← Back to TrafficGap

Privacy Policy

Last updated: 28 May 2026

What TrafficGap is

TrafficGap is a web application that connects to your Google Search Console and Google Analytics accounts to identify which pages on your site are worth improving, and how. It is operated as a personal tool and small commercial product.

What data we access

When you sign in with Google, we request the following permissions:

  • Basic profile — your name and email address, used to identify your account and track usage limits.
  • Google Search Console (read-only) — clicks, impressions, CTR, and average position for URLs on your site over the past 180 days.
  • Google Analytics (read-only) — sessions, bounce rate, and conversions per page over the past 90 days.

All Google access is read-only. We never modify, delete, or write anything to your Search Console or Analytics accounts.

How we use your data

  • Your GSC and GA4 data is fetched in real time when you click Analyze and is used only to generate your priority list. It is not stored on our servers.
  • Your email address is used to track how many page scans you have used in the current month. This count is held in server memory and resets monthly. It is not written to a database.
  • When you scan a page, the URL is sent to Jina Reader to fetch its content, and that content along with your GSC metrics is sent to Anthropic to generate the analysis. See their privacy policies for how they handle data in transit.

What we do not do

  • We do not sell your data to third parties.
  • We do not store your GSC or GA4 data after your session ends.
  • We do not use your data for advertising or tracking.
  • We do not share your data with anyone other than the third-party services listed above (Google, Jina, Anthropic), and only for the purpose of delivering the product.

Cookies and sessions

TrafficGap uses a session cookie to keep you signed in. This cookie is issued by NextAuth.js and contains an encrypted token. No third-party tracking cookies are set.

How we protect your data

  • All communication between your browser and our servers is encrypted in transit using HTTPS/TLS.
  • Your Google OAuth tokens are never written to a database. They are stored only in an encrypted, server-side session cookie (issued by NextAuth.js) for the duration of your session.
  • GSC and GA4 data retrieved from Google APIs is processed in memory and discarded after your request completes. It is never written to disk or a database.
  • Content sent to Anthropic and Jina Reader for analysis is transmitted over HTTPS. We do not retain copies of that content on our servers.

Data retention and deletion

  • GSC and GA4 data — not retained. Data fetched from Google APIs exists only for the duration of a single request and is never stored.
  • OAuth tokens — held in an encrypted session cookie and automatically expire when the session ends or the cookie reaches its maximum age (30 days). Signing out immediately invalidates the session and clears the token.
  • Email address and usage counter — your email and monthly scan count are held in server memory. This data resets at the start of each calendar month and is cleared when the server restarts. It is not written to permanent storage.
  • Requesting deletion — to request the removal of any account-associated data, email us at support@trafficgap.net. Because we store no persistent user records, deletion is typically immediate. Revoking Google access (see below) simultaneously prevents any future data from being fetched.

Revoking access

You can revoke TrafficGap's access to your Google account at any time by visiting myaccount.google.com/permissions and removing TrafficGap from the list of connected apps.

Changes to this policy

If we make material changes to how we handle your data, we will update this page and change the date at the top. Continued use of TrafficGap after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at support@trafficgap.net.