How many people here have read the Google Analytics Terms of service (TOS)? Anyone? Bueller? If you’re using GA you should know what you can and can not do with the tool, which is outlined in the TOS.
You can find the TOS, in all its glory, here: http://www.google.com/analytics/tos.html
The first part of the TOS is actually very interesting. It defines certain GA terms including:
- Page View: “Page View” is the unit of measurement for usage of the Service. A Page View is used when the UTM is executed on a web page accessed by a visitor, and processed as part of a Profile. A Page View will be incurred for each instance of the UTM on the web page, and for each Profile receiving information from the UTM for such web page.
- Profile: “Profile” means the collection of settings that together determine the information to be included in, or excluded from, a particular Report. For example, a Profile could be established to view a small portion of a web site as a unique Report. There can be multiple Profiles established under a single Site.
- UTM: “UTM” means the proprietary Google Analytics Tracking Code, which is installed on a web page for the purpose of collecting Customer Data, together with any fixes, updates and upgrades provided to you (collectively, the “UTM”).
I especially like the definition of a profile. Many people have trouble understanding that a profile is more than just a website. It’s business rules (filters) applied to a set of data.
But my favorite part is section 7, the PRIVACY section:
I think there are two very interesting things to note about section 7:
First, you can not use GA to collect any personally identifiable information (PII). This means no names, email addresses, IP addresses, etc. One mistake that many people make, inadvertently, is collecting PII in the URL. If you have a form that collects visitor data, and that form passes data via query string parameter, then you may be collecting PII. If you’re unsure if you are collecting PII, just check the top content report. Look for any records that include an email address, name, etc. It’s easy to resolve this issue, just exclude the appropriate query string parameters in the profile settings.
Also, if you’re using any third party solutions make sure that they do not violate the GA TOS.
What are the consequences of violating this policy? Honestly, I don’t know. I’ve always advised clients to adhere to this policy as it is in the best interest of their customers. And happy customers are usually a good thing. There are options to integrate GA data with other information… but that’s a completely different blog post.