Last updated: 15 June 2026
Introduction
This site uses cookies and related technologies on https://coffeemarketing.co.uk
What is a Cookie?
A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device.
Scripts and Web Beacons
Scripts execute code to make the website function interactively.
Web beacons are invisible text or images monitoring website traffic and storing user data.
Cookie Categories
Technical/Functional Cookies
These cookies enable website functionality and remember user preferences. They do not require consent as they are essential for the website to function properly.
Statistics Cookies
These cookies help us optimise your experience by understanding how you interact with our website. They require your permission before being placed.
Marketing/Tracking Cookies
These cookies create user profiles for advertising purposes across websites. They require your consent before being placed and are used to display relevant advertisements to you.
Third-Party Services
This site uses the following third-party services:
- Tawk: Chat support functionality
- Google reCAPTCHA: Spam prevention
- WordPress: Content management system
- Google Fonts: Typography and font delivery
- Google Maps: Location and mapping services
- Miscellaneous tracking services: Analytics and performance monitoring
Each of these services has their own privacy policy governing how they use your data.
How Coffee Marketing's Application Uses Google User Data
Coffee Marketing Digital operates an internal workflow-automation application registered with Google under the project name "Coffee Brain" (project ID coffeebrain). This section discloses, in full, the Google user data the application accesses, and how it uses, processes, stores, and shares that data, in compliance with the Google API Services User Data Policy — including the Limited Use requirements — and the Google APIs Terms of Service.
The application is used by Coffee Marketing Digital's own staff. The person who signs in with their Google Account explicitly grants access to their own Google Workspace data through Google's standard OAuth consent screen, and the application uses that data only to perform the internal marketing-operations tasks described below. It is not a consumer product and does not access the Google accounts of the general public.
Gmail (auth/gmail.modify, auth/gmail.send, mail.google.com)
Data accessed: the signed-in user's email messages, message metadata and labels, and the ability to send and modify messages.
How it is used: to archive industry newsletters and research notifications into Coffee Marketing's internal knowledge base; to read relevant inbox items when generating the team's daily briefing; and to compose, draft and send internal briefings and client or prospect emails on the signed-in user's behalf. Email content is processed only to provide these features and for no other purpose.
Google Calendar (auth/calendar)
Data accessed: the signed-in user's calendar events.
How it is used: to read upcoming events for the daily briefing and to check for scheduling clashes, and to create or update events when the user explicitly requests it.
Google Docs (auth/documents)
Data accessed: Google Documents the application creates or that the user opens with it.
How it is used: to generate client-facing reports and working documents from Coffee Marketing's own source material.
Google Slides (auth/presentations)
Data accessed: Google Slides presentations the application creates.
How it is used: to generate branded presentations and decks.
Google Drive (auth/drive.file, auth/drive.readonly, auth/drive)
Data accessed: files the application creates (drive.file); read access to list and search existing files (drive.readonly); and the ability to manage sharing permissions on files (drive).
How it is used: to store generated reports and presentations in Coffee Marketing's own Google Drive, to locate the source data files used to build deliverables, and to share completed deliverables with their intended recipients. The full Drive scope is used solely to set sharing permissions on documents the application itself produces.
Google Sheets (auth/spreadsheets)
Data accessed: the content of Google Sheets the user works with.
How it is used: to read and write Coffee Marketing's operational spreadsheets, such as client target data, content pipelines and internal finance tracking.
Google Analytics 4 (auth/analytics.readonly)
Data accessed: read-only GA4 reporting data.
How it is used: to read channel and performance metrics for analysis and reporting. No write access is requested.
How this data is stored
Google user data is processed on systems controlled by Coffee Marketing Digital. Generated documents and presentations are stored in Coffee Marketing Digital's own Google Drive; archived knowledge content is held in the agency's internal knowledge base; and marketing-performance data is stored in Google BigQuery within the European Union (europe-west2 region). OAuth access and refresh tokens are stored securely on controlled systems and are never committed to source code. Access is limited to authorised Coffee Marketing Digital personnel.
How this data is shared
Coffee Marketing Digital does not sell Google user data, does not use it for advertising, and does not transfer it to third parties, except (a) to Google's own APIs as required to provide the features above, or (b) where required by law. Coffee Marketing Digital does not use Google user data to develop, improve, or train generalised or non-personalised artificial-intelligence or machine-learning models.
The application's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.
Retention and revoking access
Google user data is retained only for as long as needed to provide the features above; marketing-performance data in BigQuery is retained for up to 180 days at granular level. The signed-in user can revoke the application's access to their Google data at any time at myaccount.google.com/permissions. Revoking access stops all further data access immediately. To request deletion of data already stored, contact Coffee Marketing Digital using the details at the end of this policy; requests are actioned within 30 days, in line with the GDPR right to erasure.
Google API Data Handling (The Analyser)
The Analyser (analyser.coffeemarketing.co.uk) is a separate application that connects to Google APIs on behalf of Coffee Marketing Digital and its contracted clients. The OAuth scopes used and how data is handled are summarised below. All data is stored in BigQuery in the European Union (europe-west2 region) and is never shared with third parties, sold, or used for advertising profiling.
Google Ads (auth/adwords)
Used to read campaign, ad group, keyword, search term, asset, product, Performance Max and cross-sell performance data daily into BigQuery. Data is presented to the contracting client in the Analyser dashboard. No write operations. Retention: 180 days at granular level.
Google Analytics 4 (auth/analytics.readonly)
Used to read GA4 channel performance, key events, and audience data for clients who have explicitly connected their GA4 property via the Analyser. Data is joined with Google Ads data for cross-channel attribution. The client may revoke access at any time via the Analyser UI or their Google account permissions.
Google Merchant Centre (auth/content)
Used to read product feed metadata (product IDs, titles, custom labels, feed issues) for clients running Shopping or Performance Max campaigns. Read-only — no feed modifications.
Google BigQuery (auth/bigquery.readonly + auth/cloud-platform.read-only)
Optional. Used only when a client elects to connect their own BigQuery project to the Analyser. Performs read-only SELECT queries against client-specified datasets; results are presented in the Analyser UI and not persisted in Coffee Marketing's BigQuery.
Revocation
Clients may revoke any Google API connection at any time:
- Via the Analyser UI: Clients → {your account} → Settings → relevant connection panel → Disconnect.
- Via Google: myaccount.google.com/permissions → revoke "The Analyser".
Revoking a connection stops further data syncs. Historical data already in BigQuery is deleted on written request to Coffee Marketing within 30 days, per the GDPR right to erasure.
Your Rights
You have the following rights regarding your personal data:
- Access: Request access to your personal data
- Corrections/Deletions: Request corrections or deletions of your personal data
- Revoke Consent: Withdraw your consent at any time
- Transfer Data: Request transfer of your data to another organisation
- Object to Processing: Object to the processing of your personal data
To exercise any of these rights, please contact us at Get In Touch.
Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:
Information Commissioner's Office
Website: ico.org.uk
Contact Us
If you have any questions about this Privacy & Cookie Policy, please contact us:
Coffee Marketing Digital
Bournemouth, UK
Email: Get In Touch
Website: https://coffeemarketing.co.uk
