Legal

Google API Disclosure

How Fokal accesses, uses, stores, and shares information received from Google APIs, in compliance with the Google API Services User Data Policy.

Effective: 25 May 2026 · Version: 1.0

Limited Use affirmation

Fokal's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Fokal:

  1. Uses Google user data only to provide and improve user-facing features that are visible and prominent in the Fokal application.
  2. Does not transfer Google user data to others except as necessary to provide or improve those features, with user consent, for security, to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with notice).
  3. Does not allow humans to read Google user data except: (a) with your explicit consent for specific items; (b) in aggregated or anonymised form for internal operations; (c) for security purposes; or (d) where required by law.
  4. Does not use or transfer Google user data for advertising, retargeting, selling to data brokers, credit/lending assessment, or to develop, improve, or train generalised AI or machine-learning models.

Google scopes Fokal requests

Fokal requests only the Google scopes necessary to deliver the features you choose to use. Each scope is requested separately — you can grant some and decline others.

Google Search Console — https://www.googleapis.com/auth/webmasters.readonly

Purpose: Read access to your Google Search Console data for the sites you have verified in your Google account.

Feature inside Fokal: Search Console integration powers Fokal's keyword research, ranking dashboards, content-gap analysis, top-page reports, and "site health" audits. It also lets Fokal detect when you publish a new article so we can mark its draft as live.

Data we read:

Data we do NOT read: Anything outside this read-only scope. We cannot submit sitemaps, modify settings, or take any other action on your Search Console account.

User control: You can revoke this scope at any time from Fokal Settings → Integrations → Disconnect, or from https://myaccount.google.com/permissions.

Google Analytics — https://www.googleapis.com/auth/analytics.readonly

Purpose: Read-only access to your Google Analytics 4 properties and data.

Feature inside Fokal: Analytics integration powers Fokal's traffic dashboards, conversion attribution per URL, the "AI search traffic" view (which filters referrer traffic to identify visits from ChatGPT, Perplexity, Claude, Gemini, Copilot, You.com, and Phind), and the rank-to-traffic join that combines Search Console rankings with Analytics traffic on a per-URL basis.

Data we read:

Data we do NOT read: Anything outside the read-only scope. We cannot modify your Analytics configuration, add or remove properties, or change any setting.

User control: You can revoke this scope at any time from Fokal Settings → Integrations → Disconnect, or from https://myaccount.google.com/permissions.

Google Sign-In — openid, email, profile

Purpose: Identity verification when you sign in to Fokal with your Google account.

Feature inside Fokal: Lets you sign in to Fokal without setting up a separate password.

Data we read: Your Google account email address, name, and profile picture URL.

User control: If you prefer not to sign in with Google, you can use email + password instead.

How Google data is stored

OAuth refresh tokens are encrypted at rest using application-layer envelope encryption, separately from your account data. Refresh tokens are deleted within 24 hours of you revoking the integration.

Search Console and Analytics data fetched on your behalf is cached in our primary database (hosted in Australia) for up to 12 months to power dashboards, historical comparisons, and trend views without re-hitting the Google API on every page load. Cached data is encrypted at rest.

For the full retention schedule, see Section 8 of our Privacy Policy.

How Google data is shared

Google user data fetched via OAuth is processed by Fokal's infrastructure and a small number of categorical subprocessors (hosting, AI inference). In particular:

For the categories of subprocessors Fokal uses, see fokal.com/subprocessors. A specific vendor-level list is available to customers on request under NDA.

We do not sell or rent Google user data. We do not use Google user data for advertising or retargeting. We do not use Google user data to train AI or machine-learning models.

Deletion

You can delete Google data held by Fokal in any of these ways:

  1. Disconnect the integration inside Fokal (Settings → Integrations → Disconnect). This stops new data being fetched and deletes the refresh token within 24 hours. Cached data is retained per the retention schedule unless you also delete your workspace.
  2. Delete your Fokal account (Settings → Account → Delete account). All your data, including cached Google data, is deleted within 90 days. See Privacy Policy Section 8.2.
  3. Email hello@fokal.com to request bulk deletion of specific data.

You can also revoke Fokal's access directly from Google at https://myaccount.google.com/permissions.

Changes to this disclosure

If we add new Google scopes or materially change how Google data is used, we will:

  1. Update this page with the new effective date and a summary of changes
  2. Notify account holders by email at least 30 days before the change takes effect (where the change affects data already collected)
  3. Where required by Google policy, re-submit our app for verification of the new scope

Contact

For Google-specific concerns, you may also contact Google directly via https://support.google.com.

Eight minutes to something you can ship.