TE
TagEasy

⚠️ Draft — placeholder text below. Replace with content reviewed by counsel before going live, especially the GDPR/CCPA sections.

Privacy Policy

Last updated: 2026-05-18

Summary

TagEasy is a tool for configuring Google Tag Manager and Google Analytics on websites you own or operate. This policy describes what data about you— the TagEasy customer — we collect, why, and what you can do about it. It does not describe the data your end-users generate through the tracking you configure; that's governed by your own privacy policy and Google's.

Data we collect

Account data

  • Your email, name, hashed password (if you sign up with credentials), and your Google account email (if you sign in with Google).
  • Organization name, website domain(s), industry, optional description.
  • Stripe customer ID, subscription status, plan, billing period — billing details (card numbers, etc.) live in Stripe, not in our database.

Usage data

  • Tracking event definitions you create (selectors, dataLayer keys, etc.).
  • Aggregated counts of events fired (for plan-limit enforcement).
  • Logs of significant actions (account creation, website creation, subscription changes) in our activity log.

Connected Google data (opt-in)

When you connect a Google Analytics 4 property, we store the OAuth refresh token associated with your Google account so the Service can fetch GA4 metrics on your behalf. We only request theanalytics.readonly scope. You can revoke this access at any time from your Google account settings or from Settings → Account → Disconnect Google.

How we use it

  • To operate the Service (let you log in, save your configurations, send tracking code).
  • To bill you (via Stripe).
  • To send service-related emails (password resets, weekly health summaries you opt into).
  • To monitor health and improve the product (aggregated, non-identifying telemetry).

How we share it

We don't sell your data. We share it with these processors only as needed:

  • Stripe — billing.
  • Resend — transactional + summary emails.
  • OpenAI / Anthropic — when you use AI features, the prompt content is sent to the configured provider. No data is sent if you have no API key configured.
  • Vercel — hosting and request logs.
  • Google — only as needed to call APIs you authorized.

Cookies

We use first-party cookies for:

  • Session authentication (NextAuth).
  • Current organization selector (tageasy-org).
  • Active admin impersonation (tageasy-impersonate) — admin role only.

No advertising or analytics cookies on TagEasy itself.

Data retention

  • Account, organization, and event definition data: retained while your account is active.
  • Activity log: retained for 24 months.
  • Event health logs: retained for 12 months.
  • When you delete your account, we remove the above within 30 days.

Your rights

Subject to applicable law (GDPR, CCPA, etc.), you have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your account (this also deletes the data we hold about you).
  • Export your data (you can export your event configurations from the dashboard).
  • Object to processing or restrict it.

To exercise these rights, email privacy@tageasy.com.

Security

Passwords are bcrypt-hashed. OAuth refresh tokens and any service-account credentials are encrypted at rest. Connections use HTTPS. We use Stripe for all card processing — no card data touches our systems.

Children

TagEasy is not directed at children under 16. We don't knowingly collect data from them.

Changes

We may update this policy from time to time. Material changes will be announced via email or in-product notice.

Contact

Questions or requests? Email privacy@tageasy.com.