Get Extension
Legal

Privacy Policy for Advanced GSC MCP Server

Last Updated: May 4, 2026

Your data is yours. The Advanced GSC MCP Server accesses your Google Search Console and, for Pro and Agency plans, your Google Analytics 4 data on your behalf to power AI queries. We store only what is necessary to run the service and never sell or share your data with third parties.

1. What This Service Does

The Advanced GSC MCP Server is a hosted server that connects your Google Search Console account — and, for Pro and Agency plan subscribers, your Google Analytics 4 account — to AI tools such as Claude and Cursor. When you send a query through your AI tool, the server fetches the relevant data from Google on your behalf and returns it to the AI. No GSC or GA4 data is stored permanently on our servers.

2. Information We Collect

2.1 Account Information

When you create an account, we collect and store:

  • Your name and email address (provided via Google sign-in or manual registration)
  • Your Google account identifier (used to associate your GSC and GA4 access)
  • Your profile photo if provided through Google sign-in
  • Your selected GSC properties (the sites you choose to activate)
  • Your selected GA4 properties (Pro and Agency plans only)
  • Your subscription plan and billing status
  • Your account creation date

2.2 Google Search Console Data

We access the following GSC data in real time when you or your AI tool makes a request:

  • Search performance data (queries, clicks, impressions, CTR, position)
  • URL inspection results and indexing status
  • Sitemap information
  • Crawl error reports
  • Site properties you have access to in your Google account

This data is fetched live and returned to your AI tool. It is not stored in our systems beyond the duration of the request.

2.3 Google Analytics 4 Data (Pro and Agency Plans)

For Pro and Agency plan subscribers who have granted Analytics access, we access the following GA4 data in real time when your AI tool makes a request:

  • Sessions, users, page views, and engagement metrics
  • Traffic source and channel breakdown
  • Landing page performance
  • Conversion and goal data
  • Device, geography, and audience breakdowns
  • Realtime reporting data
  • GA4 account and property listings (to let you select which properties the AI may access)

This data is fetched live on demand and returned only to you via your AI tool. It is not stored in our systems beyond the duration of the request and is never used for any purpose other than fulfilling your query.

2.4 OAuth Tokens

To access Google Search Console and Google Analytics 4 on your behalf without requiring you to re-authenticate on every request, we store your OAuth refresh token in encrypted server-side storage. These tokens are:

  • Encrypted at rest using industry-standard encryption
  • Never shared with third parties
  • Used solely to authenticate requests to the Google Search Console API and Google Analytics Data API
  • Deleted when you disconnect your account or delete your account

2.5 Support Communications

If you submit a support ticket or contact us, we store the content of your message and our reply so we can follow up and maintain a record of the conversation.

2.6 In-App AI Support Chat History

When you use the in-app AI support assistant in your dashboard, we retain your messages and the assistant's replies on our servers for up to 90 days for quality review and product improvement (for example, to identify confusing answers, improve our system prompts, and detect abuse). After 90 days these messages are automatically deleted. We log support-chat history only for users who have connected their Google account; if you have not yet connected, your pricing-stage questions are not retained beyond the OpenAI request itself. If you delete your account, all of your support-chat history is deleted with it. To request earlier deletion of your support-chat history, contact us via our contact page.

3. How We Use Your Information

We use the information we collect solely to:

  • Authenticate you and maintain your account
  • Fetch Google Search Console data on your behalf when your AI tool makes a request
  • Fetch Google Analytics 4 data on your behalf when your AI tool makes a request (Pro and Agency plans)
  • Enforce your plan limits (number of active properties)
  • Process and manage your subscription payments
  • Respond to support requests
  • Send service-related communications (account, billing, downtime notices)
  • Send product updates and learning content, if you opted in at sign-up

We do not use your data for advertising, profiling, or any purpose beyond running this service.

4. Third-Party Services

4.1 Google APIs

This service uses the Google Search Console API, the Google Analytics Data API, the Google Analytics Admin API, and Google OAuth 2.0. When you sign in with Google or grant access, your interaction with Google is governed by Google's Privacy Policy. We request only the permissions necessary to read your Search Console and Analytics data. We do not request write access and cannot modify your Search Console or Analytics settings or data.

