What data is stored by the app and where?

1 What data is stored?
- 1.1 Google Analytics 4
  - 1.1.1 Property configuration
  - 1.1.2 User tokens
- 1.2 Reporting Permissions
2 Where is the data stored?

What data is stored?

Google Analytics 4

Property configuration

The following data is stored:

The property id and name (from Google Analytics)
The data stream id and name (from Google Analytics)
The measurement id (from Google Analytics)
Details of the Google user who configured the property and when
- The user’s id, displayName and email (from Google profiles) – this is to help users of the app understand who last configured the app
The timestamp when the property was last configured

This data is stored in the following format:

{
	"property": {
		"id": "properties/1234567",
		"name": "Property Name"
	},
	"dataStream": {
		"id": "properties/1234567/dataStreams/1234567",
		"name": "Data Stream Name"
	},
	"measurementId": "G-******",
	"user": {
		"displayName": "John Doe",
		"email": "doe@example.com",
		"resourceName": "people/1234567"
	},
	"time": 1693327703506
}

User tokens

When the app is configured, we store an access token for the single user who has configured the app.

For your reassurance, we recommend that a dedicated service user is created for the Google Analytics account which has no access to any other systems.

The following data is stored:

An expiring access token
A list of OAuth scopes:
https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics.edit
The token type
An ID token
The expiry date of the access token
A refresh token

When the app is uninstalled, these user tokens are automatically deleted.

User tokens can also be deleted by https://dsapps.atlassian.net/wiki/spaces/analytics/pages/4829642837.

This data is stored in the following format:

{
	"access_token": "******",
	"scope": "******",
	"token_type": "Bearer",
	"id_token": "******",
	"expiry_date": 1693567343979,
	"refresh_token": "******"
}

Reporting Permissions

The following data is stored:

A list of group names (from Confluence)

This data is stored in the following format:

Where is the data stored?

The data is stored on the Heroku platform, in the US region.

Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centres and utilise the Amazon Web Service (AWS) technology.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Amazon’s data centre operations have been accredited under:

ISO 27001
SOC 1 and SOC 2/SSAE 16/ISAE 3402
PCI Level 1
FISMA Moderate
Sarbanes-Oxley (SOX)