Google API privacy disclosure

Version 1.0 ยท last updated 11 April 2026

This page describes how Skeo uses, stores, and handles data received from Google APIs when a user connects a Google Search Console or Google Analytics 4 property to an Skeo project. It is a scope-specific disclosure that complements our general privacy policy at skeo.nl/privacy, which is written in Dutch and applies to all other processing activities.

Skeo is operated by Spixels Online Marketing, Smederijstraat 10, 2671 BV Naaldwijk, the Netherlands, registered at the Dutch Chamber of Commerce under number 60016019, VAT number NL001731702B36. You can reach us at sven@spixels.nl.

1. What Skeo is

Skeo is a self-service SEO platform where website owners manage their SEO projects, run keyword research, track rankings, analyse competitors, and plan AI-generated content. Users can optionally connect their own Google Search Console property and their own Google Analytics 4 property to a project, so that the data shown inside Skeo reflects their real search performance and real visitor traffic rather than third-party SERP-scrape data only.

2. Requested Google API scopes

When a user clicks the Connect button in a project's Integrations tab, Skeo requests the following read-only OAuth scopes:

  • https://www.googleapis.com/auth/webmasters.readonly to list the user's Google Search Console properties and to retrieve daily search analytics for the property that the user explicitly selects.
  • https://www.googleapis.com/auth/analytics.readonly to list the user's Google Analytics 4 account summaries and to retrieve daily traffic metrics for the property that the user explicitly selects.

Skeo does not request any write scope, any admin-edit scope, any Gmail scope, any Drive scope, or any scope that provides personal profile data. Both requested scopes are read-only and are the minimum viable scopes for the features described below.

3. How Skeo uses Google Search Console data

For the webmasters.readonly scope, the application calls the following Google Search Console API endpoints:

  • GET /webmasters/v3/sites during the onboarding flow, so the user can pick which GSC property to link. The property list is shown once and is not persisted.
  • POST /webmasters/v3/sites/{siteUrl}/searchAnalytics/query to retrieve search analytics rows. On the initial connection the application backfills 90 days of daily data. After the initial backfill, a daily cron job re-fetches the most recent 5 days to capture retroactive updates that Google makes to already reported days.

The search analytics request retrieves the following fields per row: query, page, clicks, impressions, ctr, position, aggregated per day. This data is used inside the user's own project to:

  • Show a daily traffic and ranking performance chart on the project dashboard.
  • Merge GSC queries into the user's existing keyword research list, so that rank tracking reflects real Google Search data rather than scrape-only data.
  • Identify pages that are underperforming relative to their impression volume, so the user can prioritise content updates.

4. How Skeo uses Google Analytics 4 data

For the analytics.readonly scope, the application calls the following Google Analytics 4 API endpoints:

  • GET https://analyticsadmin.googleapis.com/v1beta/accountSummaries during onboarding, so the user can pick which GA4 property to link. The property list is shown once and is not persisted.
  • POST https://analyticsdata.googleapis.com/v1beta/{propertyId}:runReport to retrieve daily report rows. On the initial connection the application backfills 90 days. After the initial backfill, a daily cron job re-fetches the most recent 3 days to capture retroactive GA4 updates.

The runReport request uses the dimension date and the metrics activeUsers, sessions, and screenPageViews, aggregated per day. This data is used inside the user's own project to:

  • Render a daily visitor volume chart on the project dashboard.
  • Correlate visitor growth with ranking changes, so the user can attribute the effect of their SEO work.

Skeo does not request any audience, cohort, demographic, device, or event-level metric. It does not request any user-level or individual session data.

5. Storage and retention

All data retrieved from Google APIs is stored in our application database, which runs on Convex in the EU region (eu-west-1, Ireland). Data never leaves the European Union.

OAuth refresh tokens and access tokens are encrypted at rest using AES-256-GCM with a key that is stored as a server-side environment variable and is not accessible to application code outside the encryption helper. The encryption key is rotated separately from the tokens.

Retrieved Google Search Console and Google Analytics data is retained for as long as the user keeps the project active. When the user disconnects a Google integration from a project, or when the user deletes the project, or when the user closes their Skeo account, the encrypted tokens and all associated Google-derived data are permanently erased from our database within 30 days.

6. Data sharing

Skeo does not share Google user data with third parties. We do not sell Google user data, we do not use Google user data for advertising personalisation, we do not transfer Google user data to advertisers, data brokers, or analytics providers, and we do not use Google user data to train machine learning models, either our own or those of third parties.

The only exception is the standard set of infrastructure subprocessors used to operate the application itself (Convex for database hosting in the EU, and Vercel for application hosting). These subprocessors have contractual data processing agreements and do not access Google user data for their own purposes.

7. How to revoke access

Users can revoke Skeo's access to their Google data in two independent ways:

  • Inside the app. Open the project, go to Project settings, select the Integrations tab, and click Disconnect next to Google Search Console or Google Analytics. On disconnect, the encrypted refresh and access tokens are immediately erased, and the scheduled daily sync stops.
  • Via Google directly. Visit myaccount.google.com/permissions, find Skeo in the list of third-party apps, and click Remove Access. The next time our daily cron attempts a sync, Google returns an invalid_grant error and the application automatically clears the connection from the project.

8. Limited Use disclosure

Skeo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

9. Security

All data in transit is protected with TLS 1.2 or higher. OAuth tokens are never logged, never included in error reports, and never transmitted in URLs. Access to the production database is limited to the application itself and to named administrators with multi-factor authentication enforced. Security incidents, if any, are disclosed to affected users within 72 hours as required by GDPR article 33.

10. Contact

For any question about this disclosure, about how Skeo uses Google API data, or to exercise your rights under GDPR, contact sven@spixels.nl. We respond within 30 days.

11. Changes

We may update this disclosure when we add a new Google API scope, when we change which data fields we retrieve, or when we change the retention policy. The version number and date at the top of this page always reflect the most recent update. Material changes are announced to logged-in users through an in-app notice before they take effect.