Legal

Privacy policy

Last updated: July 2026

Overview

Thermometer ("we", "our", "the platform") is a software-as-a-service application operated at thermometer.co.nz. We provide SEO, PPC, and CRO intelligence for authorized business users. This policy describes how we collect, use, store, and protect data accessed through our service.

Google API Services User Data Policy

Thermometer's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We request OAuth 2.0 user-delegated access to Google Ads, Search Console, Google Analytics 4, and Google Tag Manager with minimum read-only scopes required for reporting and optimization insights.
  • Google user data is used solely to provide and improve Thermometer features visible to the user who granted access.
  • We do not sell Google user data. We do not use Google user data for advertising or retargeting.
  • We do not allow humans to read Google user data unless required for security, compliance, or with the user's explicit consent for support.

Google Ads API

Thermometer uses the Google Ads API under Basic Access for read-only operations: retrieving keyword performance, impressions, costs, CTRs, campaign structure, and responsive ad configurations. The platform cross-references this data with Search Console and Analytics metrics to generate cannibalization and intent-leak insights.

Thermometer does not programmatically modify Google Ads campaigns, budgets, bids, or ad status. Any campaign changes are made manually by authenticated users outside automated API write operations.

Data we process

  • Account information from Google sign-in (name, email) for authentication and workspace access control.
  • Aggregated marketing metrics from connected properties (queries, positions, clicks, impressions, spend, conversion events, page paths, custom parameters).
  • OAuth tokens stored securely to maintain authorized API access until the user revokes connection or deletes their account.

We do not intentionally collect or process personally identifiable information from end users of your websites. Analytics and CRO signals are handled at an aggregate, anonymous parameter level.

Data isolation & security

Thermometer uses a multi-tenant architecture. Each workspace is isolated; one customer cannot access another customer's data. Data is encrypted at rest. API interactions use official authenticated channels only — no scraping of live search results.

Data retention & deletion

Synced metrics are retained while your workspace is active to provide historical comparisons. You may delete projects within Thermometer or revoke Google OAuth access at any time through your Google Account permissions. Contact us to request full account deletion.

Contact

For privacy, API access, or security questions:

hello@thermometer.co.nz