Security

The free scan and watch

The free scan requires no account access. We load your page in a clean, sandboxed browser and watch the tracking requests it makes, the same way a first-time visitor’s browser would. Nothing is installed on your site, and no GTM, GA4, or other account access is requested or used. The weekly watch simply re-runs that scan on a schedule and emails what changed — the same no-access posture. Raw capture is short-lived: we keep only the minimized observation needed to produce your report, dropping cookies, auth headers, and request bodies before storage and partially masking measurement IDs on shareable surfaces. See the method for detail.

Connected analysis (planned)

Connected GA4/GTM analysis is a planned feature and is not available yet. When it ships, connecting your accounts will grant MeasureProof read-only access to the Google Tag Manager and Google Analytics configuration and reporting aggregates you choose to share, to verify your measurement over time. Access will be read-only — never write — the resources will stay in your own Google accounts, any tokens will be stored encrypted, and you’ll be able to revoke at any time.

What we store

For a free scan or watch, we keep only the minimized observation and baselines behind your reports, plus your email address if you opt into the watch. Connected analysis, once available, would additionally store the findings and checks generated from the resources you connect, the account identity needed to associate them with you, and any access tokens (encrypted) required to refresh data.

What we don’t do

We do not sell your data, and we will not use connected-account data to train third-party models. The public website carries no analytics cookies or third-party tracking, and we never send account data to it.

Reporting a concern

If you find a security issue, please email [email protected]. As an early-access product, our security posture is evolving and we welcome responsible disclosure.