Get Extension
Legal

Privacy Policy for Advanced GSC MCP Server

Last Updated: April 19, 2026

Your data is yours. The Advanced GSC MCP Server accesses your Google Search Console and, for Pro and Agency plans, your Google Analytics 4 data on your behalf to power AI queries. We store only what is necessary to run the service and never sell or share your data with third parties.

1. What This Service Does

The Advanced GSC MCP Server is a hosted server that connects your Google Search Console account — and, for Pro and Agency plan subscribers, your Google Analytics 4 account — to AI tools such as Claude and Cursor. When you send a query through your AI tool, the server fetches the relevant data from Google on your behalf and returns it to the AI. No GSC or GA4 data is stored permanently on our servers.

2. Information We Collect

2.1 Account Information

When you create an account, we collect and store:

  • Your name and email address (provided via Google sign-in or manual registration)
  • Your Google account identifier (used to associate your GSC and GA4 access)
  • Your profile photo if provided through Google sign-in
  • Your selected GSC properties (the sites you choose to activate)
  • Your selected GA4 properties (Pro and Agency plans only)
  • Your subscription plan and billing status
  • Your account creation date

2.2 Google Search Console Data

We access the following GSC data in real time when you or your AI tool makes a request:

  • Search performance data (queries, clicks, impressions, CTR, position)
  • URL inspection results and indexing status
  • Sitemap information
  • Crawl error reports
  • Site properties you have access to in your Google account

This data is fetched live and returned to your AI tool. It is not stored in our systems beyond the duration of the request.

2.3 Google Analytics 4 Data (Pro and Agency Plans)

For Pro and Agency plan subscribers who have granted Analytics access, we access the following GA4 data in real time when your AI tool makes a request:

  • Sessions, users, page views, and engagement metrics
  • Traffic source and channel breakdown
  • Landing page performance
  • Conversion and goal data
  • Device, geography, and audience breakdowns
  • Realtime reporting data
  • GA4 account and property listings (to let you select which properties the AI may access)

This data is fetched live on demand and returned only to you via your AI tool. It is not stored in our systems beyond the duration of the request and is never used for any purpose other than fulfilling your query.

2.4 OAuth Tokens

To access Google Search Console and Google Analytics 4 on your behalf without requiring you to re-authenticate on every request, we store your OAuth refresh token in encrypted server-side storage. These tokens are:

  • Encrypted at rest using industry-standard encryption
  • Never shared with third parties
  • Used solely to authenticate requests to the Google Search Console API and Google Analytics Data API
  • Deleted when you disconnect your account or delete your account

2.5 Support Communications

If you submit a support ticket or contact us, we store the content of your message and our reply so we can follow up and maintain a record of the conversation.

2.6 In-App AI Support Chat History

When you use the in-app AI support assistant in your dashboard, we retain your messages and the assistant's replies on our servers for up to 90 days for quality review and product improvement (for example, to identify confusing answers, improve our system prompts, and detect abuse). After 90 days these messages are automatically deleted. We log support-chat history only for users who have connected their Google account; if you have not yet connected, your pricing-stage questions are not retained beyond the OpenAI request itself. If you delete your account, all of your support-chat history is deleted with it. To request earlier deletion of your support-chat history, contact us via our contact page.

3. How We Use Your Information

We use the information we collect solely to:

  • Authenticate you and maintain your account
  • Fetch Google Search Console data on your behalf when your AI tool makes a request
  • Fetch Google Analytics 4 data on your behalf when your AI tool makes a request (Pro and Agency plans)
  • Enforce your plan limits (number of active properties)
  • Process and manage your subscription payments
  • Respond to support requests
  • Send service-related communications (account, billing, downtime notices)
  • Send product updates and learning content, if you opted in at sign-up

We do not use your data for advertising, profiling, or any purpose beyond running this service.

4. Third-Party Services

4.1 Google APIs

This service uses the Google Search Console API, the Google Analytics Data API, the Google Analytics Admin API, and Google OAuth 2.0. When you sign in with Google or grant access, your interaction with Google is governed by Google's Privacy Policy. We request only the permissions necessary to read your Search Console and Analytics data. We do not request write access and cannot modify your Search Console or Analytics settings or data.

4.2 Stripe

Subscription payments are processed by Stripe. When you subscribe, you are entering payment information directly with Stripe. We do not store your card number, CVV, or any payment credentials. We only store your Stripe customer ID and subscription status. Stripe's use of your data is governed by Stripe's Privacy Policy.

