← Back to home

Privacy Policy

Last updated: 23 May 2026

Charle Signal (“Signal”, “we”, “our”) is operated by Charle London Ltd, a UK company registered at G05 – Vox Studios West, 1–45 Durham Street, London, England, SE11 5JH. This page describes what data Signal collects, how we use it, and the rights you have over it. It is intended to satisfy the disclosure obligations of UK GDPR, EU GDPR, and Google’s API Services User Data Policy.

If you have any questions about this policy, contact us at nic@charle.co.uk.

1. What Signal is

Signal is a multi-tenant analytics dashboard for Shopify merchants and the agencies that support them. It connects to third-party data sources — Google Analytics 4 and Google Search Console — and renders read-only dashboards combining those data sources alongside Signal’s own product analytics (the “C Pixel”).

Signal does not act as a data broker, an advertising network, or a marketing platform. We never sell, share, or re-purpose your data.

2. What data we collect

Account data. When you sign up, we collect your email address (for authentication and account-related email) and any name you provide. We use Supabase Auth to manage credentials and session tokens.

Google account data. When you connect Google Analytics 4 or Google Search Console, we request OAuth consent for the following scopes:

  • userinfo.email — to label the connection with the Google account’s email address.
  • analytics.readonly — to read GA4 property metadata, reports and aggregated traffic data on your behalf.
  • webmasters.readonly — to read Search Console site metadata and aggregated query/page performance data on your behalf.

These scopes are read-only. Signal cannot write to, modify, or delete anything in your Google Analytics or Search Console account, and Google enforces this at the API layer regardless of our code.

Site analytics. If you embed the Charle Signal C Pixel on your Shopify store, the pixel collects standard product-analytics events (pageviews, clicks, scroll depth, mapped section interactions) to populate the CRO dashboards in Signal. The pixel runtime is hosted by PostHog on our behalf; their privacy policy applies to the data they process.

3. How we use Google user data

Data retrieved via Google APIs is used exclusively to render your own dashboards inside Signal. Specifically:

  • Display GA4 session, channel, conversion and page metrics to authorised members of the Signal project that owns the connection.
  • Display Search Console clicks, impressions, CTR and position metrics in the same dashboards.
  • Combine GA4 + Search Console data with our own product analytics so the merchant has a unified view.

Signal does not:

  • Sell, transfer, or share Google user data with third parties for advertising or marketing purposes.
  • Use Google user data to train, fine-tune, or evaluate machine-learning models, generative AI, or large language models.
  • Use Google user data for any purpose unrelated to the user-facing features described above.
  • Allow human access to Google user data except by employees of Charle London Ltd performing security investigations, abuse reports, or required legal disclosures — and even then only the minimum required.

Storage of aggregated metrics. So that the dashboards can render historical comparisons (12-month, month-to-date, week-on-week) without re-hitting Google’s APIs on every page load, Signal caches the aggregated daily totals it fetches into a database row per project per day. The cache only contains the aggregated numbers shown on the dashboard (sessions, revenue, purchases, clicks, impressions, average position, branded vs non-branded clicks/impressions). It does not contain user-level data, event-level data, individual search queries, landing-page URLs, or anything else beyond the daily roll-ups. The cache is refreshed by a scheduled sync twice weekly and is filtered, on the GA4 side, to the Organic Search channel only.

Charle Signal’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Where data is stored and who processes it

Account data, OAuth tokens, and the aggregated daily GA4/Search Console metrics described in section 3 are stored in a Supabase Postgres instance in the EU (eu-west-1). Access is gated by Postgres row-level security policies — only members of the Signal project that owns a given connection can read its tokens, cached metrics, or rendered dashboards.

Sub-processors. Signal uses a small set of third-party providers to operate the service. Google user data (OAuth tokens and the aggregated GA4 / Search Console metrics they unlock) is processed only by:

  • Supabase — managed Postgres and Auth, EU region. Stores account records, project memberships, encrypted OAuth tokens, and the aggregated daily GA4 + Search Console metrics that power the historical dashboards.
  • Vercel — application hosting. Runs the Next.js application and the scheduled sync job that fetches data from Google’s APIs and writes it to Supabase. Vercel does not retain Google user data on its own infrastructure; all persistence happens in Supabase.

PostHog processes site-analytics events from the C Pixel only. It does not receive any Google user data. No other third party receives Google user data.

Security. Data is encrypted in transit (TLS 1.2+) between your browser, Signal, and Google’s APIs, and encrypted at rest inside Supabase. OAuth refresh tokens are stored in an access-restricted table behind row-level security policies. Production access is limited to named employees of Charle London Ltd and gated by two-factor authentication.

Retention. OAuth tokens are retained for as long as the connection is active inside Signal and are deleted immediately when you disconnect a Google account. Aggregated daily GA4 and Search Console metrics are retained on a rolling 16-month window per project, matching Google’s own default GA4 retention so dashboards can show year-on-year comparisons. Older rows fall out of the window automatically as new ones are written. When you disconnect a Google account, the cached aggregated rows for that project are retained as a historical record (no fresh data is added until you reconnect) — if you also want the historical rows purged, email us at nic@charle.co.uk and we’ll wipe them within 30 days. When a Signal project is deleted, all associated data (tokens, aggregated metrics, site-analytics events) is removed within 30 days. Site-analytics events from the C Pixel are retained for as long as the Signal project is active.

5. How to revoke access

You can disconnect Signal’s access to your Google account at any time:

  • From inside Signal: Settings → click Disconnect on the GA4 or Search Console row. We wipe the stored OAuth tokens.
  • From your Google account: Visit myaccount.google.com/permissions, find “Charle Signal” in the third-party access list, and remove it. This invalidates Signal’s refresh token regardless of what’s stored on our side.

To delete your Signal account entirely, email nic@charle.co.uk from the address associated with your account. We’ll remove your account, project memberships, and any data we hold within 30 days.

6. Cookies

Signal sets a session cookie when you sign in (required for authentication) and a short-lived state cookie during the Google OAuth flow (required for CSRF protection). Both are httpOnly. We do not use third-party advertising cookies inside the Signal product.

7. Changes to this policy

We’ll update the “last updated” date at the top of this page when we make material changes. For substantive changes affecting how we handle Google user data, we’ll also email account holders before the change takes effect.

8. Contact

Charle London Ltd, G05 - Vox Studios West, 1-45 Durham Street, London, England, SE11 5JH. Data questions: nic@charle.co.uk.