Privacy Policy

Marketer Companion Privacy Policy

Last updated: 26 April 2026 · v0.6.0

This policy describes how the Marketer Companion Chrome extension (the "Extension") accesses, uses, stores, and protects your data when you connect your Google Search Console, Google Analytics (GA4), or CallRail account. The Extension is a client-side tool only - it communicates directly with Google's and CallRail's APIs on your behalf. No data is routed through or stored on developer-controlled servers.

Your data never leaves your browser.

All OAuth tokens and API responses are processed locally. Nothing is transmitted to developer-owned servers.

Minimum-necessary permissions only.

We request only the scopes required to read your GSC, GA4, and email data. No write operations are performed.

Revoke access instantly.

Sign out from the extension footer or revoke access via myaccount.google.com/permissions at any time.

Permissions & API scopes

What access does the Extension request?

Marketer Companion uses Google's OAuth 2.0 framework to request the minimum scopes necessary for each feature. Below is a complete list of every scope and Chrome extension permission requested, what it accesses, and why it is needed.

Scope	API / Service	Data accessed	Why it's needed	Feature
`openid`	Google Identity	A stable unique identifier for your Google Account	Required to authenticate you via OAuth 2.0; used as the session identity.	Sign In
`email`	Google Identity	Your Google Account email address (read-only)	Displayed inside the Extension UI so you know which account is connected.	Account indicator
`https://www.googleapis.com/auth/webmasters.readonly`	Google Search Console API	Search Analytics data, site list, URL inspection results, coverage state, canonicals, crawl date	Powers GSC Performance and URL Inspection tabs; read-only access to property data you own or can access.	GSC PerformanceURL Inspection
`https://www.googleapis.com/auth/webmasters`	Google Search Console API	Same as above; includes permission to call the URL Inspection endpoint requiring non-readonly scope even for read operations	Required by the GSC URL Inspection Live Test API endpoint; no write operations are performed.	URL Inspection
`https://www.googleapis.com/auth/analytics.readonly`	Google Analytics Data API & Admin API	Aggregate GA4 report data, GA4 property list, and stream metadata	Powers the GA4 Analytics tab; read-only access to properties you own or can access.	GA4 Analytics

Chrome extension permissions

identity

Enables the chrome.identity.getAuthToken() and launchWebAuthFlow() APIs that handle the Google OAuth 2.0 flow within Chrome.

What it CAN'T do: It does not grant access to browsing data, passwords, cookies, or other Google accounts.

storage

Saves your OAuth token, selected GSC property, GA4 property preference, and CallRail API key in chrome.storage.local.

What it CAN'T do: Cannot access data from other extensions or websites; isolated to this Extension only.

activeTab

Tells the Extension which page you currently have open, so it can pre-fill URL fields and run audits on the correct page.

What it CAN'T do: Does not monitor background browsing; only reads the URL when you open the popup.

scripting

Injects on-demand On-Page Audit and Tag Assistant scripts into the active tab when you click "Run audit" or "Scan tags".

What it CAN'T do: Does not run automatically, persist on pages, or send page content to any server.

Data accessed

What data does the Extension access?

The Extension reads data from Google APIs and CallRail exclusively to display it to you inside the Extension popup. No data is stored externally, aggregated across users, or used for any purpose other than displaying it in the UI.

Google Search Console Data +

URL Inspection: Indexing status, coverage state, crawl date, crawl agent, page fetch result, indexing allowed/blocked flag, user-declared canonical URL, and Google-selected canonical URL.
Search Analytics: Aggregated performance data for the selected URL or property including clicks, impressions, CTR, and average position.
Site List: The list of Search Console properties you own or have access to, used to populate the property selector.

Google Analytics (GA4) Data +

Property List: GA4 property names, IDs, and streams, fetched to populate selectors and cached locally for session performance.
Overview mode: Active users, sessions, views, event count, and Default Channel Group breakdowns for the selected date range.
Key Events mode: Key event totals, event counts, active users, and sessions broken down per event and channel group.
All GA4 data is aggregate, anonymised report data. No individual user PII, session IDs, or user-level tracking data is returned or stored.

CallRail Data +

Company list: CallRail company names and IDs associated with your API key, used to populate the company selector.
Call attribution data: Total calls, answered calls, missed calls, average duration, first-time caller flag, and source attribution aggregated by date range and company.
No individual caller phone numbers, names, recordings, or personally identifiable call data is fetched or displayed by the Extension.
Your CallRail API key is stored only in chrome.storage.local on your device.

Storage & transmission

How is data used and stored?

Storage: Data is processed in-memory within the popup and discarded when the popup closes, except OAuth access tokens and selected property preferences persisted to chrome.storage.local for authenticated sessions and UI convenience.

No GSC report data, GA4 metric data, or CallRail call data is persisted to storage. It is fetched on demand and held in memory only for the current popup session.

Transmission: Requests are made directly from your browser to searchconsole.googleapis.com, analyticsdata.googleapis.com, analyticsadmin.googleapis.com, www.googleapis.com, and api.callrail.com. No request passes through developer-controlled infrastructure.

