1. Scope and operator
This Privacy Policy applies to the GSCAnywhere iOS application and the public website at gscapp.vibecodinghub.org. GSCAnywhere is an independent application operated under the VibeCodingHub.org brand. It is not affiliated with or endorsed by Google.
In this policy, “we,” “us,” and “GSCAnywhere” refer to the operator of the app. “Google user data” means information made available through Google Sign-In and the Google Search Console API after you authorize access.
2. Google data the app accesses
GSCAnywhere uses Google Sign-In to connect the Google account you choose. The sign-in flow may make basic account information available to the app so it can identify the connected account, including:
- your Google account display name;
- your Google account email address;
- an account identifier and current authorization state; and
- the OAuth scopes you have granted.
Google Sign-In SDK processing
The Google Sign-In SDK included with the app ships an Apple privacy manifest declaring that Google may process the following data types as linked to the user and not for tracking:
- name, email address, phone number, and coarse location for app functionality;
- user identifiers for app functionality and analytics; and
- device identifiers, other usage data, and other data types for analytics and/or app functionality.
These declarations describe processing by Google as the authentication and SDK provider. GSCAnywhere does not ask for iOS location permission, ask you to enter a phone number, copy those fields into its Search Console database, or send them to an GSCAnywhere-operated backend. Google's processing is governed by the Google Privacy Policy.
Search Console read-only scope
GSCAnywhere requests only this additional Google OAuth scope:
https://www.googleapis.com/auth/webmasters.readonly
This scope allows the app to read:
- the Search Console properties available to the connected account;
- property permission information returned by Google;
- performance dates, pages, and queries; and
- clicks, impressions, click-through rate, and average position.
The scope does not allow GSCAnywhere to edit sites, change Search Console settings, submit or remove URLs, manage users, or perform other write operations.
3. How the app uses Google data
GSCAnywhere uses the data above only to provide features visible in the app:
- restore and display the Google account you connected;
- confirm that the required read-only permission is still available;
- list Search Console properties you are authorized to access;
- retrieve performance rows for the property you select;
- compare the latest seven finalized data days with the preceding seven days;
- show 28-day trend context and page or query evidence when requested;
- detect deterministic ranking, CTR, demand, and traffic-drop signals; and
- retain the last usable local result when a later refresh fails.
GSCAnywhere does not use Google user data for advertising, cross-app tracking, credit decisions, surveillance, or training a general-purpose artificial intelligence or machine-learning model.
GSCAnywhere does not operate its own analytics service. As described above, the Google Sign-In SDK's privacy manifest declares limited provider-side analytics processing for certain identifiers, usage data, and other data types.
4. Direct Google connection and OAuth credentials
Search Console API requests are sent directly from the iOS app to Google over encrypted HTTPS connections. GSCAnywhere does not operate an intermediary application server for these requests.
The Google Sign-In SDK manages OAuth credentials and sign-in state in its SDK-managed storage on your device. GSCAnywhere uses a short-lived access token only when authorizing a Google API request. It does not copy OAuth tokens into its Search Console metrics database, UserDefaults, analytics, crash reports, or a developer-operated server.
5. On-device storage and retention
To provide offline continuity and avoid blank states after a temporary network failure, GSCAnywhere stores app data in the app's local iOS container. This may include:
- the selected Search Console property and locally reconciled property records;
- daily clicks, impressions, CTR, and average-position records;
- page and query comparison results used by the anomaly feed;
- saved anomaly explanations, viewed state, and refresh state; and
- small amounts of app configuration and display state.
Daily metric history is retained on the device for up to 90 days. Other current property, anomaly, and configuration records remain until they are replaced, cleared from Settings, or removed with the app. Records for a property that is no longer authorized are deleted when the app reconciles the current Google property list.
GSCAnywhere does not intentionally place access tokens, authorization headers, Google user IDs, or complete query data in application logs.
Support information
If you email support, we receive the information you choose to send, such as your email address, device details, screenshots, or diagnostic descriptions. We retain support correspondence only as reasonably needed to respond, investigate the issue, maintain security, or meet legal obligations. Do not send OAuth tokens or authorization codes.
7. Your choices, deletion, and revocation
GSCAnywhere provides two separate controls in Settings:
Sign Out & Clear Local Data
This signs the current Google account out of GSCAnywhere on the device and deletes the app's local Search Console properties, metrics, anomalies, and related settings. It does not revoke the permission recorded by Google, so Google may not ask for consent again if you later reconnect.
Disconnect Google Access & Delete Local Data
This asks the Google Sign-In SDK to revoke GSCAnywhere's Google authorization and deletes the same local app data. If Google revocation cannot complete, the app reports the problem so you can retry or revoke access directly from your Google Account.
You can also review or revoke access at any time from Google Account third-party connections. Removing the app from your device normally removes its local iOS container, but it does not by itself guarantee that Google-side authorization has been revoked.
For help with deletion or revocation, visit Support or email [email protected].
8. Security
We limit the app to the narrow read-only scope, use encrypted HTTPS connections, keep Google API data in the app's local container, avoid shared URL caches and cookie storage for API traffic, and prevent sensitive values from being intentionally logged. No storage or transmission method can be guaranteed to be completely secure.
9. Google API Services User Data Policy
GSCAnywhere's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
10. Children's privacy
GSCAnywhere is a professional website-performance utility and is not directed to children. We do not knowingly collect personal information from children through an GSCAnywhere-operated backend because the app does not have such a backend.
11. Policy changes
We may update this policy when the app's features, data practices, providers, or legal requirements change. The revised policy will be published at this same URL with a new effective date. Material changes to Google data handling will be reflected before or when the related app update becomes available.
12. Contact
For privacy questions, requests, or concerns:
Email: [email protected]
Website: https://gscapp.vibecodinghub.org/