This document explains how GA Connector helps you comply with your obligations under the EU and UK GDPR as a data controller and use GA Connector in a GDPR-compliant, privacy-focused way.
LEGAL ADVICE DISCLAIMER: The information on this page is for general informational purposes only and does not constitute legal advice. We disclaim all warranties and liability with respect to this content. For guidance on specific legal questions, please consult qualified legal counsel.
What data GA Connector stores
GA Connector offers two data storage modes for attribution data collected about your website visitors. You can choose the mode that best matches your privacy posture and setup preferences.
Mode 1: No server-side retention
In this mode, GA Connector processes incoming data to compute attribution fields, but does not retain visitor-level data on our servers. Attribution values are then passed to your CRM via hidden fields (see the setup details here).
This allows us to store zero data about your website visitors on our servers in this mode. In other words, data is processed transiently to produce attribution fields, but it is not stored on GA Connector servers.
Mode 2: Short-term server-side retention (Smart Tracking feature)
In this mode, GA Connector stores attribution signals for a limited time (typically ~14 days) to support easier setup (we call this feature “smart tracking”).
The data we store:
- UTM parameters
- Google Analytics, Google Ads, and Meta Ads IDs
- GA Connector visitor ID
- Referrer URLs
- Device and browser information
- Approximate geolocation
- In smart tracking mode, we also store hashed email and phone numbers submitted through your contact forms on the website. This allows us to match this data to your CRM records. However, we never store personal identifiers in plain text; they are always hashed irreversibly.
- We don’t store users’ IP addresses. IP may be used transiently to derive an approximate location, then discarded.
The complete list of the data points we track can be found here.
This data is automatically deleted after the 14-day retention window.
To request early deletion for a specific visitor (e.g., for an erasure request), contact [email protected].
Data storage location & security
GA Connector is hosted on Amazon Web Services (AWS). Your GA Connector data is stored in the European Union region.
We apply standard industry practices designed to protect customer data and limit access.
GA Connector uses your data only to provide the service you configured. We don’t use it for advertising, cross-customer profiling, or model training, and we share it only with vetted infrastructure providers and the destinations you connect.
Consent management
GA Connector uses cookies or localStorage to store attribution data in the visitor’s browser. So, for certain regions like the EU, you usually need to obtain consent before the tracking script stores attribution cookies (depending on your consent model and applicable law).
Our friendly support team can help you configure GA Connector to work with common consent management platforms (CMPs). See: Setting up GA Connector with Consent Banners.
Is GA Connector a data controller or a data processor?
Once you set up GA Connector on your website to track and analyze visitor activity, you act as the data controller, and GA Connector acts as your data processor.
How GA Connector Complies with Its GDPR Obligations as a Data Processor
As your data processor, GA Connector is committed to meeting its obligations under the EU General Data Protection Regulation (GDPR). To ensure compliance, we have implemented the following measures:
- Data Processing Agreement (DPA): We enter into a Data Processing Agreement (DPA) with you upon signing up for our services.
- Data Security Measures: We implement appropriate technical and organizational safeguards to protect your data. See our DPA to learn the specific measures we implemented.
- Data Breach Response Plan: We maintain a GDPR-compliant data breach response plan to ensure timely and effective action if an incident occurs.
- International Data Transfers: We comply with the GDPR’s requirements for international data transfers.
To learn about how GA Connector handles data as a data controller, visit our Privacy Policy.
Contact
If you have questions about GDPR, data handling, or security, don’t hesitate to contact us via [email protected].
