsyght.app. We will delete all your data including OAuth tokens within 30 days.

What We Don't Do With Your Google Data

✗Sell your Google data to anyone

✗Use your Google data to serve you ads

✗Train AI models on your Google data without consent

✗Share your data with data brokers

✗Allow employees to view your Google data (except for security investigations with your permission)

✗Use Google data for any purpose unrelated to displaying your Finsyght dashboard

✗Make any changes to your Google Ads campaigns

✗Access Google services beyond the listed scopes

Questions About This Disclosure?

If you have questions about how Finsyght accesses or uses your Google data, contact us:

Email: privacy@finsyght.app

Data Deletion: finsyght.app/data-deletion