Translation Notice: This English version is a courtesy translation of the German “Datenschutzerklärung.”
Only the German version is legally binding. In case of any inconsistencies between the German and English versions, the German version shall take precedence.

The privacy policy for GTM CLI can be found at the bottom of this page.

Privacy Policy

As of: 09/22/2024

We deliberately try to formulate our privacy policy in such a way that it is understandable even for non-lawyers.
We also go beyond what is absolutely necessary and give you a little more context to make it transparent why we process data the way we do.

Even though it is deliberately worded differently from most other privacy policies you are familiar with, it is still a completely standard legal document.

If anything is unclear or if you have any suggestions on how we can improve the wording and explanation of the following, please feel free to send us an email at mail@owntag.eu.

About owntag

You can find basic information about owntag, such as our address and contact details, in our legal notice.

Our data protection officer is heyData GmbH, Schützenstraße 5, 10117 Berlin, www.heydata.eu, datenschutz@heydata.eu.

Data protection information for the owntag.eu website, including the customer area at console.owntag.eu

Apart from the data that customers enter themselves, no personal data is collected on owntag.eu. In particular, at least at present, no data protection-relevant personal web analysis or marketing tracking takes place.

If cookies are set or data is stored or read from the user’s device in any other way, these processes do not require consent within the meaning of §25 (2) because the cookies are absolutely necessary for owntag to provide the services expressly requested by the user.

This is not because web analysis or cookies are fundamentally bad, on the contrary.
However, we do not (yet) have a need for them at this time and want to focus on further developing the product. This will likely change in the future, in which case we will amend this privacy policy accordingly.

Privacy policy for the website at https://owntag.eu

Our “marketing website,” which can be accessed at https://owntag.eu, is hosted by the CDN provider Bunny from Slovenia and delivered exclusively via PoP (points of presence) in the EU. Bunny’s address: BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia You can find Bunny’s privacy policy here: https://bunny.net/privacy/

Privacy policy for the customer area at console.owntag.eu

Unfortunately, there are no hosting providers within the EU that can compete with the functionality of modern international Infrastructure-as-a-Service (IaaS) providers and the associated security and scalability.
We would also like to use a European provider for this, but there is no suitable one for our use case.
As a startup, we depend on precisely these features, which we would otherwise have to laboriously recreate at great expense and with correspondingly high costs. This is financially impossible and, from a macroeconomic perspective, makes little sense.

Below is a list of providers based outside the EU that we use to provide our infrastructure.

By using owntag, you agree that we may pass on all data you provide to us about yourself and your company to these non-European companies and process it with their help.

Important: This only applies to the handling of our data and that of our customers.

The server-side Google Tag Manager container operated by you via owntag and the data you process with it are, of course, processed exclusively on European infrastructure and are not passed on to non-European companies.
You can find more details on this in our Terms of Service.

Vercel

Vercel (Vercel Privacy Policy) is a cloud hosting provider.
Vercel hosts the internal customer area at console.owntag.eu for us.

Supabase

Supabase (Supabase Privacy Policy) is a database provider with useful additional services such as login and user management. We use Supabase to store our customer data and to provide the API we use for the customer area.
Data about which containers you have created, how many requests you have processed, etc. is stored with Supabase.

Stripe

Stripe (Stripe Privacy Policy) is one of the world’s most widely used payment service providers, especially for software-as-a-service offerings such as owntag.
We use Stripe for billing, i.e., organizing owntag customers and their booked containers and issuing invoices.

We explicitly point out these American companies because the US has a lower level of data protection than the EU and is therefore classified as an “unsafe third country” by the GDPR, for example.
One reason for this is that investigative authorities in the US use the CLOUD Act to legitimize their access to data, even if it is physically located exclusively within the EU but is connected to a US company.

Data protection information for the processing of your users’ data in connection with the use of owntag

When you send data (probably mainly web analytics data from your website or app users) to your Server Side GTM Container operated by owntag, this data is processed by us, owntag.

