How we collect data

Transparency on APIs, permissions, and what automations are allowed to do with your approval.

High level

We connect to your storefront, analytics, and ad platforms using their official APIs. We only request the minimum permissions required to read orders, campaign performance, and important events. For actions (automations), we require explicit opt-in and additional permissions.

What we read

  • Orders, refunds, customers and fulfillment events from your store (e.g., Shopify).
  • Sessions, events, and conversions from analytics systems (e.g., GA4) for attribution modelling.
  • Campaigns, ad sets, spend, clicks, impressions and conversion metrics from ad platforms (Google Ads, Meta Ads).

What automations can do (with your permission)

  • Pause or enable campaigns when performance crosses thresholds you configure.
  • Check if campaigns reach goals (e.g., CPA, ROAS) and notify you or take actions.
  • Adjust budget pacing or bid strategies based on rules you approve.

Automations run under an account-specific service token. You can revoke permissions anytime from settings.

Technical details — how data is retrieved

Key points below map directly to the codebase so you can follow the exact technical process.

  1. API fetching layer: The frontend uses fetchJson in frontend/src/lib/api.ts to call backend endpoints. On the server it calls the real API base URL (via getApiBaseUrl()) and attaches an API key when available. In the browser it proxies calls to /api/proxy.
  2. Endpoints and fallbacks: Dashboard data is loaded by loadDashboardData() which requests /recommendations and /connectors. If the network calls fail, the code falls back to mock data defined in /mocks (see the catch block in loadDashboardData).
  3. Connector syncs: Connectors like Google Ads, Meta, Shopify provide endpoints like /connectors/google-ads/sync and diagnostics via /connectors/*/diagnostic. These are invoked with fetchJson wrappers such as syncGoogleAdsConnector() in api.ts.
  4. Automation actions: The automation system uses settings and action records stored or mocked inside api.ts (e.g., AUTOMATION_SETTINGS_DEFAULT, AUTOMATION_ACTIONS_DEFAULT). When an automation rule runs, it executes actions (pause, adjust) described in the mocked buildMockAutomationRun().

Technical details — how metrics are derived

Metric calculations are implemented server-side helper functions that the frontend consumes. The key functions are in frontend/src/lib/dashboard.ts and frontend/src/lib/businessConfigMetrics.ts. Highlights:

  • Recommendation-based dashboard metrics: calculateDashboardMetrics(recommendations) reduces recommendation records to totals (cost, revenue, impact). It builds channel-level aggregates and derives:
    • totalSpend — sum of recommendation.metrics.cost
    • totalRevenue — sum of recommendation.metrics.revenue
    • overallRoi — (revenue - spend) / spend
    • marketingEfficiency — revenue / spend
    • potentialSavings — totals.impact (sum of recommended savings)
  • Paid media blend: buildPaidMediaBlend(google, meta, email) aggregates per-campaign metrics (spend, revenue, impressions, clicks, conversions) via aggregateCampaigns() and computes derived metrics per platform such as roi, ctr, and cpa, plus shares of spend/revenue.
  • Business-config derived metrics: Independent of connectors, deriveBusinessMetrics(config) (in businessConfigMetrics.ts) uses the business setup inputs like currentMonthlyRevenue and totalMarketingBudgetMonthly to compute:
    • netProfit — revenue - total monthly costs (including marketing and fixed/operational costs)
    • profitPerDollar — netProfit / marketingSpend
    • marketingEfficiency — revenue / marketingSpend * 100
    • Break-even orders, gross/net margin per order, and spend share
  • Attribution: Frontend fetches an attribution summary via fetchAttributionSummary() in api.ts. The attribution breakdown UI consumes that summary; the backend is expected to return a compact object with channel-level attributed revenue. On failure, the frontend falls back to fallbackAttributionSummary.

If you want, I can extract the exact JSON shapes returned by each endpoint and add them to this page (recommendations, connectors, attributionSummary, campaign records) for complete transparency.

Privacy & security

We store only what's necessary to surface insights and run approved automations. Sensitive credentials are never stored in plain text; we use secure stores and scoped tokens. Read our full Privacy Policy for details.