Client Portal
Your Privacy

Privacy Policy

Privacy Policy

Effective Date: March 9, 2026

1. Introduction

Savage Strategic ("we," "us," or "our") operates the Savage Strategic Client Portal at portal.savagestrategic.io (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use our Service, including data obtained through Google APIs.

By using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Account Information

  • Name and email address provided at account creation
  • Business information provided during your engagement with Savage Strategic

2.2 Automatically Collected Data

  • Log data: IP address, browser type, pages visited, timestamps
  • Session identifiers and authentication tokens

2.3 Data Accessed via Google APIs

When you authorize the Service to connect to your Google accounts, we access data through the following Google APIs and OAuth scopes. Each is accessed only to the extent necessary to deliver the Service:

Google Account (openid, userinfo.email, userinfo.profile) — Your name, email address, and Google Account identifier

Why we need it: Authentication and session management. Used to log you into the portal and associate your session with the correct client account.

Google Ads (auth/adwords) — Campaign data, ad groups, keywords, bids, budgets, and performance metrics

Why we need it: To create, manage, and optimize paid search campaigns on your behalf. Also used to display campaign performance data in your portal dashboard.

Google Analytics (auth/analytics, analytics.readonly, analytics.edit, analytics.manage.users, analytics.manage.users.readonly) — Traffic data, conversion data, property configuration, and user permissions

Why we need it: Read access populates your dashboard. Edit access is used to configure GA4 properties and tracking. User management access is used to add or remove team members and agency staff from your Analytics account.

Google Analytics Provisioning (auth/analytics.provision) — Ability to create Analytics accounts and properties

Why we need it: Used during client onboarding to create a new Analytics account or property if one does not exist.

Google Analytics Partner Linking (auth/analytics.partner.edit) — Ability to configure linking between Analytics and Ads

Why we need it: Used to link your GA4 property to your Google Ads account for conversion tracking and attribution.

Google Tag Manager (auth/tagmanager.readonly, tagmanager.edit.containers, tagmanager.edit.containerversions, tagmanager.publish, tagmanager.manage.accounts, tagmanager.manage.users, tagmanager.delete.containers) — GTM container configuration, tags, triggers, variables, versions, and user access

Why we need it: Used to deploy and manage tracking tags on your website, publish container versions, and manage workspace access. Delete access is used only when removing duplicate or decommissioned containers.

Google Search Console (auth/webmasters, webmasters.readonly) — Search query data, keyword rankings, click and impression metrics, index coverage

Why we need it: Readonly access populates the organic search section of your dashboard. Broader access is used when verifying new properties or submitting sitemaps.

Google Business Profile (auth/business.manage) — Business listing information, posts, reviews, and location data

Why we need it: Used to manage your Google Business Profile listing as part of local SEO services, including updating information, posting updates, and monitoring reviews.

Google AdSense (auth/adsense, adsense.readonly) — AdSense earnings and performance data

Why we need it: Used to display AdSense revenue data in the portal for clients who monetize content through AdSense.

Google Ad Manager (auth/admanager) — Ad Manager campaign and placement data

Why we need it: Used to manage display advertising and pull performance data for clients using Google Ad Manager.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To manage and optimize your Google marketing accounts as part of our services
  • To display your marketing data in your portal dashboard
  • To enable Savage Strategic account managers to deliver services to your business
  • To communicate with you about your account
  • To maintain the security and integrity of the Service
  • To comply with applicable legal obligations

4. Google API Services — Limited Use Policy

Savage Strategic's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We access Google user data only to provide the features and services described in this policy and visible to you in the portal
  • We do not use Google user data to develop, improve, or train generalized AI or machine learning models
  • We do not transfer Google user data to third parties except as necessary to provide the Service, with your permission, or as required by law
  • We do not use Google user data for advertising purposes unrelated to managing your own campaigns
  • We do not allow humans to read your Google data except: (a) with your explicit permission, (b) as necessary for security or compliance, (c) as required by law, or (d) when it is aggregated and anonymized so it is no longer personally identifiable

5. Data Sharing

We do not sell, trade, or rent your personal information. We may share data with:

  • Service Providers — Hosting and infrastructure vendors who support the Service, under confidentiality obligations
  • Legal Requirements — When required by law, regulation, court order, or government request
  • Business Transfers — In connection with a merger, acquisition, or sale of assets, with notice to you

6. Data Retention

We retain your data as long as your account is active and as necessary to provide the Service. Upon account closure, we delete or anonymize your personal data and Google API data within 90 days, unless longer retention is required by law.

7. Security

We use industry-standard security measures including TLS encryption for data in transit, encryption at rest for stored tokens, and role-based access controls limiting internal data access. No method of internet transmission is entirely secure.

8. Your Rights

  • Revoke Google account access at any time: Google Account → Security → Third-party apps with account access
  • Request deletion of your personal data by contacting us
  • Request a copy of your personal data we hold

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy periodically. Material changes will be posted here with a revised effective date. Continued use of the Service constitutes acceptance.

11. Contact

Savage Strategic

https://savagestrategic.io