ga-mcp-full is an open-source Model Context Protocol (MCP) server that exposes Google Analytics 4 Admin API and Data API endpoints as tools for AI assistants such as Claude Code, Claude Desktop, and Cursor. It runs entirely on the end user's own machine (stdio transport). There is no hosted backend operated by the project maintainers.
When you authenticate, ga-mcp-full is granted two Google Analytics OAuth scopes — https://www.googleapis.com/auth/analytics.edit and https://www.googleapis.com/auth/analytics.readonly — together with the standard openid and email sign-in scopes (used only to show which Google account is connected). The Analytics scopes allow the tool to:
All access is on-demand and initiated by the user of the AI assistant. The tool does not perform background access.
~/.config/ga-mcp/credentials.json on the end user's own machine, with file permissions 0600 (user-read/write only). They are never transmitted to the project maintainers or any third party.ga-mcp-full itself does not log, retain, or redistribute this data.
OAuth tokens are retained on the local machine only until the user removes them. They are deleted when the user runs ga-mcp-full auth logout (or the equivalent /ga-mcp-full:auth-logout slash command), or when the ~/.config/ga-mcp/credentials.json file is manually removed. Revoking access at myaccount.google.com/permissions additionally invalidates the refresh token at Google's end so any remaining local copy is non-functional. No backup, archive, or off-machine copy of these credentials is created by ga-mcp-full.
Google Analytics data fetched at runtime is held only in process memory long enough to return the result to the AI assistant; it is not written to disk by ga-mcp-full and is discarded when the MCP subprocess exits.
ga-mcp-full uses Google user data solely to fulfill the user's tool requests within their AI assistant session. Specifically, ga-mcp-full does not:
ga-mcp-full itself performs no model training, fine-tuning, or analytics on the data.)
ga-mcp-full itself is an intermediary that runs on your machine and does not introduce additional data-collection relationships.
analytics.edit and analytics.readonly scopesThe tool exposes ~30 GA4 Admin API and Data API operations. They map to two scopes, each the minimum its API accepts:
analytics.edit (Admin API) covers the administrative read/write operations — create, update, and delete custom dimensions, custom metrics, key events, audiences, data streams, Firebase/BigQuery/Google Ads links, measurement-protocol secrets, and data-retention settings.analytics.readonly (Data API) covers the reporting operations (run_report, run_realtime_report). The GA4 Data API does not accept analytics.edit, so analytics.readonly is the minimum scope that enables reporting.
Google's OAuth model offers no finer-grained write scope below analytics.edit, and no single scope spans both the Admin write operations and the Data API reads, so both are requested. The tool requests no broader analytics scope and no restricted scopes. Users who only need read access may set up their own OAuth client limited to analytics.readonly via the environment-variable override documented in the project README.
To revoke ga-mcp-full's access at any time:
/ga-mcp-full:auth-logout in Claude Code (or ga-mcp-full auth logout at the shell) to delete the local token cache.Either step alone is sufficient to end future access; both are recommended for defense in depth.
Changes are made by commit to PRIVACY.md in the source repository; this page is rendered from that canonical source. The "Last updated" date at the top reflects the most recent substantive change.
Email ringo380@gmail.com or open an issue at github.com/ringo380/ga-mcp-full/issues.