4.3 Infrastructure

This service is hosted on third-party cloud infrastructure. All data is stored within secure, access-controlled environments. We do not use third-party analytics or advertising trackers on this service.

4.4 OpenAI (In-App AI Assistants)

This service uses OpenAI's API to power two in-app AI features: (1) the support assistant in your dashboard, and (2) the article chat assistant available on some blog articles. When you interact with these features, the following is transmitted to OpenAI:

  • The text of your message
  • For the support assistant: your current plan tier (Starter, Pro, Agency, Custom, or none), whether you have GSC and GA4 connected, and the number of properties you have selected versus your plan's property limit
  • For the article chat assistant: the public text of the article you are reading

The following is not sent to OpenAI: your Google Search Console or Google Analytics data, your OAuth tokens, your API key, your email address, your name, your payment information, or any search/analytics queries returned to your AI tool. Per OpenAI's API data usage policy, content submitted through the OpenAI API is not used to train OpenAI's models. OpenAI's use of this data is governed by OpenAI's Privacy Policy.

Your support-chat messages and the assistant's replies are also stored on our own servers for up to 90 days for quality review and product improvement, then automatically deleted — see §2.6 for details.

If you prefer not to use the in-app support assistant, you can contact us via our contact page instead.

5. Data Retention

  • Your account data is retained for as long as your account is active
  • OAuth tokens are deleted when you disconnect your Google account or delete your account
  • GSC and GA4 query results are not stored; they are fetched live per request
  • Support ticket content is retained to maintain conversation history and improve the service
  • In-app AI support chat messages are retained for up to 90 days, then automatically deleted (see §2.6)
  • If you cancel your subscription, your account data is retained for 30 days before deletion, unless you request immediate deletion

6. Your Rights and Choices

6.1 Access and Deletion

  • You can view your account information at any time in your dashboard
  • You can delete your account by contacting us at aio@aminforoutan.com
  • Account deletion removes your stored tokens, account data, and property selections — request via our contact page

6.2 Revoking Google Access

  • You can revoke this service's access to your Google account at any time via your Google Account permissions page
  • Revoking access will stop all GSC and GA4 data requests but does not automatically delete your account with us

6.3 Marketing Communications

If you opted in to receive product updates and learning content, you can opt out at any time via our contact page.

7. Data Security

We take security seriously and implement the following measures:

  • All communications between your AI tool, our server, and Google APIs are encrypted via HTTPS
  • OAuth tokens are stored encrypted at rest
  • Access to production systems is restricted to authorized personnel only
  • We follow Google's OAuth 2.0 security best practices
  • We do not log the content of your GSC data queries

8. International Data Transfers

This service is operated from the United States. If you are accessing the service from outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards are in place for any such transfers in accordance with applicable data protection laws.

9. Children's Privacy

This service is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children. Google Search Console is a professional tool used by adults and businesses.

10. Compliance

10.1 GDPR

For users in the European Union, our legal basis for processing your data is:

  • Contract: Processing necessary to provide the service you subscribed to
  • Consent: You explicitly consent when granting Google OAuth permissions and, separately, when opting into marketing communications
  • Legitimate Interest: Maintaining account security and service quality

You have the right to access, rectify, erase, and port your data. Use our contact page to exercise these rights.

10.2 CCPA

For California residents:

  • We do not sell your personal information
  • We do not share your personal information with third parties for cross-context behavioral advertising
  • You can request deletion of your personal information via our contact page

11. Google API Services User Data Policy

Advanced GSC MCP Server's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the features described in this policy. We do not use Google user data for advertising or transfer it to third parties except as necessary to operate the service.

12. Google API Scopes Used

This service requests the following Google API scopes:

https://www.googleapis.com/auth/webmasters.readonly

Read-only access to Google Search Console data, including search performance metrics (queries, clicks, impressions, CTR, position), URL inspection results, sitemap information, crawl error reports, and the list of properties in your account. This scope is requested for all plans. We do not request write access and cannot modify your Search Console properties, settings, or data.

https://www.googleapis.com/auth/analytics.readonly

Read-only access to Google Analytics 4 data. This scope is requested for Pro and Agency plan subscribers only. It is used to: (1) list your GA4 accounts and properties so you can select which ones your AI assistant may access, and (2) run read-only reporting queries on your behalf — including sessions, page views, traffic channels, conversions, landing pages, engagement metrics, and audience data. Data retrieved using this scope is returned directly to you via your AI tool and is never stored, shared, or used for any purpose beyond fulfilling your query.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the date at the top of this page and, where appropriate, by email to registered users.

14. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out via our contact page.