ConsentModeMonitor Privacy Policy
What information does ConsentModeMonitor collect?
The MeasureMinds ConsentModeMonitor parses your website or Google Tag Manager (GTM) container in order to provide you with a list of tags with missing or incorrect consent.
The MeasureMinds ConsentModeMonitor collects an email address to access the tool.
If the user decides to use the option to have the tool automatically access their GTM container and fix consent-related issues, then the user has to use a Google login ID accessed by Oauth.
This requires the following scopes:
- ./auth/userinfo.email (See your primary Google Account email address)
- ./auth/userinfo.profile (See your personal info, including any personal info you’ve made publicly available)
- ./auth/tagmanager.edit.containers (Manage your Google Tag Manager container and its subcomponents, excluding versioning and publishing)
How does ConsentModeMonitor use the information?
The email addresses collected are used to send newsletters to the user. Before signing up, users are given the option to opt out.
The app requires the following scopes:
- ./auth/userinfo.email and
- ./auth/userinfo.profile
These scopes allow the app to authenticate users and execute GTM changes on their behalf. The app collects user information through these scopes to store it in Firestore. This data is then used to manage user accounts, integrate Stripe payments, and link the user’s Google account.
- ./auth/tagmanager.edit.containers
This scope is necessary to implement consent-related updates within the user’s GTM container, which is a core functionality of the app.
What information does ConsentModeMonitor share?
No data is shared with third parties or with other users or tools.
This service complies with Google’s Limited Use requirements for applications utilising sensitive API scopes. The ConsentModeMonitor has access to your Google Tag Manager accounts, containers, workspaces, and items within, so that you can use the service to manage these items more efficiently.
How we protect sensitive data
Access Control
- Role-Based Access Control (RBAC): We restrict access to sensitive data within our systems using RBAC, ensuring that only authorised personnel have access to specific data based on their roles.
- Two-Factor Authentication (2FA): To further secure accounts and prevent unauthorised access, we require two-factor authentication for all users and administrators accessing sensitive data.
- Least Privilege Principle: Access to sensitive data is granted only to the minimum extent necessary for individuals to perform their job functions.
Data Anonymisation and Masking
- Anonymisation: When feasible, sensitive data is anonymised, meaning personal identifiers are removed to protect individual identities in our datasets.
- Data Masking: In cases where anonymisation is not applicable, sensitive data fields are masked, making it unreadable to unauthorised users.
Regular Security Audits and Penetration Testing
- We perform regular security audits and third-party penetration testing to identify and address vulnerabilities within our infrastructure. This ensures that our systems are always up-to-date with the latest security protocols and best practices.
Intrusion Detection and Monitoring
- We employ advanced intrusion detection and monitoring systems that continuously monitor for suspicious activities or unauthorised access attempts. In the event of any unusual behavior, immediate alerts are triggered, and our security team responds to mitigate potential threats.
Data Minimisation and Retention Policies
- We practice data minimisation by only collecting the necessary information required for the app’s functioning. Data retention policies are strictly enforced to ensure that sensitive information is deleted when it is no longer needed, reducing the risk of unnecessary data exposure.
Compliance with Regulations
- Our data protection mechanisms are designed to comply with industry standards and regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant laws. This ensures that your sensitive data is handled lawfully and responsibly.
User Control and Data Portability
- Users have control over their data, including the ability to request access, correction, or deletion of their personal information at any time. We also provide mechanisms for users to download or export their data securely if needed.
Our data retention policy
Purpose of Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations, resolve disputes, and enforce our policies.
Data Deletion
Users may request the deletion of their data at any time by contacting hello@measuremindsgroup.com.
Legal Obligations
We may retain data longer if required by law or to protect our legitimate interests (e.g., fraud prevention, enforcing terms).
Terms of Service
Last updated: October 12, 2021
Please read these Terms of Service (“Terms”, “Terms of Service”) carefully before using the MeasureMinds GA4 Migrator (the “Service”) operated by MeasreMinds (“us”, “we”, or “our”).
Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service.
By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Service.
Links To Other Web Sites
Our Service may contain links to third-party websites or services that are not owned or controlled by us.
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services. You further acknowledge and agree that we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit.
Governing Law
These Terms shall be governed and construed in accordance with the laws of the United Kingdom, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have between us regarding the Service.
Changes
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Service.
Contact Us
If you have any questions about these Terms, please contact us.