Data Practices
Catalog of sensitive data classes, purpose, and control surfaces.
PII and Sensitive Data Catalog
This catalog documents major data classes handled by the product and maps them to purpose and control surfaces.
| Data Class | Examples | Purpose | Control Surface |
|---|---|---|---|
| User Identity | Email, account display name | Authentication, session continuity | Session/logout routes, remember-me controls |
| OAuth Credentials | Provider refresh/access token metadata | Fetch authorized analytics data | OAuth disconnect and token lifecycle handlers |
| Search Performance | Queries, clicks, impressions, CTR | Diagnostics, recommendations, trend analysis | Dashboard APIs and data retention TTLs |
| Integration Inputs | Cloudflare token, zone ID, GA4 property ID | Optional data-source enrichment | User-initiated integration setup and removal |
| Consent Records | Consent ID, timestamp, scope, policy version | Evidence of disclosure acceptance | Consent capture endpoint and compliance log |
Catalog Governance
- Catalog updates are required when new integrations or identifiers are added.
- Policy version is published on all trust pages and included in consent logs.
- Retention windows are aligned with named TTL constants in platform config.