Caching: GA4 and GSC property lists may be cached in chrome.storage.local to reduce redundant API calls. This cache clears when you sign out.

Google API Services - Limited Use Compliance Statement

Marketer Companion's use of Google API data complies with the Limited Use requirements.

Marketer Companion's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data is used only to provide the features visible in the Extension's user interface.
Data is not used to develop, train, or improve generalised AI or ML models.
Data is not transferred to third parties, advertising platforms, data brokers, or resellers.
Data is not used for serving ads - personalised, retargeted, or interest-based.
Data is not used to determine credit-worthiness or for lending purposes.
Human access to your data is not permitted - no developer or employee can view your GSC, GA4, or CallRail data.
Data is not stored on servers controlled by the developer.

Reference policies: · Google API Services User Data Policy · Chrome Web Store Limited Use Policy · OAuth 2.0 Policies

Never collected

What this Extension will never do.

No external server transmission

Your GSC, GA4, or CallRail data is never sent to or stored on any server controlled by the developer or any third party.

No browsing history tracking

The Extension does not monitor, record, or transmit your web browsing activity. It reads the current tab URL only when you click the Extension icon.

No cross-site tracking

The Extension does not follow you across websites or track behaviour beyond the single popup session.

No advertising or profiling

Your data is never used for advertising, retargeting, personalised recommendations, or user profiling of any kind.

No third-party data sales or transfers

Your data is never sold, rented, licensed, or transferred to advertising platforms, data brokers, analytics resellers, or any third party.

No AI/ML model training

Data obtained via Google APIs is never used to train, fine-tune, or improve any machine learning or AI model.

No human data access

No developer, employee, contractor, or agent can view your GSC, GA4, CallRail, or personal data. The Extension is entirely client-side.

No persistent data retention

Report data lives only in popup memory for the duration of a single session and is discarded when the popup closes.

Optional integration

CallRail API Key

CallRail integration is entirely optional. If you choose to connect CallRail:

Your CallRail API key is entered manually in Settings and stored only in chrome.storage.local on your device.
The API key is used exclusively to make authenticated requests to https://api.callrail.com for aggregated call attribution data.
The API key is never transmitted to developer servers or any third party.
CallRail data is held in popup memory only and discarded when the popup closes.
You can remove your CallRail API key via Settings → Disconnect, which clears it immediately.

Marketer Companion is an independent tool and is not affiliated with, endorsed by, or a product of CallRail, Inc.

Retention

Data retention and deletion.

Item	Stored where	Retention	How to delete
OAuth access token	`chrome.storage.local`	Until sign-out	Click "Sign Out" in Settings
Google property preferences	`chrome.storage.local`	Until sign-out or clear	Click "Sign Out" in Settings
CallRail API key	`chrome.storage.local`	Until disconnected	Click "Disconnect" in Settings
GSC / GA4 / CallRail data	In-memory popup only	Current session only	Close the popup

Signing out via Settings → Sign Out calls chrome.identity.removeCachedAuthToken(), clears Extension data from chrome.storage.local, and redirects the popup to the sign-in screen. You can also revoke access via Google Account Permissions by removing "Marketer Companion".

Controls

Your rights and controls.

Revoke Google access

Visit myaccount.google.com/permissions, find "Marketer Companion", and click Remove Access.

Open Google Permissions ↗

Delete local data

Open the Extension → Settings → Sign Out. Tokens, preferences, and cached property lists are cleared.

Review what's stored

Open Chrome DevTools → Application → Storage → Local Storage → chrome-extension://[id].

Disconnect CallRail

Open Settings → Disconnect under CallRail API. Your API key is immediately removed.

Data deletion request

Contact the developer via the Chrome Web Store listing contact or support channel.

Applicable law

Users in the EU/EEA may have additional GDPR rights including access, rectification, and erasure.

References

Policy compliance.

✓ Compliant

1. Google API Services User Data Policy (Feb 2024)

The Extension complies with accurate identity representation, data minimisation, Limited Use restrictions, no prohibited transfers, and no human access to user data.

Read the full policy ↗

2. Chrome Web Store Program Policies - User Data

This privacy policy is published in the Chrome Web Store Developer Dashboard privacy policy field. The Extension complies with Limited Use, secure handling, and prominent disclosure requirements.

Read Chrome Web Store policies ↗

3. OAuth 2.0 Policies

All OAuth scopes requested are limited to those necessary for the Extension's stated features. The OAuth consent screen accurately identifies the application and data requested.

Read OAuth 2.0 Policies ↗

Updates & contact

Policy updates and contact.

This policy may be updated when the Extension adds new features that access different data, when Google or Chrome Web Store policies change, or when the Extension is updated to a new major version. Changes will be reflected in the "Last updated" date at the top of this page.

v0.6.0 (26 Apr 2026) → Added CallRail API key handling section
v0.5.x → Initial policy covering GSC, GA4, On-Page, Schema, Tags

Developer: Jayant Solanki

For privacy inquiries, data deletion requests, or questions about this policy, use the Chrome Web Store listing contact or support channel.

Contact via Chrome Web Store listing