4.2 Stripe

Subscription payments are processed by Stripe. When you subscribe, you are entering payment information directly with Stripe. We do not store your card number, CVV, or any payment credentials. We only store your Stripe customer ID and subscription status. Stripe's use of your data is governed by Stripe's Privacy Policy.

4.3 Infrastructure

This service is hosted on third-party cloud infrastructure. All data is stored within secure, access-controlled environments. We do not run third-party analytics, session-replay, or advertising trackers on the parts of the service that handle your customer data — your Google Search Console data, your Google Analytics 4 data, your OAuth tokens, your API key, your support tickets, or anything else inside your dashboard once you are a paying subscriber. The marketing pages where you decide whether to sign up — described in sections 4.5 and 4.6 below — do use standard product analytics, in line with normal practice for SaaS websites.

4.4 OpenAI (In-App AI Assistants)

This service uses OpenAI's API to power two in-app AI features: (1) the support assistant in your dashboard, and (2) the article chat assistant available on some blog articles. When you interact with these features, the following is transmitted to OpenAI:

  • The text of your message
  • For the support assistant: your current plan tier (Starter, Pro, Agency, Custom, or none), whether you have GSC and GA4 connected, and the number of properties you have selected versus your plan's property limit
  • For the article chat assistant: the public text of the article you are reading

The following is not sent to OpenAI: your Google Search Console or Google Analytics data, your OAuth tokens, your API key, your email address, your name, your payment information, or any search/analytics queries returned to your AI tool. Per OpenAI's API data usage policy, content submitted through the OpenAI API is not used to train OpenAI's models. OpenAI's use of this data is governed by OpenAI's Privacy Policy.

Your support-chat messages and the assistant's replies are also stored on our own servers for up to 90 days for quality review and product improvement, then automatically deleted — see §2.6 for details.

If you prefer not to use the in-app support assistant, you can contact us via our contact page instead.

4.5 Google Analytics 4 (Marketing Website Only)

Our public marketing pages — including the homepage, the /mcp landing page, blog articles, the contact page, the privacy and terms pages, and the signup and login pages — use Google Analytics 4 (GA4) to understand aggregate visitor traffic such as page views, sessions, traffic sources, country, and device type. GA4 is industry-standard analytics found on the majority of SaaS websites.

What GA4 cannot see on this service:

  • Your Google Search Console data
  • Your Google Analytics 4 data fetched on your behalf via the service
  • Your OAuth tokens, API key, support tickets, or anything else inside your customer dashboard once you are a paying subscriber
  • Your password (we do not store passwords; authentication is via Google OAuth)

Cookies set: standard Google Analytics cookies including _ga and _gid. Google's use of this data is governed by Google's Privacy Policy. To opt out of GA4 across all websites, you can install Google's official Analytics opt-out browser add-on, enable Do Not Track in your browser, or use any standard tracker-blocking extension.

4.6 Microsoft Clarity (Marketing Website and Pre-purchase Funnel Only)

Our public marketing pages and the pre-purchase portion of the dashboard (the plan-picker page shown to authenticated users who have not yet subscribed) use Microsoft Clarity to capture aggregate behavioral analytics — heatmaps showing where visitors click and scroll, and session recordings of how the page is used. We use this data solely to identify usability issues on the signup funnel — for example, sections of the landing page that are confusing, buttons that are hard to find, or steps where new visitors get stuck — so we can fix them.

Important scope and limits:

  • Clarity does not run on the dashboard for paying subscribers. The moment your subscription becomes active, Clarity stops loading on your dashboard. It never records your Search Console data, your Analytics 4 data, your API key, your support ticket conversations, or any view of your customer data.
  • Clarity does not run on admin or internal pages at any time.
  • Clarity automatically masks the contents of form fields (<input> and <textarea> elements), so anything you type into a contact form, signup form, or pre-sale question form is not captured in the recording.

