I'm pretty sure the answer to this question is "no", but I would like to get a definitive answer from an official source, and also understand what my alternative options might be.
Long story short, my app has old data in it that used to include user email addresses as a GET parameter. Those URLs are showing up as unique page view URLs in Google analytics, like this:
I don't want to be recording email addresses in my Google Analytics account (for privacy reasons), and I have fixed the code that was causing this in the first place, but I also want to delete or scrub the old data that currently exists in Google Analytics.
From everything I've read, it doesn't sound like this is possible without completely deleting the property, maybe even the account?
To be clear, I am NOT interested in creating new views that don't include URLs with email parameters in them, or otherwise change the view and not the data. The data needs to be gone and be completely inaccessible to anyone with access to this Google Analytics account.
Here are the options I've come up with:
Delete the property and start over. I'm pretty sure this will
actually delete the collected data, but it's not clear to me if I
would have to actually delete the account itself to achieve that.
Set the data retention time to the lowest possible value (looks like 14 months right now) and wait 14 months for it to go away https://support.google.com/analytics/answer/7667196?hl=en
Perform some kind of magic to get in contact with an actual human at Google who could help me scrub or remove this data.
Does this sound right? Are there options I'm missing? If there's a way to do this through a Google API that would not be a problem.
If this is still a relevant issue. GoogleAnalytics provides a way to delete some data. Universal Analytics https://support.google.com/analytics/answer/9450800?hl=en and GA4 https://support.google.com/analytics/answer/9940393?hl=en&ref_topic=2919631
You are right: changing the data, that you have collected, and Google Analytics have already processed, is not possible. You have the option to make changes during processing with various filters, e.g. Search-and-replace filters, but as it is written in this official support article:
Like all filters, search-and-replace filters only apply to hits
collected after you've applied the filter to the view (filters cannot
change historical data).
Regarding you suggested options:
Deleting a view or property will result in a permanent loss of data after a 35 days period of waiting time. (While this could be undone.) So unless the requirement of scrubbing the collected PII is more important than having your historical data, this should not be a way to go. The same applies to deleting the whole account, so it would be enough to delete affected properties or views.
From the article you have linked as well, you can see, that data retention is about removing user and event level data, and it will not affect the data in aggregated reports. My understanding is, that an already created, page level report will keep showing the page with an email address:
Keep in mind that standard aggregated Google Analytics reporting is
not affected.
I hope these references help you to evaluate your options. Sorry for not being able to come up with a solution, but the basic concept is, as highlighted in this Google article:
Once Analytics processes the data, it’s stored in a database where it can’t be changed
I am searching for a way to track user behavior on my website. I want to know if it is possible to get a table with data looking something like this:
+------+---------------+-----------------+------+---------+
| time | ip or user_id | user_session_id | link | actions |
+------+---------------+-----------------+------+---------+
(Link - where user came from)
I want to track different user actions by sessions. Is this possible using Google Analytics or I should search other tools? My site is currently set up to track events but on my Analytics account I get only the number of events that occurred. I want to track what a specific user does on my site.
tl;dr: if you must do this use Mixpanel or similar software.
Time based dimensions are already available (date, hour, minutes and datetime). "link" would be referrer. Actions in Google Analytics are basically pageviews, events and transactions, so you have that, too.
IP and user id are a big no-gos. Storing anything that that identifies a person is a violation of Googles Terms of Service and depending on your location might be a violation of national laws.And if by user_id you mean the Google Analytics feature of the same name, Google says you may set it for logged in users and have to unset it for user that log out, so by extension that means storing it in Ga would probably be a violation of their TOS.
The GA session id is not exposed via the interface. You may read it from the cookie and store it in a custom dimension (I'm not sure if this is allowed within the TOS, on the other hand GA premium customers get this via a BigQuery export in any case, so it should be allowed).
If you simply want to tell different users apart you might simply generate a string in the UUID format and store that in a custom dimension. If you want to actually identify users (by name, adress etc), well, you are not allowed to and Google will terminate your account if they find out.
Not to mention that it completely eludes why so many people want to track individual users. You must not use GA information to target individuals, and simply looking at individual user paths will not help you (I wrote an article about that, although I do not expect that this will convince you).
Google Analytics is for technical and legal reasons not a good tool for tracking individual users, if you need to do this use a software that is made for this purpose. Mixpanel is often mentioned in that context but I'm sure there are many other solutions.
