Privacy Policy

Last updated:

The short version

  • No accounts, no passwords, no sale of personal data.
  • The Google Index Checker and SEO Dashboard use read-only Google OAuth (Search Console, plus Analytics for the dashboard). Your OAuth token and all Google user data stay in your browser and never reach our servers.
  • We do not share, transfer, or sell Google user data, and we use it only to provide the tool’s features. Our use adheres to the Google API Services User Data Policy, including the Limited Use requirements (see Section 3).
  • Contact form submissions are emailed to us via Resend; we don’t store them in a separate database.
  • If Google Analytics is enabled on the deployment, it sets the standard _ga cookies.

1. Who we are

This site, avinashvagh.com, is operated by Avinash Vagh as an individual. For any privacy question, email coefeewithav@gmail.com.

2. What we collect and why

Contact form submissions

If you submit the contact form, we collect your name, email address, website URL, product stage, monthly budget, and any optional fields you fill in (phone, needs, product description). These details are sent to our inbox via Resend so we can reply. They are not stored in a separate database on our side.

Analytics (when enabled)

When the deployment is configured with Google Analytics, the standard Google Analytics script is loaded and sets the usual _ga cookies. We use this to see aggregate, anonymous traffic patterns (page views, referrers). We do not link analytics data to any individual.

Rate-limit signals

For some tool endpoints we read your IP address from request headers and feed it into Upstash Redis for short-window rate limiting. The counter expires after the rate-limit window (typically minutes) and is not joined to any account.

Per-tool data handling

  • Google Crawler Simulator — the URL you submit is fetched server-side so we can mirror what Googlebot would see. We do not log or store the URLs you check.
  • AI Crawler Checker — the target URL is sent to our server only to fetch /robots.txt and the page itself. Not stored.
  • IndexNow Submitter — your sitemap URL and IndexNow key are kept in your browser’s localStorage only if you opt in via the “Remember on this browser” checkbox. The submit endpoint fetches your sitemap, verifies the key file at your domain root, and forwards the URL list to IndexNow-enabled engines. Your key is used in-flight and not persisted server-side.
  • Free Google Index Checker — read-only OAuth to your Google Search Console properties. The access token is stored in your browser’s sessionStorage only (cleared when the tab closes). Daily inspection counts are kept in localStorage so the quota meter works. Inspection results live in your browser tab. Every Search Console API call is made directly from your browser to Google — none of this data routes through our servers.
  • SEO Dashboard — read-only OAuth to Google Search Console and Google Analytics 4. The access token is stored in your browser’s sessionStorage only. Performance and analytics metrics are fetched directly from Google and cached on your device in IndexedDB so your dashboard history persists between visits. Nothing is sent to our servers. See Section 3 for the full Google-user-data disclosure.

3. Google user data (Search Console & Analytics OAuth)

Two tools on this site use Google OAuth: the Free Google Index Checker and the SEO Dashboard. This section describes, comprehensively, how they access, use, store, and share Google user data, in line with the Google API Services User Data Policy.

What Google user data we access

We only ever request read-only scopes, and only when you choose to connect a tool:

  • https://www.googleapis.com/auth/webmasters.readonly (Search Console — used by both tools). Through this scope we read the list of Search Console properties your Google account is verified for; Search Analytics performance rows (clicks, impressions, CTR, and average position, broken down by date, query, page, country, device, and hour); and, in the Index Checker, URL Inspection results for the specific URLs you ask it to check (index status, coverage state, last crawl time, and canonical information).
  • https://www.googleapis.com/auth/analytics.readonly (Google Analytics 4 — used only by the SEO Dashboard). Through this scope we read the list of GA4 properties you have access to and aggregated report metrics (sessions, total users, engaged sessions, engagement rate, average session duration, bounce rate, and key events), broken down by date, country, source / medium, landing page, and device. If you configure a conversion funnel, we also read the aggregated counts for the GA4 event names you choose. We read only aggregated, report-level data — we do not access individual visitor identifiers or raw event-level data.

We do not request or access your Gmail, contacts, Drive, calendar, profile, or any other Google data. Both scopes are read-only — we cannot modify, create, or delete anything in your Search Console, Analytics, or Google account.

How we use Google user data

We use Google user data solely to provide the user-facing features you requested — displaying your property lists, URL inspection results, and Search Console / Analytics dashboards inside the tool, in your own browser. We do not use Google user data for advertising, for building user profiles, for training or improving machine-learning or AI models, or for any purpose other than providing and improving the tool’s functionality.

