About data source permissions

Stract needs your permission to extract the data for its reports. Each of the connectors, your data sources, that we connect to has requirements that your account needs to meet before granting Stract the correct permissions. Remember that you don’t have to use the Google account you use with Stract when logging into a data source account. Log in to each data source with any account that has the correct access and permissions for the queries you want to run. A common question is whether the permissions granted to Stract are secure. Stract only requests the permissions that are strictly necessary for the service and only uses them for read operations. Editing permissions are only required in cases where platforms do not provide read-only permissions. Examples include Google Ads permissions. The Google Ads API does not differentiate between some cases of editing and reading. Therefore, any tool like Stract, such as Supermetrics or Adveronix, also request editing information, as can be seen in the image below of the Google Ads authentication screens at Supermetrics:

The same number of permissions can be seen in the Adveronix authorization process when requesting a connection to Google Ads:

Remember that we only use the write and edit permissions of Google Sheets and Google Drive to add data to spreadsheets and run schedules. In the case of media platform connectors and other data sources, even though the permissions don’t differentiate between editing and reading, we only perform data extractions with the read methods. An example is the Adveronix permissions screen for your Google account, where we also see Google Sheets editing permissions:

At Stract we only work with the methods needed to perform the queries, although, as mentioned above, some APIs do not differentiate between permission levels. In addition, we only store information on our servers that is strictly necessary for the service, such as the token granted and the IDs of the managed accounts. Remember that you can manage and remove third-party apps from your Google and Facebook accounts (on Facebook you need to access the Business Integrations option). Even so, we recommend that you take care to log in only on familiar machines, always using a browser you trust, as well as reliable applications when working with your account permissions, in addition to other security measures provided by the platforms in use. If you still have questions about Stract’s authentication and permissions process, feel free to chat with us or email us at suporte@stract.to.