Why Maark asks for Search Console access
Exactly what Maark reads, how it is stored and secured, and how to revoke access.
When you connect Google Search Console, Maark asks for a single, narrow permission. This page explains exactly what that permission covers, how your data is handled, and how to disconnect at any time.
The one scope we request
Maark requests webmasters.readonly — read-only access to Search Console. Alongside it are the standard sign-in scopes (openid, email, profile).
We chose the read-only scope on purpose. Maark only reads Search Console data. It never modifies sitemaps, adds or removes properties, or writes anything back to Google. This follows the principle of least privilege: we ask for the minimum needed for the features you use.
What we read
- Your list of properties (
sites.list) — so you can pick which one to connect. - Search Analytics data (
searchanalytics.query) — clicks, impressions, CTR, and average position at the page and query level, for the date ranges you work with.
What we do with it
- Fetch your Search Console data on a schedule using your authorization.
- Store it securely (details below) so dashboards load quickly.
- Aggregate it by topic cluster, content group, branded vs non-branded queries, and position bucket.
- Show it back to you as charts and tables.
- Analyze it to generate opportunities — like a cluster declining over 30 days, or a query ranking in the striking-distance zone with high impressions.
We do not use your data to train AI models, to serve ads, or to share with third parties. It is used only to give you SEO insight about your own properties.
How it is stored and secured
- Encryption in transit: all connections use TLS.
- Encryption at rest: your data is encrypted at rest by our database infrastructure, and access and refresh tokens are additionally encrypted with AES-256-GCM before they are written.
- Access control: only people in your organization with the right role can see your data, and project-scoped controls prevent any cross-tenant access.
- Monitoring: data access is logged, and unusual patterns are monitored.
Limited Use compliance
Maark's handling of Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements. We use the data only to provide the features you see, we do not transfer it except as needed to provide those features or to comply with law, and we do not use it for advertising.
How to disconnect
You are always in control:
- In Maark: disconnect the property in project settings. This stops syncing and revokes the token immediately.
- In Google: you can also revoke access from your Google Account's security settings at any time.
- Full deletion: request account deletion by emailing privacy@maark.ai; stored Search Console data is removed within 30 days.
For the complete policy, see our Privacy Policy.
More in Connect Google Search Console