← Back to home

Privacy Policy

Last updated: April 2026

1. Data Controller

The data controller for your personal data is [IM'YA PRIZVYSHCHE], Individual Entrepreneur (FOP), EDRPOU code [YEDRPOU], Ukraine.

Contact: [email protected]

2. General

The GTM Event Helper extension ("Extension") is designed to simplify working with Google Tag Manager (GTM). This policy describes what data is collected, how it is used, and your rights regarding that data.

3. Data Collected

We collect and process the following categories of data:

• Google account email — obtained via Google OAuth during sign-in to identify your account and manage your subscription.
• GTM workspace IDs — your selected GTM account, container, and workspace identifiers, used to create triggers and tags on your behalf. No GTM data is sent to our servers; all API calls are made from your browser to Google.
• Usage analytics (GA4) — anonymous extension usage data (feature usage, error reports, aggregate statistics) sent via Google Analytics 4 Measurement Protocol. This does not include your GTM configurations, website content, or CSS selectors.
• Payment data — payment transactions are processed by Monobank Acquiring (JSC "Universal Bank", Ukraine). We do not store, process, or have access to your credit/debit card numbers. We only receive transaction confirmation details (amount, date, status) necessary for subscription management.
• Data on website pages — the Extension only runs on pages where you activate it. It uses the page elements you select (selectors, text) only to form events in GTM and does not send this data to third-party servers.

4. Purpose of Data Processing

Data is used solely to provide the Extension's functionality: signing in to GTM via OAuth, using the GTM API to list and select your accounts, containers, and workspaces, creating triggers and tags in your Google Tag Manager at your request, managing your subscription, and improving the service through anonymous analytics.

5. Storage and Transfer of Data

The Extension does not store your Google credentials. Access tokens (OAuth) are stored locally in your browser in line with Chrome's policy. We do not share users' personal data with third parties for advertising purposes.

Data transfers: Your data is processed within the EU. Our backend services run on Google Cloud Platform (region europe-west1, Belgium). No data is transferred outside the EU/EEA except as described in the third-party processors section.

6. Data Protection Mechanisms

The Extension implements the following security measures to protect sensitive Google user data:

• Local storage only — OAuth access tokens are stored locally in your browser's secure storage (Chrome's managed storage), encrypted by Chrome's built-in security mechanisms. No sensitive data is transmitted to or stored on our servers.
• Direct API communication — All GTM API calls are made directly from your browser to Google's servers using HTTPS encryption. We do not intercept, log, or store any API responses containing your GTM data.
• Minimal data access — The Extension requests only the minimum OAuth scopes necessary for its functionality (read and write access to GTM containers). We do not request access to other Google services or data.
• No data aggregation — We do not collect, aggregate, or analyze user data. Each user's data remains isolated and is only processed locally in their browser.
• Secure OAuth flow — Authentication uses Google's official OAuth 2.0 protocol with secure token exchange. Tokens are refreshed automatically by Chrome's OAuth implementation.

7. Cookies

Our marketing website (gtmhelper.app) uses the following cookies and tracking technologies:

• Google Tag Manager (GTM) — manages the loading of analytics and marketing tags.
• Google Analytics 4 (GA4) — collects anonymized website usage data to understand how visitors interact with our site. Sets cookies such as _ga, _ga_*.
• Microsoft Clarity — provides heatmaps and anonymized session recordings. Sets cookies such as _clck, _clsk. Clarity respects Do Not Track settings.

These cookies are used only on the marketing website, not within the Chrome extension.

8. Microsoft Clarity

Our marketing website (gtmhelper.app) uses Microsoft Clarity for heatmaps and session recordings to understand how visitors interact with our site. Clarity collects anonymized usage data including mouse movements, clicks, and scroll behavior. It does not collect personal data and respects Do Not Track settings. This only applies to the marketing website, not the Chrome extension.

9. Analytics & Usage Data

GTM Event Helper collects anonymous usage analytics to improve the extension. This includes:

• Extension installation and update events
• Feature usage (which features are used, not the content you create)
• Error reports (technical errors, not personal data)
• Aggregate statistics (total tags created, not individual configurations)

This data is sent via Google Analytics 4 Measurement Protocol and does not include:

• Your GTM account data or tag configurations
• Website content you visit
• CSS selectors or element data
• Personal information beyond what you provide for authentication

To request deletion of your analytics data, contact us at [email protected]. We do not collect personally identifiable information through analytics; data is aggregated and anonymous.

10. Third-Party Data Processors

We use the following third-party services that may process your data:

• Google (Google Cloud Platform, Google Analytics, Google OAuth) — authentication, analytics, and backend infrastructure. Data processed in EU (europe-west1). Subject to Google's Privacy Policy.
• Monobank Acquiring (JSC "Universal Bank") — payment processing. We do not store card data; all payment information is handled by Monobank in compliance with PCI DSS. Subject to Monobank's terms.
• Resend — transactional email delivery (subscription confirmations, renewal notifications). Only your email address is shared. Subject to Resend's Privacy Policy.
• Cloudflare — website hosting and CDN. Subject to Cloudflare's Privacy Policy.
• Microsoft (Clarity) — anonymized website analytics and heatmaps. Subject to Microsoft's Privacy Statement.

11. Data Retention

• Account data — your email address and subscription details are retained while your subscription is active and for 30 days after cancellation or account deletion, to allow for account recovery.
• Payment records — transaction records (amount, date, status) are retained for 7 years as required by Ukrainian tax legislation.
• OAuth tokens — stored locally in your browser and managed by Chrome. Tokens expire or are refreshed automatically.
• Analytics data — anonymized usage data is retained according to Google Analytics 4 and Microsoft Clarity retention policies.

12. Retention and Deletion of Google User Data

Data deletion: You can delete all Extension-related data at any time:

• Revoke OAuth access — Visit Google Account permissions and revoke access for "GTM Event Helper". This immediately invalidates all access tokens and prevents the Extension from accessing your GTM data.
• Remove Extension — Uninstalling the Extension from Chrome removes all locally stored data, including OAuth tokens and any cached GTM account/container selections.
• Clear browser data — Clearing Chrome's extension storage or browser data will remove all Extension-related data stored locally.

Since we do not store Google user data on our servers, there is no Google-specific data to delete from our systems.

13. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can request correction of inaccurate or incomplete data.
• Right to erasure — you can request deletion of your personal data (subject to legal retention requirements).
• Right to data portability — you can request your data in a structured, machine-readable format.
• Right to object — you can object to the processing of your personal data for specific purposes.
• Right to restrict processing — you can request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

14. Right to Delete Your Account

You may request complete deletion of your account and all associated personal data by emailing [email protected]. Upon receiving your request, we will:

• Delete your account data within 30 days.
• Retain payment records for 7 years as required by tax law.
• Confirm deletion via email.

You can also revoke Google OAuth access independently via Google Account permissions.

15. Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. We will notify registered users of material changes via email.

16. Contact

For questions about this privacy policy, data protection, or to exercise your rights, contact us at [email protected].

Back to home · Blog · Terms of Service · Contact · 🇺🇦