Legal
Privacy Policy & Security Statement
At Lumnio, we understand that your Google Tag Manager (GTM) setups and marketing tracking architectures are critical assets that represent highly proprietary business intelligence. Ensuring your diagnostic runs are performed with complete safety, stateless operations, and pristine privacy is our highest priority.
1. The Stateless Data Guarantee
Lumnio is engineered from the ground up to operate as a completely stateless diagnostic engine. When you upload your GTM container configurations or run a diagnostic crawler, your data is never compiled or permanently written to disk on our servers. Your JSON container configuration parameters reside entirely in volatile runtime memory (RAM) and are automatically scrubbed and garbage-collected the moment your audit run completes or your active session expires.
Our Active Security Policies:
| Zero Mutation | We never modify your GTM container configurations. We operate strictly in read-only mode. |
| Zero Tracking | The crawler does not collect, record, or track individual visitor data on your production web pages. |
| Ephemeral Sessions | Staged audit session assets are dynamically scrubbed from database logs automatically. |
2. API Access & OAuth
When you connect your Google account via OAuth for GA4 and GTM auditing, we request the following read-only scopes:
OAuth Scopes Requested:
| analytics.readonly | View your Google Analytics data — read-only access to property settings, streams, and configurations. |
| tagmanager.readonly | View your Google Tag Manager containers — read-only access to tags, triggers, and variables. |
| openid, email | For authentication — verifies your identity and email address. |
We never request write access to your GA4 or GTM configurations. Your production settings remain untouched.
Alternatively, you can add our service account as a Viewer to your GA4 properties and Read access to your GTM containers. All credentials are encrypted at rest using AES-256 encryption.
Lumnio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google OAuth is used solely to display GA4/GTM configuration audit results to the connected account holder, is never sold, and is never used for advertising purposes.
You can revoke Lumnio's access to your Google account at any time from your account's Google security settings, or by disconnecting within Lumnio's account settings.
3. Telemetry Interception Safety
When running a DOM investigation, our agent simulates normal, secure browser clicks on your public-facing web elements. No scripts are dynamically injected into your site's codebase. The crawler intercepts telemetry events (like Google Analytics 4 event payloads) in transit within the sandboxed browser instance itself, exactly like a normal user's browser, preventing any operational risk to your live production website.
4. Multi-Tenant Isolation & Gates
All compiled reports and dynamic audit captures generated by Lumnio are uniquely locked to your account's email domain and verified through secure JSON Web Tokens (JWT). We enforce path-traversal mitigations and strict multi-tenant access blocks, ensuring no competitor or third party can ever view or access your diagnostic results.
5. Google Analytics & Consent Mode
Lumnio uses Google Analytics 4 and Google Tag Manager to measure website usage and improve our service. By using this website, you consent to this collection.
We do not use Google Analytics to collect personally identifiable information (PII) or any data that could be used to identify individual users. We have implemented Google Analytics in compliance with Google's policies and guidelines, and we take appropriate measures to protect the privacy of our users.
6. Support & Compliance Contact
Lumnio is developed, deployed, and proudly maintained by datavance.nz. If you have any enterprise IT security inquiries or require custom deployment agreements, please do not hesitate to contact our dedicated support team directly at support@datavance.nz.