StatPilot is a Google Analytics 4 dashboard operated by Dizid Web Development, a sole-proprietorship based in the Netherlands. You can reach us at hello@dizid.com.
We collect only what is necessary to provide the service.
When you sign in with Google, Google shares the following with us under the OpenID Connect protocol:
To keep you signed in and fetch your analytics data, Google issues us:
With your permission (via the analytics.readonly OAuth scope), we fetch aggregated metrics from your GA4 properties — such as page views, sessions, and traffic sources. This is your own analytics data; we only read it and display it to you.
Analytics data is not stored on our servers. It is cached in your browser's localStorage with a 6-hour expiry and is never transmitted to us or any third party.
| Data | Purpose |
|---|---|
| Email address | Verify you are on the authorized access list; display in the dashboard header |
| Name & profile picture | Display in the dashboard header during your session |
| Google user ID | Index your refresh token in secure server-side storage |
| Refresh token | Obtain new access tokens to fetch your GA4 data without re-authentication |
| GA4 analytics data | Display in your browser; locally cached for performance |
We do not use your data for marketing, profiling, advertising, or any purpose other than operating the dashboard for you.
Your Google refresh token is stored in Netlify Blobs, a managed object-storage service. Netlify Blobs stores data encrypted at rest using AWS S3 server-side encryption (SSE-AES256). Data is keyed by your Google user ID and is accessible only to our serverless functions.
No other personal data is stored server-side.
localStorage. Contains your name, email, profile picture URL, and an expiry timestamp (24-hour TTL). Signed with HS256; not encrypted. Cleared when you log out or the token expires.localStorage. Contains your GA4 metrics for faster page loads. 6-hour TTL. Contains aggregated website statistics, not personal information. Cleared when you log out.We use exactly one cookie:
We do not use tracking cookies, analytics cookies, advertising cookies, or any persistent cookies beyond the above.
We have no other third-party integrations. There are no tracking pixels, advertising networks, or analytics tools embedded in StatPilot.
You have full control over your data:
If you are located in the European Economic Area, you may have additional rights under the GDPR, including the right to access, rectify, or erase your personal data. Contact us to exercise these rights.
We take reasonable measures to protect your data:
oauth_state cookie is httpOnly and Secure to prevent JavaScript access and CSRF attacksNo method of transmission or storage is 100% secure. We cannot guarantee absolute security.
StatPilot is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with their information, please contact us at hello@dizid.com and we will delete it promptly.
Dizid Web Development is based in the Netherlands (EU). Your data may be processed by our service providers (Google, Netlify) in the United States and other countries. Where data is transferred outside the EEA, we rely on the service providers' Standard Contractual Clauses or other applicable transfer mechanisms.
We may update this policy when the service changes materially. We will update the effective date at the top of this page. For significant changes affecting how we use personal data, we will take reasonable steps to notify affected users. Continued use of the service after changes constitutes acceptance of the updated policy.
Questions about this privacy policy? Contact us: