Google OAuth & Google Tag Manager

Integration Homepage

Any personal data that we gain access to via Google’s API and OAuth integration is governed by a Special Application Privacy & Data Usage Statement located on our main Privacy Policy page.

You may choose to connect ListenLayer’s online software with your Google User Account for the purposes of Single Sign On and/or to power our Google Tag Manager integration.

In order to allow ListenLayer access to your Google account, you must grant us access to certain aspects of your Google account using OAuth. The content below provides details regarding the purpose for this Single Sign On and Google Tag Manager connection, how you benefit from the connection, how you can remove the connection, and controls we have in place to ensure deployment integrity. In addition, we provide details surrounding each of the elements inside your Google Account that we require access to in order for the integration with Single Sign On and/or Google Tag Manager to work.

The Purpose & Benefits

ListenLayer is a cloud-based application that allows you to automate the creation of structure data from user activity on your website.  This data can be used to measure activity from visitors; however, the data must be sent to analytics and marketing platforms in order to be used. The most common way of sending data to these platforms is to utilize Google Tag Manager.  Google Tag Manager is also the easiest way to deploy the main ListenLayer script to your website.

Our integration with Google Tag Manager exists in order to streamline how you deploy relevant ListenLayer elements into Google Tag Manager.  For example, rather than manually deploying the main ListenLayer script, you can simply connect your ListenLayer account to Google Tag Manager and we will deploy it automatically for you. This not only speeds up the deployment of ListenLayer, it removes the possibility of manual errors when creating Google Tag Manager elements and allows you to begin using ListenLayer faster.

In addition, and separate from our integration with Google Tag Manager, you may choose to connect your Google Account to ListenLayer in order to power Single Sign On. The purpose of this is to streamline your ability to access ListenLayer without maintaining a separate password.

Removing the Connection

You can remove ListenLayer’s connection to your Google account at any time. To do so, follow Google’s instructions provided here.

Our Deployment Controls

We have specific controls built into our software to reduce the likelihood of an accidental deployment of code to your website using Google Tag Manger.  For example, if you have unpublished changes inside Google Tag Manager and you attempt to deploy another change using ListenLayer, we have elements in place to avoid accidentally publishing your other changes. Here is a list of the controls we have in place to avoid these instances.

  1. Prior to making any change in Google Tag Manager, we’ll prompt you with a clear list of items we will change and ask you to confirm them.
  2. If the changes that ListenLayer is making will be published, we will indicate that clearly prior to you confirming the changes.
  3. Prior to making a connection to your Google Tag Manager account, we check your user permissions and only display Containers that you have Edit or Publish access to.
  4. Whenever we deploy changes that are published, a new version is generated in GTM, allowing you to easily and quickly revert the changes we have made.
  5. If we see other unpublished changes in your Google Tag Manager Workspace, we will create a new Workspace for our changes. This allows us to publish our changes without publishing your other changes.

Ultimately, it is your responsibility to check what exists inside your Google Tag Manager account and what has been published in every version of the container. We recommend checking Google Tag Manager directly after executing any changes from inside ListenLayer.

What Data We Require From Your Google Account

In order to connect to your Google Tag Manager account and allow our application to operate with the appropriate controls and functionality described above, we require access to specific user data from your Google account using OAuth.  Our connection to Google Tag Manager will not property work unless these permissions are granted.

We have made an effort to minimize the number of permissions we require. Google calls these permissions “scopes” and breaks them into non-sensitive and sensitive types. We have listed each of the scopes that we require below, along with Google’s description of the data we are gaining access to and why we need it.

userinfo.email

  • Google’s Description: See your primary Google Account email address
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth.  We use this to identify your Google account within our system and to you.

userinfo.profile

  • Google’s Description: See your personal info, including any personal info you’ve made publicly available
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth.  We use this to identify your Google account within our system and to you.

openid

  • Google’s Description: Associate you with your personal info on Google
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth.  We use this to identify your Google account within our system.

tagmanager.manage.users

  • Google’s Description: Manage user permissions of your Google Tag Manager account and container
  • Google Type: Sensitive
  • Why ListenLayer needs this: We only allow you to connect ListenLayer to containers where you have Edit, or higher access levels. Without these access levels, you will not benefit from connecting ListenLayer to your Google account.  We must access this scope in order to identify the containers with the correct access levels that you can utilize within ListenLayer.

tagmanager.edit.containers

  • Google’s Description: Manage your Google Tag Manager container and its subcomponents, excluding versioning and publishing
  • Google Type: Sensitive
  • Why ListenLayer needs this: ListenLayer uses this scope in order to create and make actual changes to tag, triggers, and variables inside your Google Tag Manager container. Without this scope, you will gain no value from connecting ListenLayer to Google.

tagmanager.edit.containerversions

  • Google’s Description: Manage your Google Tag Manager container versions
  • Google Type: Sensitive
  • Why ListenLayer needs this: ListenLayer uses this to create new versions in your Google Tag Manager account whenever we deploy changes.  This accomplishes one of our controls stated above, allowing you to revert our changes easily if needed.

tagmanager.publish

  • Google’s Description: Publish your Google Tag Manager container versions
  • Google Type: Sensitive
  • Why ListenLayer needs this: If you have Publish access to the container that ListenLayer makes changes to, we may attempt to publish those changes.  We do this to ensure that connecting ListenLayer to your Google account provides you with the benefit of fast deployments with minimal room for manual errors.

You can learn more about Google Tag Manager’s API authorizations in this Google help article.