We work with the following companies. They do not process the data themselves, but are merely technical infrastructure service providers for owntag.

Scaleway

SCALEWAY S.A.S, BP 438, 75366 Paris Cedex 08, France
Scaleway privacy policy

We use Scaleway to host your Server Side GTM.

Data processing by you as an owntag customer

In addition, the purpose of server-side tagging is, of course, that you, as a tracking specialist and owntag customer, use the server-side GTM to process data and forward it to third-party recipients. You or your company are fully responsible for this processing, as we have no influence over it. Please note that you may also need to provide your users with a privacy policy. However, we cannot provide you with legal advice on this matter; it is best to discuss this with a lawyer.

Privacy policy for GTM CLI

GTM CLI is a command-line interface for Google Tag Manager, developed and maintained by owntag GmbH (“we”, “us”, or “our”). This privacy policy explains how GTM CLI handles user data when you authenticate with Google.

Data Accessed

When you authenticate GTM CLI with your Google account, the application requests access to the following data:

Google Tag Manager Data:

  • Tag Manager account information
  • Container configurations
  • Workspaces, tags, triggers, and variables
  • Container versions and publishing settings
  • User permissions within Tag Manager

Google Account Information:

  • Your email address
  • Your display name

How Your Data Is Used

GTM CLI uses the accessed data exclusively to:

  • Execute commands you initiate against the Google Tag Manager API
  • Display your email and name in the CLI to confirm your authenticated identity
  • Authenticate API requests on your behalf

All operations are performed locally on your machine. GTM CLI acts as a client that communicates directly with Google’s APIs based on your commands.

Data Sharing

GTM CLI does not share your data with any third parties.

  • No user data is transmitted to owntag GmbH or any other party
  • No analytics or telemetry data is collected
  • No usage data is tracked or reported
  • All network communication occurs exclusively between your local machine and Google’s official APIs

Data Storage and Protection

GTM CLI stores authentication credentials locally on your machine:

  • Location: ~/.config/gtm-cli/credentials.json (Linux/macOS) or the equivalent application data directory on your operating system
  • Contents: OAuth access token, refresh token, token expiration time, and basic profile information (email, name)
  • Protection: Credential files are created with restrictive file permissions (readable only by your user account)

Security measures (data protection mechanisms for sensitive data)

This section describes the data protection mechanisms for sensitive data (including authentication tokens) and any Google user data processed by GTM CLI.

  • Encryption in transit: All communication with Google APIs happens over encrypted HTTPS/TLS connections to Google endpoints.
  • Local-only storage: OAuth tokens are stored only on your device and are not uploaded to owntag GmbH (or any other server) by GTM CLI.
  • Access control on your device: Credential files are stored with restrictive OS-level permissions so that only your user account can read them.
  • Secret handling: GTM CLI is designed to use tokens only for authenticated API calls and does not require you to share tokens with us. You should treat OAuth tokens and any Service Account key files as secrets and store them securely.
  • Revocation & deletion: You can revoke issued tokens at any time by using gtm auth logout, which requests token revocation from Google and removes locally stored credentials.
  • Data minimization: GTM CLI requests only the OAuth scopes required to perform the commands you run and uses the returned data exclusively for those user-initiated operations.

No data is stored on external servers. All credentials remain exclusively on your local device.

Data Retention and Deletion

Retention: Authentication credentials are retained locally until you explicitly sign out or manually delete them.

Deletion: You can delete all stored data at any time by:

  1. Running the logout command:

    gtm auth logout

    This revokes your tokens with Google and deletes all locally stored credentials.

  2. Alternatively, manually deleting the configuration directory:

    rm -rf ~/.config/gtm-cli

Upon logout, GTM CLI also requests that Google revoke the issued tokens, ensuring your authorization is fully terminated.

Open Source Transparency

GTM CLI is open source software. You can review exactly how your data is handled by examining the source code at:

https://github.com/owntag/gtm-cli

Contact

If you have questions about this privacy policy or GTM CLI’s data practices, please get in touch through the contact information provided in our Impressum.