MeasureBoard.com

Legal

Privacy Policy

Last updated: April 5, 2026

1. Overview

MeasureBoard ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using our service at measureboard.com (the "Service"), you agree to the collection and use of information as described here.

2. Information We Collect

2.1 Account Information

When you sign up, we collect your name, email address, and authentication credentials (via Google OAuth or email/password). We store only what is necessary to operate your account.

2.2 Google Analytics Data

With your explicit authorization, we connect to the Google Analytics Data API v1 using read-only access scopes. We collect and store metrics from your GA4 properties, including sessions, users, pageviews, engagement rates, bounce rates, channel attribution, geographic data, device categories, and top pages. We never modify your Google Analytics configuration or write any data back to Google.

2.3 Google Search Console Data

If you optionally connect your Google Search Console account, we access the Google Search Console API using the webmasters.readonly scope. We retrieve search performance data including impressions, clicks, average position, and queries for your verified sites. This connection is entirely optional. We never modify your Search Console configuration or write data back to Google. You may disconnect Search Console access at any time from your account settings.

2.4 Google Ads Data

If you optionally connect your Google Ads account, we access the Google Ads API using the adwords scope. We retrieve campaign performance data including spend, clicks, impressions, cost-per-click, conversions, and ad group metrics. Although the adwords scope technically permits write access, MeasureBoard only reads data - we never create, modify, or delete campaigns, ads, budgets, or any account settings. A more limited read-only scope for Google Ads is not available from Google. You may disconnect Google Ads access at any time from your account settings.

2.5 Shopify Data

If you optionally connect your Shopify store, we access the Shopify Admin API using OAuth with read-only scopes. We retrieve order data (for revenue attribution by channel and source), product information, and content (pages, blog posts) for SEO analysis. We do not modify your store settings, products, or orders. Shopify access tokens do not expire but you may disconnect your store at any time from your account settings.

2.6 Website Performance Data

When you use the SEO Page Analysis feature, we submit URLs you provide to the Google PageSpeed Insights API and store the resulting performance scores and metrics in our database.

2.7 Uptime Monitoring Data

For properties with uptime monitoring enabled, we periodically make HTTP requests to your domain and record response times, HTTP status codes, and incident history.

2.8 Phone Number

If you choose to enable SMS notifications, we collect and store your phone number. Your phone number is used solely to deliver service alerts (such as uptime downtime notifications) that you have opted into. We do not use your phone number for marketing, share it with third parties, or sell it to any external party. You may remove your phone number and disable SMS notifications at any time from your account settings.

2.9 Usage and Log Data

We automatically collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security monitoring and service improvement.

3. How We Use Your Data

We use the information we collect to:

  • Provide, operate, and improve the Service, including generating analytics reports and summaries on your behalf.
  • Send you reports, alerts, and transactional emails or SMS notifications related to your account.
  • Monitor your connected websites for uptime and notify you of incidents.
  • Generate AI-powered insights and summaries of your analytics data using third-party AI services (see Section 5).
  • Understand usage patterns and improve the product experience.
  • Comply with legal obligations and enforce our Terms of Service.
  • Detect and prevent fraud, abuse, and security incidents.

What this means in plain language: We use your data to power the features you signed up for. To generate AI insights, your aggregated analytics data is processed by Anthropic's API - it is not stored by them or used for any other purpose. We do not sell your data. We do not share personally identifiable information with advertisers or data brokers.

4. Data We Do Not Sell or Misuse

We do not, and will never:

  • Sell, rent, or trade your personal information or your Google user data to any third party.
  • Use your Google user data to serve advertisements or for advertising retargeting.
  • Use your Google user data for surveillance or to monitor individuals without their knowledge.
  • Use your Google user data to determine creditworthiness or for lending decisions.
  • Transfer your Google user data to third parties except as required to provide the Service, comply with applicable law, or in the event of a merger or acquisition (subject to the same privacy commitments).
  • Use your Google Analytics, Google Search Console, Google Ads, or Shopify data to develop, improve, or train generalized AI or machine learning models. AI insights are generated on a per-user, per-request basis and your data is not retained by our AI provider or used for any purpose other than producing your report.

5. Data Sharing and Disclosure

We may share your information only in the following limited circumstances:

  • Service Providers: We use trusted third-party vendors who process data solely on our behalf under confidentiality obligations. This includes: database hosting (Railway), email delivery (Resend), SMS delivery (Twilio), payment processing (Stripe), and AI services (Anthropic). When you generate an AI insights report, aggregated analytics data from your GA4 property is sent to Anthropic's API to produce the summary. This data is used solely to generate your report and is not used by Anthropic to train their models.
  • Legal Requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of MeasureBoard, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy commitments.
  • With Your Consent: We may share information for any other purpose with your explicit consent.

