Privacy Policy - Filament MCP Server for Google Tag Manager
Last updated: September 22, 2025
Overview
This privacy policy explains how Errinundra Pty Ltd t/a Filament AI (ABN 29 680 843 814) ("we", "us", "our", "Filament") collects, uses, and protects your personal information when you use the Filament MCP Server for Google Tag Manager (the "Service").
This privacy policy is specific to the MCP Server service and should be read together with our main Privacy Policy available at https://filamentanalytics.com/privacy.
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains how we handle personal information in accordance with Australian privacy law.
Data We Process
Filament MCP Server for Google Tag Manager processes the following categories of your personal data:
Authentication Data
- OAuth Access Tokens: We store only OAuth 2.0 access tokens required for Google Tag Manager API authentication
- Google Login ID: Associated with your authentication session for service access
What We Do NOT Collect
- We do not maintain a user database
- We do not collect, store, or retain any personal information beyond authentication tokens
- We do not store any Tag Manager data, containers, or user content
- No user data or Tag Manager content passes through our service for storage
Where Data is Stored
- OAuth access tokens are securely stored in encrypted cloud storage
- No other user data or information is stored anywhere in our system
- No data is shared with third parties or with other users or tools
Legal Basis for Collection and Use
Under the Australian Privacy Principles, we collect and use your personal information for the primary purpose of providing the MCP Server service. We only collect information that is reasonably necessary for our functions and activities. The collection and use of authentication data is necessary to provide the service you have requested.
How We Use Data
- Authentication Only: Access tokens are used exclusively to authenticate API requests between MCP clients and Google Tag Manager
- No Data Processing: We do not process, analyze, or manipulate any data from Google Tag Manager APIs
- Proxy Function: We act solely as a pass-through middleware, relaying requests and responses
Google API Compliance and Limited Use Requirements
This service complies with Google's Limited Use requirements for applications utilizing sensitive API scopes.
Affirmative Compliance Statement:
"The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements."
Filament MCP Server for Google Tag Manager has access to your Google Tag Manager accounts, containers, workspaces, and items within, so that MCP clients can use the service to interact with these items through our middleware proxy.
AI/ML Model Training Prohibition
Our application does NOT use Google Workspace or Tag Manager user data to train or improve AI/ML models at all. Specifically:
- We do NOT use, transfer, or sell user data from Google APIs to create, train, or improve any machine learning or artificial intelligence models (foundational or otherwise)
- We do NOT use data for generalized AI/ML model development
- We do NOT use data for personalized AI/ML models
- We do NOT retain any user data obtained through Google APIs beyond the authentication process
- We do NOT use any raw data, aggregated data, anonymized data, or derived data from Google APIs for any AI/ML purposes
- Our service operates as a pure middleware proxy without data retention, processing, or analysis capabilities
- No data is shared with third parties or with other users or tools
- No data is used for any machine learning, artificial intelligence, or algorithmic purposes whatsoever
Data Sharing
We do NOT:
- Share user data with third parties
- Sell or transfer any information to external services
- Use data for advertising or marketing purposes
- Retain data for analytics or business intelligence
Data Security
- All data transmission occurs over encrypted HTTPS connections
- OAuth tokens are stored securely in our cloud infrastructure
- We implement industry-standard security practices for token management
Data Retention
- OAuth Tokens: Personal data will be processed and retained until the purposes of processing are met by the Company
- User Data: No user data is retained - all GTM data passes through our service without storage
- Logs: Basic system logs may be retained for up to 30 days for operational purposes only
Your Rights Under Australian Privacy Law
Under the Australian Privacy Principles, you have the following rights:
- Access: You can request access to the personal information we hold about you
- Correction: You can request correction of inaccurate or incomplete information
- Erasure: You can request deletion of your personal information in certain circumstances
- Revoke Access: You can revoke access at any time through your Google Account settings
- Complaints: You can make a complaint to us or to the Office of the Australian Information Commissioner (OAIC)
International Data Transfers
Your authentication data may be stored on servers located outside Australia (including in the United States through Cloudflare's infrastructure). We ensure that any overseas recipients are subject to privacy protections substantially similar to the Australian Privacy Principles.
Children's Privacy
Our service is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with personal information, they should contact us and we will delete such information.
Changes to This Policy
We may update this Privacy Policy occasionally. We will notify users of significant changes by updating the effective date.
Contact Information
For questions about this Privacy Policy or to exercise your privacy rights, please contact us:
Email: team@filamentanalytics.com
Post:
Errinundra Pty Ltd t/a Filament AI
81-83 Campbell Street
Surry Hills NSW 2010
Australia
If you are not satisfied with our response to your privacy concern, you can contact the Office of the Australian Information Commissioner at www.oaic.gov.au or 1300 363 992.
Last Updated: September 22, 2025