Plask

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Plask ("we," "our," or "us") provides a software-as-a-service platform that connects to your Google Analytics 4 properties to deliver automated anomaly detection and AI-generated weekly digests. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using Plask, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you sign in with Google, we receive and store your name, email address, and profile picture from your Google account. This information is used to identify your account and personalize your experience.

2.2 Google Analytics Data

With your explicit authorization, we access your Google Analytics 4 property data through the Google Analytics Data API. This includes metrics such as active users, sessions, screen views, and event counts. We request the analytics.readonly scope, which provides read-only access to your analytics data. We cannot modify your Google Analytics configuration.

2.3 OAuth Tokens

To access your Google Analytics data on your behalf, we store OAuth access and refresh tokens. These tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database. Tokens are only used to retrieve your analytics data and are never shared with third parties.

2.4 Payment Information

If you subscribe to our Pro plan, payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other sensitive financial information on our servers. We retain only your Stripe customer ID and subscription status to manage your account tier.

2.5 Usage Data

We may collect basic usage data such as pages visited, features used, and interaction patterns to improve the service. This data is aggregated and not linked to individual users.

3. How We Use Your Data

We use the information we collect to:

  • Provide and maintain the Plask service, including daily metrics synchronization and dashboard display.
  • Detect anomalies in your analytics data using statistical analysis (modified Z-score over a 28-day rolling window) and notify you of significant changes.
  • Generate AI-powered weekly digest summaries of your analytics trends and performance.
  • Send you email notifications for anomaly alerts and weekly digests (Pro plan only).
  • Process subscription payments and manage your account tier.
  • Communicate with you about service updates or issues.

4. Third-Party Services

We use the following third-party services to operate Analytics Dashboard. Each service receives only the minimum data necessary to perform its function:

4.1 Google (Authentication & Analytics API)

We use Google OAuth for authentication and the Google Analytics Data API to retrieve your analytics data. Google's use of your data is governed by the Google Privacy Policy.

4.2 Supabase (Database)

Your account information, analytics metrics, alerts, and digests are stored in a Supabase-hosted PostgreSQL database. OAuth tokens are encrypted before storage. Supabase provides infrastructure-level encryption at rest and in transit.

4.3 Stripe (Payments)

Payment processing is handled by Stripe. When you subscribe to Pro, your payment information is sent directly to Stripe and never passes through our servers. Stripe's privacy practices are described in the Stripe Privacy Policy.

4.4 Anthropic (AI Digests)

Weekly digest summaries are generated using Anthropic's Claude AI. We send aggregated, anonymized analytics metrics (such as user counts, session trends, and week-over-week changes) to Claude for summarization. No personally identifiable information or raw user data from your Google Analytics properties is sent to Anthropic.

4.5 Resend (Email)

We use Resend to deliver email notifications including anomaly alerts and weekly digests. Resend receives your email address and the content of the notification being sent.

5. Data Storage & Security

We take the security of your data seriously and implement the following measures:

  • OAuth tokens are encrypted using AES-256-GCM before database storage, with version-prefixed payloads supporting key rotation.
  • All data is transmitted over HTTPS/TLS encrypted connections.
  • Database access is restricted to authenticated application connections only.
  • Payment data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor.
  • We use JSON Web Tokens (JWT) for session management, with tokens signed using a secure secret.

6. Data Retention

We retain your data for as long as your account is active. Historical analytics metrics are stored indefinitely to enable trend analysis and anomaly detection. If you delete your account, we will:

  • Delete your account information and profile data.
  • Revoke and delete all stored OAuth tokens, removing our access to your Google Analytics data.
  • Delete all stored analytics metrics, alerts, and digests.
  • Cancel any active Stripe subscription (Stripe may retain records per their own retention policy).

Some data may be retained in database backups for a limited period consistent with our backup retention schedule.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Export your stored analytics data.
  • Delete your account and all associated data.
  • Revoke Google Analytics access at any time through your Google Account permissions.
  • Opt out of email notifications through your dashboard settings.

To exercise any of these rights, contact us using the information below.

8. Cookies

Plask uses essential cookies only. We use a session cookie to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

Plask is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@plask.dev