Privacy Policy

Who we are

GetServerSide provides free guides and an optional hosted web app for server-side tracking setup. Contact: hello@getserverside.com.

What we collect

The public website collects usage data through Google Tag Manager and Google Analytics only when you allow analytics cookies. If you request access, we store the email address you submit plus basic attribution data such as form source, UTM parameters, landing path, and referrer so we can understand which outreach is working. If you use the app, GetServerSide also stores account-linked project data such as resource bindings, validation results, documentation, baseline observations, and encrypted Google credential records needed to operate the app.

Analytics and cookies

This site uses Google Tag Manager (GTM) and Google Analytics (GA4) to understand how visitors use the site. These services may set cookies and collect usage data such as pages visited, time on site, approximate location, device type, browser type, and referring page.

We use Basic Google Consent Mode. Google tags are blocked until you make a cookie choice. If you reject analytics and marketing cookies, GTM and GA4 do not load from the public website.

We do not intentionally send names, email addresses, or app project data to Google Analytics. You can also opt out by installing the Google Analytics Opt-out Browser Add-on.

Request-access emails

When you submit the request-access form, we may use ZeptoMail to send you a confirmation email and to notify the GetServerSide operator. These emails include your submitted email address and, for the operator notification, the attribution fields described above.

Cookie choices

The public website uses the following cookie categories:

  • Necessary cookies: required to remember your cookie choices and provide basic site functionality.
  • Analytics cookies: optional Google Analytics cookies such as _ga and _ga_* that help us measure site usage.
  • Marketing cookies: optional advertising or remarketing cookies if we add advertising tags later.

You can change your choices at any time from the Cookie preferences link in the site footer.

App accounts and Google access

If you sign in to the app with Google Sign-In, you grant GetServerSide access to your own Google resources so the app can audit your setup, build the server-side pipeline, and verify it over time. The access requested covers:

  • Identity (sign-in): your name, email, and profile picture.
  • Google Tag Manager: read your containers, and create/edit/version/publish/delete the workspaces and tags GetServerSide manages during setup.
  • Google Analytics 4: read your GA4 configuration and reporting aggregates, and create the test property used to validate the server-side pipeline.
  • Google Cloud Platform: read your project list, check and use the APIs needed to deploy and monitor the Cloud Run services that run your server-side tagging.

A plain-language breakdown of each permission, what we use it for, and what we do not touch is on our security page.

What the app stores

GetServerSide stores your Google account identity (subject ID, email, display name, picture), your encrypted Google refresh token, the OAuth scopes you granted, and the project data needed to operate the service — resource bindings, audit and validation results, documentation fields, and baseline observations. Refresh tokens are encrypted at rest with a key held separately from the session-signing key.

The app does not store your Google password, raw Google Analytics event data, Google access tokens (these are reconstructed on demand and never persisted), service-account keys, or your own OAuth client secrets.

Revoking access and deletion

You can disconnect Google access at any time from the account settings inside the app, or from your Google Account at myaccount.google.com/permissions. Disconnecting revokes the stored credential and stops all Google API access. To request deletion of your stored project data, email hello@getserverside.com.

How GetServerSide uses Google data

Google data accessed through these permissions is used only to operate the app against your own resources — auditing, building, validating, and monitoring your server-side tagging setup. It is not sold, not used for advertising, and not shared with third parties except as required to provide the service (for example, the hosting and database providers that run the app). GetServerSide’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Your rights

Contact hello@getserverside.com with any privacy questions. We will respond within 30 days.

Changes to this policy

If we update this policy, we will revise the date below.

Last updated: May 29, 2026