Plainly
Legal

Privacy Policy

Effective May 22, 2026

plainlyAPP ("we", "us", "our") provides an analytics-translation service that reads your Google Analytics data and explains it in plain English with AI. This Privacy Policy describes what we collect, how we use it, who we share it with, and the rights you have over your data.

1. Information we collect

We collect only what we need to run the service.

  • Account info. When you sign in with Google we receive your name, email address, and profile picture from Google.
  • Google Analytics data. If you connect Google Analytics, we request read-only access (analytics.readonly) and fetch metrics for the GA4 property you select and the date ranges you choose (sessions, users, pageviews, conversions, bounce rate, engagement rate, and date). We do not request, store, or have access to your raw events, personally-identifying visitor information, or any GA configuration outside what's needed for the report.
  • Uploaded CSVs. If you upload a Google Analytics CSV export, the aggregated metrics in that file are stored alongside your analysis history.
  • Analyses & AI output. The plain-English summaries the AI generates are stored with your account so you can view your history.
  • Payment info. We use Stripe to process payments. We never see your full card number — Stripe handles that directly. We store a transaction record (amount, plan, status) for billing history.
  • Email preferences. If you opt into the Monday-morning email, we track when the last one was sent and whether the feature is enabled.
  • Branding (Agency plan only). Your company name, logo URL, brand color, and tagline are stored to white-label shared reports.
  • Share stats. When you create a share link, we count how many times the public page is viewed and how many times its referral CTA is clicked. We don't store who viewed it.
  • Technical logs. Standard server logs (IP, timestamp, request path) are retained for security and debugging.

2. How we use your data

  • To authenticate you and run the analyses you request.
  • To send AI-generated, plain-English explanations of your GA metrics back to you.
  • To send the optional Monday-morning email (only if you turn it on).
  • To process payments and manage your subscription.
  • To make shareable read-only versions of analyses you choose to share.
  • To improve product quality (aggregated, never identifying any one user).

We do not sell your data. We do not use your Google Analytics data to train AI models. We do not serve ads.

3. Limited use of Google user data

plainlyAPP's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google Analytics data to provide the analytics-translation features described in this policy.
  • We never transfer Google user data to any third party except as needed to provide or improve the user-facing features (e.g. sending AI requests through Anthropic's API; see Section 5).
  • We never use Google user data for serving ads, including retargeting or personalized advertising.
  • We never allow humans to read your Google user data unless we have your affirmative agreement for a specific support case, it's necessary for security purposes, or it's required by law.

4. How long we keep your data

  • Account, analyses, and email preferences: until you delete your account.
  • Google Analytics OAuth tokens: until you disconnect or delete your account.
  • Payment records: up to 7 years (as required by financial regulations).
  • Server logs: typically 30 days.

5. Sub-processors we use

We share data only with the vendors that power the service:

  • Google — OAuth + Google Analytics Data API (your GA data passes through Google's APIs to us).
  • Anthropic — AI provider for plain-English summaries. The aggregated metrics for your selected periods are sent to Anthropic's Claude API; raw event data is not sent.
  • Stripe — payment processing.
  • Resend — transactional email (the Monday-morning report and account emails).
  • MongoDB Atlas / our managed database — storage of account, analyses, and share data.
  • Cloud hosting provider — runs the application servers.

6. Your rights

You can:

  • Disconnect Google Analytics any time (Dashboard → Disconnect). We immediately revoke and delete the OAuth tokens.
  • Revoke any individual share link.
  • Turn the Monday-morning email off any time.
  • Export or delete your data — email us at limitllesslegacyconsultingllc@gmail.com and we'll respond within 30 days.
  • If you're an EU/UK resident, you have additional rights under GDPR (access, rectification, erasure, restriction, portability, objection). Contact us to exercise them.
  • If you're a California resident, you have rights under CCPA (right to know, delete, and opt-out of sale — we don't sell data).

You can also revoke plainlyAPP's access to your Google account directly at myaccount.google.com/permissions.

7. Security

We use TLS for all data in transit. OAuth tokens and payment info are encrypted at rest. Access to production systems is limited to authorised engineers. No system is perfectly secure; if we ever discover a breach affecting you, we'll notify you without undue delay.

8. Children's privacy

plainlyAPP is not intended for children under 13 (or under 16 in the EEA). We don't knowingly collect data from children.

9. Changes to this policy

If we make material changes, we'll update the effective date and notify you by email or in-app before they take effect.

10. Contact us

Questions, requests, or complaints: limitllesslegacyconsultingllc@gmail.com.

← Back to homeTerms of Service →

Made with Emergent