How Jarvia handles your Google data

If you run a maritime, offshore, or industrial B2B business, you have probably sat through a procurement call where someone asks: what exactly does your platform access in our Google account, where does it go, and can you change anything?

Fair questions. Here is a plain-language answer — what Jarvia connects to, what we cannot do, and how your data is protected.

What we connect to

Jarvia reads from two Google products you already use:

• Google Search Console — queries, impressions, clicks, average position, and indexed pages.
• Google Analytics 4 — traffic, channels, landing pages, and country breakdowns.

That is the data behind your dashboards, monthly reports, and content decisions. We do not connect to Gmail, Drive, Ads billing, or Admin settings.

Read-only by design

When you authorise Jarvia, the OAuth scopes we request are read-only. The permission model in Google's API does not allow us to modify Search Console properties, delete Analytics data, or change settings in your Google account — even if our code tried.

If you revoke access in Google Account settings, sync stops immediately. We surface a reconnect prompt in your dashboard rather than retrying with a dead token.

Where your credentials live

To keep dashboards updated, Jarvia stores a Google refresh token — the credential that lets our server pull new metrics on a schedule.

That token is encrypted with AES-256-GCM at the application layer before it is written to the database. The encryption key is held in environment configuration, not in the database itself. A database export alone does not yield a usable token.

Tokens are decrypted only inside server-side sync jobs, held in memory for the duration of the job, and never sent to the browser, never logged, and never included in error messages shown to users.

Your data stays isolated

Jarvia is multi-tenant: many clients share one platform. Isolation is enforced at the database layer with row-level security policies — not by trusting that the application remembered to filter correctly.

In practice:

• A client user sees only rows tied to their organisation.
• Admin operators can access client data to run the service — the same way your accountant sees your books.
• Cross-client access attempts are blocked by policy, not convention.

Role checks (admin vs client) also run server-side on dashboard routes and server actions. Hiding an admin menu item in the browser is cosmetic; the real gate is on the server.

Sessions — not localStorage

Jarvia uses Supabase Auth. Your session lives in httpOnly cookies, not in browser localStorage. That means client-side JavaScript on the page cannot read your session token — a common mistake in hastily built SaaS apps.

Passwords for invited accounts must be at least 12 characters and are checked against known breach lists. There is no public sign-up; accounts are created by invitation only.

What goes to AI — and what never does

Jarvia uses AI to draft SEO content from briefs and keyword research. The model receives topic context and aggregated metrics — not your Google refresh tokens, not other clients' data, and not payment information.

AI-generated drafts are sanitised before render (no scripts, no embedded handlers). A specialist reviews content before it publishes.

Generated websites are separate

Client marketing sites Jarvia generates are static — no database, no admin panel on the public site. They run on their own subdomain so platform session cookies do not leak to client sites.

The only third-party script on a generated site is the GA4 tag the platform provisions for that client.

Singapore PDPA

Jarvia operates from Singapore. We publish a privacy policy explaining what we collect, why, and your rights under the Personal Data Protection Act.

If you stop working with us, we can revoke Google access, delete stored credentials, and remove your tenant data on request.

What we are still improving

No security page should pretend perfection. Today, rate limiting covers public endpoints such as the contact form and free audit tool. Distributed rate limits on authentication endpoints (needed at scale on serverless infrastructure) are on our roadmap.

We run cross-tenant isolation checks before onboarding real clients and review dependencies regularly.

FAQ

Can Jarvia change anything in my Google account?

No. The OAuth scopes are read-only for Search Console and Analytics. We cannot modify properties, delete data, or change account settings through the access you grant.

Where is my data stored?

Platform data (metrics, content, credentials) is stored in Supabase (PostgreSQL), hosted infrastructure used under our service agreement. Some processors operate outside Singapore; we take reasonable steps to keep protection comparable to PDPA expectations. See our privacy policy for the full list.

Who inside Jarvia can see my numbers?

Your dashboard users see your organisation's data. Platform operators (admin role) can access client data to operate the service — support, sync, and content review. Other clients cannot see your data; database policy enforces that separation.

What happens if we disconnect?

Revoke Jarvia in your Google Account permissions, or ask us to disconnect. Sync stops. We can delete stored tokens and tenant data on request. Your Google account and historical Google data remain yours — we only held copies of the metrics we synced for reporting.

Do you sell my data?

No. We do not sell personal data or use connected Google metrics for third-party advertising.