6. SMS/Text Messaging

MeasureBoard offers optional SMS notifications for critical alerts such as website downtime. By enabling SMS notifications and providing your phone number, you consent to receive text messages from MeasureBoard related to your monitored websites.

  • Opt-in: SMS notifications are strictly opt-in. You must explicitly enable them and provide your phone number in your account settings.
  • Message frequency: Message frequency varies based on the alerts you have configured. Typically, you will receive messages only when a monitored website goes down or recovers.
  • Message and data rates: Standard message and data rates from your mobile carrier may apply.
  • Opt-out: You can opt out of SMS notifications at any time by replying STOP to any message, or by disabling SMS notifications in your account settings at measureboard.com/dashboard/settings.
  • Help: Reply HELP to any message for support information, or contact us at [email protected].
  • No marketing: We will never send marketing or promotional text messages. SMS is used exclusively for service alerts you have configured.
  • Third-party processing: SMS messages are delivered through Twilio. Your phone number is shared with Twilio solely for the purpose of delivering messages. Twilio processes this data under their privacy policy and data processing agreement.

7. Data Retention

We retain your account and analytics data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

8. Security

We implement industry-standard security measures including encrypted data transmission (TLS), encrypted storage for sensitive credentials, and access controls that limit who on our team can access user data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security, but we take reasonable precautions.

9. Google API Limited Use Disclosure

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We request only the minimum scopes necessary to operate the Service: analytics.readonly (Google Analytics Data API), optionally webmasters.readonly (Google Search Console API), and optionally adwords (Google Ads API - read-only usage; no read-only scope exists for Google Ads, but MeasureBoard only reads reporting data and never modifies account settings, campaigns, or ads).
  • Data obtained through Google APIs is used solely to provide user-facing features within MeasureBoard - specifically, generating analytics reports and insights on your behalf.
  • We do not use Google user data to serve advertisements, for advertising retargeting, or for any purpose not directly related to the features you use.
  • We do not transfer Google user data to third parties, except to our service providers (listed in Section 5) who process it solely to enable those features, or as required by law.
  • We do not allow humans to read your Google user data except with your affirmative consent, for security purposes, or to comply with applicable law.
  • Google user data is not used to train, fine-tune, or improve any AI or machine learning model, whether operated by us or any third party.

10. Your Rights and Choices

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Revoke Google OAuth access at any time via your Google Account settings.
  • Opt out of non-transactional emails.

To exercise any of these rights, contact us at [email protected].

11. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

13. Lawful Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process your Personal Data on the following legal bases:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for, including analytics data collection, report generation, and email delivery.
  • Legitimate Interest (Art. 6(1)(f)): Processing for service improvement, security, fraud prevention, and internal product analytics. We have assessed that these interests do not override your data protection rights.
  • Consent (Art. 6(1)(a)): Where you explicitly grant access to your Google Analytics, Google Search Console, Google Ads, and/or Shopify data via OAuth consent.
  • Legal Obligation (Art. 6(1)(c)): Where required to comply with tax, accounting, or regulatory requirements (e.g., Stripe payment records).

14. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers. For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on the EU-U.S. Data Privacy Framework (for certified providers), Standard Contractual Clauses (SCCs), and adequacy decisions where applicable.

For details on our sub-processors and transfer mechanisms, see our Data Processing Agreement.

15. Automated Decision-Making

MeasureBoard uses AI (Claude by Anthropic) to generate analytics insights and recommendations. These AI-generated outputs are informational only and do not constitute automated decision-making that produces legal effects or similarly significant effects on you. You are free to disregard any AI-generated recommendation.

16. Data Subject Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR:

  • Right of Access (Art. 15) - Request a copy of your Personal Data
  • Right to Rectification (Art. 16) - Request correction of inaccurate data
  • Right to Erasure (Art. 17) - Request deletion of your data (available via Settings > Delete Account)
  • Right to Restriction (Art. 18) - Request restriction of processing
  • Right to Data Portability (Art. 20) - Request your data in a machine-readable format
  • Right to Object (Art. 21) - Object to processing based on legitimate interest
  • Right to Withdraw Consent - Revoke OAuth access at any time via your Google Account settings

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

17. Cookies

We use only strictly necessary cookies required for the Service to function. We do not use advertising, tracking, or third-party analytics cookies. For full details, see our Cookie Policy.

18. Data Processing Agreement

For information about how we process data on your behalf, our sub-processors, and international transfer mechanisms, see our Data Processing Agreement.

19. Contact

Questions about this policy? Reach us at: [email protected]