This Data Processing Agreement (DPA) details how NiceLookingData processes personal data on behalf of our customers in accordance with the GDPR and other applicable data-protection regulations.
1. Scope of processing
NiceLookingData acts as a data processor for the configuration metadata you authorise us to read from your Google Analytics 4 properties and Google Tag Manager containers. We act as a data controller only for your NiceLookingData account information (email, name, profile picture).
2. What we do not process
We never access, store, or transmit end-user behavioural data, raw analytics events, conversion values, user identifiers, or any PII your visitors produce. Our audits read configuration only.
3. Sub-processors
We use the following sub-processors to deliver the Service. All sub-processors are bound by their own DPAs and adhere to GDPR-compliant data transfer mechanisms.
- Google Cloud Platform (eu-west region) — hosting of configuration metadata and audit results.
- Resend (United States) — transactional and alert email delivery.
- Google Gemini API / Generative Language API (United States) — receives configuration-derived audit findings and the questions you type into AI features to generate summaries, action plans, and answers. It receives no website-visitor PIIor raw analytics events. Google's paid Generative AI API does not use data submitted through it to train its models.
- Stripe (United States) — payment processing and subscription billing.
- Sentry (United States) — application error and performance monitoring. Receives technical error telemetry only; email addresses, URL query strings and user-identity context are scrubbed before transmission, and session replays mask all text and media.
4. Data-subject requests, access and erasure
You retain the right to access, export, or delete the personal data we process on your behalf. To exercise any of these rights — including erasure of your account, your audit history, and the encrypted Google refresh token tied to your account — email privacy@nicelookingdata.com. We action verified requests within 30 days. Deletion is permanent and removes your account record together with every audit, alert rule, and client-portal entry associated with it.
5. Request a signed DPA
For organisations that require a counter-signed agreement (enterprise buyers, procurement teams, public-sector tenants), email us and we'll send the executable document back within one business day.
hello@nicelookingdata.com · Subject: DPA request