PageCheckup

Privacy Policy

Last updated: May 15, 2026

PageCheckup ("PageCheckup," "we," "us") operates a free web tool that audits Google Tag Manager containers and produces a health report. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Information we collect

When you use PageCheckup, we may collect:

  • Google account information. When you sign in with Google, we receive your name, email address, and Google profile identifier through standard OAuth scopes (openid, email, profile).
  • Google Tag Manager data. With your permission, we use the tagmanager.readonly OAuth scope to read metadata about your GTM containers — including tags, triggers, variables, versions, and user permissions — solely to generate your audit report. We never write to or modify your container.
  • Audit results. The output of an audit (the rules that ran, which items they flagged, and a numeric health score) is stored so you can revisit or share your report.
  • Email address for report delivery. If you request a PDF copy or a shareable link by email, we store the address you provide along with your opt-in preference for product updates about ongoing monitoring.
  • Usage analytics. We use Plausible Analytics, a privacy-friendly analytics service, to count page views and key events (audit started, report shared, capture submitted). Plausible does not use cookies and does not collect personal data or cross-site identifiers.
  • Operational logs. Standard server logs (timestamps, IP addresses, user agents, error traces) may be retained for short periods for security and debugging.

2. How we use Google user data

PageCheckup's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In practical terms:

  • We access GTM container data only to generate the audit report you requested.
  • We do not use Google user data to serve ads, and we do not sell Google user data.
  • We do not transfer Google user data to third parties except as needed to provide the service (hosting, database, email delivery — see "Service providers" below), to comply with applicable law, or as part of a merger, acquisition, or asset sale where you are notified.
  • We do not allow humans to read your Google user data unless we have your affirmative agreement for specific instances, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in accordance with the Limited Use requirements.

3. How we use information

  • Generate, display, and store your audit report.
  • Deliver the PDF report or shareable link to the email address you provide.
  • Authenticate you and maintain your session while you use the tool.
  • Measure aggregate product usage so we can improve the experience.
  • Detect, investigate, and prevent abuse, fraud, or violations of our Terms of Service.
  • If you opted in, contact you when ongoing monitoring becomes available.

4. Service providers

We rely on a small number of third-party providers to operate the service:

  • Vercel — application hosting and serverless infrastructure.
  • Neon — managed PostgreSQL database for storing reports, capture emails, and OAuth session metadata.
  • Resend — transactional email delivery for report PDFs and shareable links.
  • Google — OAuth identity and the Tag Manager API.
  • Plausible Analytics — cookieless, privacy-friendly usage analytics.

These providers process data on our behalf under their own security and privacy commitments. We do not sell your personal information.

5. Sharing and public links

When you request a shareable link to your report, anyone with the link can view the report. Shareable links contain the audit results (tag names, trigger names, scores, and recommendations) but do not expose your Google credentials, email address, or access tokens. Do not share a link if the underlying data is sensitive.

6. Data retention

  • OAuth tokens live only as long as your session. We do not persist Google access or refresh tokens beyond what is needed to complete your audit and refresh during an active session.
  • Audit reports are retained so you can revisit them. You can request deletion at any time.
  • Capture emails are retained until you ask us to remove them, or until the project is sunset.
  • Operational logs are retained for a short period for debugging and security and are then discarded.

7. Your choices and rights

  • Revoke Google access. You can revoke PageCheckup's access to your Google account at any time at myaccount.google.com/permissions.
  • Delete a report. Email us and we'll remove a specific report (or all of your data) within a reasonable period.
  • Unsubscribe. If you opted in to product updates, you can opt out at any time by replying to any email we send.
  • Access and correction. If you would like a copy of the personal information we hold about you, or want to correct it, contact us at the address below.

8. Security

We use industry-standard transport encryption (HTTPS) and rely on our hosting and database providers' security controls. No system is perfectly secure; we will notify affected users without undue delay if we become aware of a breach involving their personal information.

9. Children

PageCheckup is not directed to children under 13, and we do not knowingly collect personal information from them.

10. International users

PageCheckup is operated from the United States. If you access the service from outside the United States, you understand that your information may be processed in the United States and in countries where our service providers operate.

11. Changes to this policy

We may update this Privacy Policy as the product evolves. When we make material changes, we will update the "Last updated" date above and, when appropriate, notify users by email.

12. Contact

Questions or requests about this policy or your data: privacy@pagecheckup.dev.