Liyab Digital Logo
SearchSign In

# Privacy Policy

Last updated: 2026-05-13

Overview

Tag Fire ("we", "us", "our") provides analytics and tag-management tooling for Google Analytics 4 and Google Tag Manager. This policy explains what data we collect, why, and what your rights are.

What we collect

Account data. When you sign in with Google we receive your name, email address, profile picture, and a Google account identifier. We store these in our database so we can identify you on return visits.

Google API tokens. With your consent we store short-lived Google OAuth access tokens and a refresh token so Tag Fire can read your GA4 properties and GTM containers on your behalf. We never request scopes beyond what is required for the feature you are using.

GA4 / GTM data you authorize us to read. When you run an audit, Tag Fire reads configuration and metadata from the GA4 properties and GTM containers you select. We store the audit results so you can revisit them.

Workspace data. If you create or join a workspace, we store the workspace name, members, roles, and any resources you save inside it (UTM links, saved GTM resources, bookmarks).

Billing data. Subscriptions are processed by Paddle. We store your Paddle customer ID and subscription status. We do not store full card numbers — Paddle handles payment instruments directly.

Operational data. Standard server logs (IP, user agent, request path) for security and debugging.

How we use it

- To authenticate you and provide the features you sign up for.
- To run audits and analyses against the Google accounts you connect.
- To bill you and manage your subscription.
- To send transactional email (sign-in confirmations, invoices, workspace invites).
- To investigate abuse, debug errors, and improve the product.

We do not sell your data. We do not use your GA4 or GTM data to train models or build profiles outside of your own account.

Sharing

We share data only with the processors needed to run the service:

- Google — OAuth and the GA4 / GTM APIs.
- Vercel — application hosting and Postgres database.
- Paddle — subscription billing and tax handling.
- Email provider — transactional email delivery.

We may disclose information if required by law.

Retention

- Audit reports and saved workspace data: retained until you delete them or close your account.
- Google OAuth tokens: retained until you disconnect or revoke access in your Google account.
- Account data: retained while your account is active, then deleted within 30 days of account deletion (some records may be kept longer where required by tax or accounting law).

Your rights

You can request access, correction, export, or deletion of your data by emailing hello@tagfire.app. You can also revoke Tag Fire's Google access at any time from your Google account permissions page.

Cookies

We use a small number of first-party cookies that are strictly necessary for authentication and session management. We do not use third-party advertising or tracking cookies.

Changes

We may update this policy. Material changes will be announced via email or an in-app notice before they take effect.

Contact

Questions about this policy: hello@tagfire.app