Support
Frequently asked
questions
Everything you need to know before running your first audit. Can't find what you're looking for? Email us directly.
How it works
No — never. Lumnio connects with read-only OAuth scopes (
analytics.readonly, tagmanager.readonly). We cannot write, modify, or publish anything to your GTM container or GA4 configuration. Your production setup is completely untouched.
Your Google account needs Viewer access to your GA4 properties and Read access to your GTM containers. If you prefer not to use personal OAuth, you can add our service account as a Viewer — instructions are in Settings after sign-up.
We launch a real Chromium browser via Playwright and inject a high-fidelity
dataLayer proxy at page inception — before any GTM code executes. Every dataLayer.push() call is captured in real time. The browser then simulates progressive user interaction (scrolls, menu expansion, CTA clicks, modals) and the captured telemetry is reconciled against your GTM container JSON.
Yes. Because we run a real Chromium browser, JavaScript-rendered content is fully executed before telemetry is captured. We wait for progressive hydration, client-side navigation events (
history.pushState), and async data loads. React, Vue, Angular, Gatsby, Next.js, and Svelte are all handled correctly.
Authenticated page auditing is available on Enterprise plans. You supply a session cookie or basic auth credentials and Lumnio injects them into the browser context. Free tier audits are limited to publicly accessible pages.
Data & Security
Yes. Reports are locked to your account via JWT authentication with strict path-traversal mitigations — no other user can access your reports. GTM container JSON is processed in volatile server memory and never written to disk. OAuth tokens and service account credentials are encrypted at rest with AES-256.
Audit reports and run metadata are retained for 90 days from the run date, after which they are automatically deleted. If you need longer retention for compliance, contact us about Enterprise plans.
No. The crawler is a single-session headless browser. It only captures the telemetry events that it itself triggers during its simulated navigation — not real user data. No visitor traffic is observed or collected.
Billing
One complete audit of a single URL: full GTM container analysis, GA4 configuration cross-check, live dataLayer event capture, an executive HTML/PDF report, an interactive findings dashboard, and developer fix scripts. No credit card required.
Once a scan is initiated and consumed, it is non-refundable — server compute, browser automation, and API calls are expended at the point of initiation. If a technical fault on our end caused a scan to fail completely, contact us within 7 days with the run ID and we will issue a credit.
Enterprise plans cover site-wide crawls, staging environment audits, authenticated-page scanning, team seats, shared audit history, and priority support. Email us with your URL, team size, and requirements — we'll respond within one business day.