Cookies set: _clck and _clsk. Microsoft's use of this data is governed by Microsoft's Privacy Statement. Clarity respects the Do Not Track browser setting; enabling DNT in your browser will prevent Clarity from recording your session. You can also use any standard tracker-blocking browser extension such as uBlock Origin or Privacy Badger to block Clarity entirely.

5. Data Retention

  • Your account data is retained for as long as your account is active
  • OAuth tokens are deleted when you disconnect your Google account or delete your account
  • GSC and GA4 query results are not stored; they are fetched live per request
  • Support ticket content is retained to maintain conversation history and improve the service
  • In-app AI support chat messages are retained for up to 90 days, then automatically deleted (see §2.6)
  • If you cancel your subscription, your account data is retained for 30 days before deletion, unless you request immediate deletion

6. Your Rights and Choices

6.1 Access and Deletion

  • You can view your account information at any time in your dashboard
  • You can delete your account by contacting us at aio@aminforoutan.com
  • Account deletion removes your stored tokens, account data, and property selections — request via our contact page

6.2 Revoking Google Access

  • You can revoke this service's access to your Google account at any time via your Google Account permissions page
  • Revoking access will stop all GSC and GA4 data requests but does not automatically delete your account with us

6.3 Marketing Communications

If you opted in to receive product updates and learning content, you can opt out at any time via our contact page.

7. Data Security

We take security seriously and implement the following measures:

  • All communications between your AI tool, our server, and Google APIs are encrypted via HTTPS
  • OAuth tokens are stored encrypted at rest
  • Access to production systems is restricted to authorized personnel only
  • We follow Google's OAuth 2.0 security best practices
  • We do not log the content of your GSC data queries

8. International Data Transfers

This service is operated from the United States. If you are accessing the service from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for any such transfers in accordance with applicable data protection laws.

9. Children's Privacy

This service is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children. Google Search Console is a professional tool used by adults and businesses.

10. Compliance

10.1 GDPR

For users in the European Union, our legal basis for processing your data is:

  • Contract: Processing necessary to provide the service you subscribed to
  • Consent: You explicitly consent when granting Google OAuth permissions and, separately, when opting into marketing communications
  • Legitimate Interest: Maintaining account security and service quality

You have the right to access, rectify, erase, and port your data. Use our contact page to exercise these rights.

10.2 CCPA

For California residents:

  • We do not sell your personal information
  • We do not share your personal information with third parties for cross-context behavioral advertising
  • We share standard aggregate web analytics data with our analytics service providers (Google for GA4 and Microsoft for Clarity, as described in sections 4.5 and 4.6) under their respective terms as service providers. This data is limited to marketing-website behavior and never includes Search Console or Analytics 4 data fetched through the service.
  • You can request deletion of your personal information via our contact page

11. Google API Services User Data Policy

Advanced GSC MCP Server's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the features described in this policy. We do not use Google user data for advertising or transfer it to third parties except as necessary to operate the service.

12. Google API Scopes Used

This service requests the following Google API scopes:

https://www.googleapis.com/auth/webmasters.readonly

Read-only access to Google Search Console data, including search performance metrics (queries, clicks, impressions, CTR, position), URL inspection results, sitemap information, crawl error reports, and the list of properties in your account. This scope is requested for all plans. We do not request write access and cannot modify your Search Console properties, settings, or data.

https://www.googleapis.com/auth/analytics.readonly

Read-only access to Google Analytics 4 data. This scope is requested for Pro and Agency plan subscribers only. It is used to: (1) list your GA4 accounts and properties so you can select which ones your AI assistant may access, and (2) run read-only reporting queries on your behalf — including sessions, page views, traffic channels, conversions, landing pages, engagement metrics, and audience data. Data retrieved using this scope is returned directly to you via your AI tool and is never stored, shared, or used for any purpose beyond fulfilling your query.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the date at the top of this page and, where appropriate, by email to registered users.

14. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out via our contact page.

Privacy Policy — Advanced GSC MCP Server