How we store and protect Google user data

  • The OAuth access token is stored only in your browser’s sessionStorage and is erased automatically when you close the tab or click Disconnect.
  • Every Search Console and Analytics API call is made directly from your browser to Google over HTTPS. Your property lists, inspection results, and report data live only in your browser.
  • In the SEO Dashboard, the metrics fetched from Google are cached on your device in your browser’s IndexedDB so your dashboard history persists between visits. This local archive stays on your device; removing a property (or clearing your browser storage) deletes it. Any CSV / spreadsheet exports are generated in your browser and downloaded directly to your device.
  • None of this Google user data is transmitted to, logged by, or stored on our servers, and it is never written to any server-side database. The token is never persisted beyond the browser session.
  • The only related item the Index Checker keeps is a per-property daily inspection count (a number, containing no Google content) in your browser’s localStorage so the quota meter works.

How we share Google user data

We do not share, transfer, sell, disclose, or otherwise make your Google user data available to any third party. Because every API request goes directly from your browser to Google, your Google user data never reaches our servers and therefore is never transferred onward. We do not transfer Google user data to third parties for serving advertisements, and we do not allow humans to read this data.

Limited Use

avinashvagh.com’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking access and deleting Google user data

You can revoke this site’s Search Console and Analytics access at any time from myaccount.google.com/permissions. Clicking Disconnect (or closing the tab) immediately erases the OAuth token. In the SEO Dashboard, removing a property deletes its cached data from IndexedDB, and clearing your browser’s site storage wipes the entire local archive. Because all Google user data is only ever held on your own device, we hold no server-side copy to delete.

4. Third-party services we route through

  • Google — OAuth, Search Console API, and (optionally) Google Analytics. Subject to Google’s Privacy Policy.
  • Resend — email delivery for the contact form.
  • Vercel — hosting, edge runtime, and standard server logs.
  • Upstash Redis — short-window rate-limit counters.
  • IndexNow engines (Microsoft Bing, Yandex, Naver, Seznam, Yep) — when you use the IndexNow Submitter, your URL list is shared with these participating engines per the IndexNow protocol.

When a tool fetches a URL you submit (Google Crawler Simulator, AI Crawler Checker, IndexNow Submitter, sitemap loader), the target site’s server may log that request as originating from avinashvagh.com.

5. Cookies and local browser storage

Cookies

We do not set first-party cookies. If Google Analytics is enabled, it sets its standard _ga cookie under your browser’s control.

localStorage keys (persist until you clear them)

  • indexnow:lastSitemap — last submitted sitemap URL (opt-in)
  • indexnow:lastKey — your IndexNow key (opt-in)
  • indexnow:remember — remember-me preference
  • gsc:usage:<site>:<date> — per-property daily inspection counters

sessionStorage keys (cleared when the tab closes)

  • gsc:token — Google Search Console OAuth access token (Index Checker)
  • seo-dashboard:token — Search Console + Analytics OAuth access token (SEO Dashboard)
  • gsc:prefilledUrls — handoff from IndexNow tool, consumed once

IndexedDB (persists on your device until you clear it)

  • seo-dashboard — SEO Dashboard’s local cache of your Search Console and GA4 metrics, tracked properties, and funnel configuration

You can clear all of this any time via your browser’s site settings, or via the in-tool buttons (e.g. Forget saved values on the IndexNow tool, Disconnect on the Google Index Checker).

6. Retention

  • Contact-form emails — kept in our inbox until manually deleted.
  • Analytics data — per Google Analytics’ configured retention (default 26 months unless changed).
  • Rate-limit counters — auto-expire after the rate-limit window (minutes).
  • Google user data — held only in your browser session; the OAuth token is erased when you close the tab or click Disconnect. We keep no server-side copy, so there is nothing on our side to retain or delete.
  • Browser-local data — kept until you clear it.

7. Your rights

You can ask us to delete any contact-form submission or other personal data you’ve shared. Email coefeewithav@gmail.com and we’ll handle it within a reasonable time.

For Google Search Console access specifically: you can revoke this site’s OAuth grant at any time from myaccount.google.com/permissions. That immediately invalidates the token in your browser.

8. Children

These tools are not directed at children under 13, and we do not knowingly collect personal information from them.

9. Changes to this policy

We may update this policy when we ship new tools or change how data is handled. Material changes will be reflected in the “Last updated” date at the top of this page.

10. Contact

Privacy or data questions: coefeewithav@gmail.com

See also: Terms of Service.