Integration
Growcita + Google
A single Google OAuth grant unlocks the five Google surfaces Growcita uses: Google Ads, Google Analytics 4, Search Console, Google Business Profile, and YouTube. One connection row in your workspace; each agent only touches the subset of scopes its tools require.
For details specifically about the Paid Media agent's Google Ads behaviour (write actions, Limited Use, Customer Match), see the Google Ads integration page.
What each Google surface does
- Google Ads: Read campaign performance, run health audits, and execute approved budget and bid changes. Customer Match audience uploads (SHA-256 hashed) are supported with explicit user consent. New campaigns are created paused.
- Google Analytics 4: Pull GA4 reports and metrics so the Growth Marketer, CRO, and SEO agents can attribute paid spend to downstream conversions and tie content performance to revenue. Read-only.
- Search Console:Read keyword rankings, indexing status, and search-performance metrics for the SEO agent. Read-only — Growcita never submits sitemaps or modifies Search Console settings.
- Google Business Profile: Manage local listings, posts, and review replies. Public posts and review replies always require human approval via the approval gate.
- YouTube: Read channel and video analytics for the Organic Social and Creative agents. Read-only; publishing and playlist changes go through the approval gate.
Data we read
- · Google Ads customers, campaigns, ad groups, ads, keywords, audiences, performance metrics, change history
- · GA4 properties, reports, conversions, and audience data
- · Search Console sites, search analytics, indexing status
- · Google Business Profile locations, posts, reviews, insights
- · YouTube channels, videos, public analytics
Data we write
- · Google Ads: create campaigns (paused), adjust budgets, pause / resume, update ads, add negative keywords, upload hashed Customer Match audiences
- · Google Business Profile: post updates, reply to reviews, edit listing fields (all approval-gated)
- · GA4, Search Console, YouTube: read-only
Every write passes through autonomy, budget, guardrail, and approval gates before reaching the Google APIs.
OAuth scopes we request
When you click “Connect Google” in your Growcita dashboard, we redirect you to Google's consent screen and request only the scopes required to deliver the features you signed up for. You can review and approve each scope before granting access.
| Scope | Why we need it |
|---|---|
| openid, email, profile | Identify the connected Google account so we can attach it to your Growcita workspace and surface which account each integration is using. |
| .../auth/adwords | Read campaign data and execute approved write actions against your Google Ads accounts. Google does not expose a read-only variant for the Google Ads API. |
| .../auth/analytics.readonly | Pull GA4 reports so the Growth Marketer, CRO, and SEO agents can attribute paid spend to conversions. Read-only. |
| .../auth/webmasters.readonly | Read Search Console performance for the SEO agent. Read-only. |
| .../auth/business.manage | Manage Google Business Profile listings, posts, and review replies. Public posts and review replies always require human approval. |
| .../auth/youtube.readonly | Read YouTube channel and video analytics for the Organic Social agent. Read-only. |
We only request scopes for features you intend to use. If you connect Google solely for one surface (say, just Google Ads), you can decline the other scopes at the consent screen and Growcita will simply skip the features that depend on them.
The OAuth grant uses access_type=offline + prompt=consentso Google issues a refresh token. The access token is silently re-issued before expiry — you never see surprise disconnections.
Limited Use commitment
Growcita's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- No model training. We do not use Google user data to train, develop, or improve generalized or non-personalized AI/ML models.
- No advertising. We do not use Google user data for advertising, sell it, or share it with data brokers.
- No third-party transfer. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features prominent in the Growcita interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
- No human reading. Humans at Growcita do not read your Google data except (a) with your explicit consent for support, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations on aggregated, de-identified data.
How we secure your data
- Encrypted refresh tokens. Google refresh tokens are stored in our Supabase Postgres database encrypted at rest. Access tokens are short-lived and never written to disk in plaintext.
- TLS in transit. All requests to Google APIs and between Growcita services use TLS 1.2 or higher.
- Scoped service identity. Workers run with least-privilege service accounts and can only access the credentials of the user whose task they are processing.
- Audit log on every write. Every Google Ads, Business Profile, or YouTube write is recorded in our internal
tool_executionstable. Paid-media writes also snapshot pre/post campaign state for guardrail evaluation. - Guardrails before every write. See our security disclosure policy for vulnerability reporting and the features page for autonomy levels and human-approval gates.
Revoke access at any time
You can revoke Growcita's access to your Google data instantly:
- 1. Go to myaccount.google.com/permissions
- 2. Find “Growcita” and click Remove access
- 3. Or, sign in to Growcita and disconnect from the Integrations page
Delete stored Google data
Disconnecting deletes the encrypted refresh token from our database. To delete cached performance data and reports as well, follow the Data Deletion Instructions, or email privacy@growcita.com. Requests are processed within 30 days.
Independent third party
Growcita is an independent third-party application built on Google APIs. We are not affiliated with, endorsed by, or sponsored by Google LLC. “Google Ads”, “Google Analytics”, “Search Console”, “Google Business Profile”, and “YouTube” are trademarks of Google LLC.
Ready to connect?
Sign in to Growcita and connect your Google account in two clicks. You stay in control of which scopes the agents can use and what they're allowed to change.