Google OAuth & Google Tag Manager

Integration Homepage

Any personal data we gain access to via Google’s API and OAuth integration is governed by a Special Application Privacy & Data Usage Statement on our main Privacy Policy page.

You may connect ListenLayer’s online software with your Google User Account for Single Sign-On (SSO) to power our Google Tag Manager integration.

To allow ListenLayer access to your Google account, you must grant us access to certain aspects of your Google account using OAuth. The content below provides details regarding the purpose for this (SSO) and Google Tag Manager connection, how you benefit from the connection, how you can remove the connection, and the controls we have in place to ensure deployment integrity. In addition, we provide details surrounding each element inside your Google Account that we require access to for the integration with (SSO) and/or Google Tag Manager to work.

The Purpose & Benefits

ListenLayer is a cloud-based application that allows you to automate the creation of structure data from user activity on your website. This data can be used to measure activity from visitors; however, the data must be sent to analytics and marketing platforms to be used. The most common way of sending data to these platforms is to utilize Google Tag Manager. Google Tag Manager is also the easiest way to deploy the main ListenLayer script to your website.

Our integration with Google Tag Manager exists to streamline how you deploy relevant ListenLayer elements into Google Tag Manager. For example, rather than manually deploying the main ListenLayer script, you can simply connect your ListenLayer account to Google Tag Manager, and we will automatically deploy it. This not only speeds up the deployment of ListenLayer but also removes the possibility of manual errors when creating Google Tag Manager elements and allows you to begin using ListenLayer faster.

In addition, and separate from our integration with Google Tag Manager, you may choose to connect your Google Account to ListenLayer to power (SSO). This will streamline your ability to access ListenLayer without maintaining a separate password.

Removing the Connection

You can remove ListenLayer’s connection to your Google account at any time. To do so, follow Google’s instructions provided here.

Our Deployment Controls

We have specific controls built into our software to reduce the likelihood of accidentally deploying code to your website using Google Tag Manager. For example, suppose you have unpublished changes inside Google Tag Manager and attempt to deploy another change using ListenLayer. In that case, we have elements to avoid accidentally publishing your other changes. Here is a list of the controls we have in place to prevent these instances.

  1. Before making any changes in Google Tag Manager, we’ll prompt you with a clear list of items we will change and ask you to confirm them.
  2. If the changes that ListenLayer is making will be published, we will indicate that before you confirm the changes.
  3. Before connecting to your Google Tag Manager account, we check your user permissions and only display Containers to which you have Edit or Publish access.
  4. Whenever we deploy published changes, a new version is generated in GTM, allowing you to easily and quickly revert the changes we have made.
  5. If we see other unpublished changes in your Google Tag Manager Workspace, we will create a new Workspace for our changes. This allows us to publish our changes without publishing your other changes.

Ultimately, it is your responsibility to check what exists inside your Google Tag Manager account and what has been published in every version of the container. Therefore, we recommend checking Google Tag Manager directly after executing any changes inside ListenLayer.

What Data We Require From Your Google Account

To connect to your Google Tag Manager account and allow our application to operate with the appropriate controls and functionality described above, we require access to specific user data from your Google account using OAuth. Therefore, our connection to Google Tag Manager will not work correctly unless these permissions are granted.

We have made an effort to minimize the number of permissions we require. Google calls these permissions “scopes” and breaks them into non-sensitive and sensitive types. We have listed the scopes we require below, along with Google’s description of the data we are gaining access to and why we need it.

userinfo.email

  • Google’s Description: See your primary Google Account email address
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth. We use this to identify your Google account within our system and to you.

userinfo.profile

  • Google’s Description: See your info, including any personal information you’ve made publicly available
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth. We use this to identify your Google account within our system and to you.

openid

  • Google’s Description: Associate you with your personal information on Google
  • Google Type: Non-sensitive
  • Why ListenLayer needs this: This information is a standard element provided to us by Google when using OAuth. We use this to identify your Google account within our system.

tagmanager.manage.users

  • Google’s Description: Manage user permissions of your Google Tag Manager account and container
  • Google Type: Sensitive
  • Why ListenLayer needs this: We only allow you to connect ListenLayer to containers where you have Edit or higher access levels. You will not benefit from connecting ListenLayer to your Google account without these access levels. Therefore, we must access this scope to identify the containers with the correct access levels you can utilize within ListenLayer.

tagmanager.edit.containers

  • Google’s Description: Manage your Google Tag Manager container and its subcomponents, excluding versioning and publishing
  • Google Type: Sensitive
  • Why ListenLayer needs this: ListenLayer uses this scope to create and make actual changes to tags, triggers, and variables inside your Google Tag Manager container. You will gain no value from connecting ListenLayer to Google without this scope.

tagmanager.edit.containerversions

  • Google’s Description: Manage your Google Tag Manager container versions
  • Google Type: Sensitive
  • Why ListenLayer needs this: ListenLayer uses this to create new versions in your Google Tag Manager account whenever we deploy changes. This accomplishes one of our controls stated above, allowing you to revert our changes quickly if needed.

tagmanager.publish

  • Google’s Description: Publish your Google Tag Manager container versions
  • Google Type: Sensitive
  • Why ListenLayer needs this: If you have Publish Access to the container that ListenLayer makes changes to, we may attempt to publish those changes. We do this to ensure that connecting ListenLayer to your Google account gives you the benefit of fast deployments with minimal room for manual errors.

You can learn more about Google Tag Manager’s API authorizations in this Google help article.