I have asked this question several times over on the GA forum, but no result. So maybe you guys can help...
I have set up google analytics with userIds on various pages of a site, with the aim of identifying exactly which pages are looked at by which users. So, sending GA the string
ga('create', 'UA-39536320-1', {'userId': '1001'});
means GA keeps track of all accesses by user 1001, and I can then (in theory) track all pages looked at by this user.
Trouble is, GA reporting seems to offer no out-of-the-box way of doing this. Indeed, some of the reporting features supposedly enabled by GA with userIds just don't seem to be available (eg coverage; user engagement; etc).
Am I the only one trying to do this? Seems other people have achieved a similar result using custom variables; do I have to do that, and give up on GA userIds?
The userId feature can be used in conjunction with a user id enabled view (profile) to analyze cross device sessions.
As pointed out by DalmTo it is possible to use custom dimensions to track any non PII information about a user. This article here gives a good example combining sending user scoped custom dimensions along with imported CRM user data to analyze and segments users for remarketing purposes.
We have a site that tracks conversions through Google Analytics for redirects to an affiliate. However, not all redirected visitors convert to a sale after they leave our site. Our affiliate reports back to us weekly on who converted (and we can identify an individual user session from that report). Is there a way to get that conversion data back into Analytics? We've got a great coding team, but I just need to point them in the right direction.
Good question Jeff. If you don't mind the accuracy of the timing being off, your team could certainly just step through your site and intentionally trip the conversions.
Other than that, you may look into using a custom solution to bulk import that data using this type of API: Google Analytics for Mobile Websites
This Google Analytic server-side solution supports PERL, ASP.NET, JSP, and PHP. If you're looking for a repeatable process for batch importing GA data, this maybe a viable solution for you.
Hope this gets you going in the right direction.
I would not recommend manually 'tripping' the conversions.
There is no easy way to get the data back into Analytics. And it would depend on your reporting requirements (time lines, etc)
One way to approach this is to set a custom variable that is scoped to a visitor that would identify the visitor in an anonymous way (not personally identifiable manner, beware the privacy policy).
http://cutroni.com/blog/2011/05/05/merging-google-analytics-with-your-data-warehouse/
So when a visitor comes to the site, a custom variable would get set. This variable acts as a key to associate behavior on the site and the affiliates. Once you receive the data about which visitors converted from your affiliates associated to the non-personally-identifiable ID, you can use this to have code fire some conversion events once it recognizes on a separate visit that a visitor with certain custom variables set using the _getVisitorCustomVar()
http://code.google.com/apis/analytics/docs/gaJS/gaJSApiBasicConfiguration.html
Now, I realise the initial response to this is likely to be "you can't" or "use analytics", but I'll continue in the hope that someone has more insight than that.
Google adwords with "autotagging" appends a "gclid" (presumably "google click id") to link that sends you to the advertised site. It appears in the web log since it's a query parameter, and it's used by analytics to tie that visit to the ad/campaign.
What I would like to do is to extract any useful information from the gclid in order to do our own analysis on our traffic. The reasons for this are:
Stats are imperfect, but if we are collating them, we know exactly what assumptions we have made, and how they were calculated.
We can tie the data to the rest of our data and produce far more accurate stats wrt conversion rate.
We don't have to rely on javascript for conversions.
Now it is clear that the gclid is base64 encoded (or some close variant), and some parts of it vary more than others. Beyond that, I haven't been able to determine what any of it relates to.
Does anybody have any insight into how I might approach decoding this, or has anybody already related gclids back to compaigns or even accounts?
I have spoken to a couple of people at google, and despite their "don't be evil" motto, they were completely unwilling to discuss the possibility of divulging this information, even under an NDA. It seems they like the monopoly they have over our web stats.
By far the easiest solution is to manually tag your links with Google Analytics campaign tracking parameters (utm_source, utm_campaign, utm_medium, etc.) and then pull out that data.
The gclid is dependent on more than just the adwords account/campaign/etc. If you click on the same adwords ad twice, it could give you different gclids, because there's all sorts of session and cost data associated with that particular click as well.
Gclid is probably not 100% random, true, but I'd be very surprised and concerned if it were possible to extract all your Adwords data from that number. That would be a HUGE security flaw (i.e. an arbitrary user could view your Adwords data). More likely, a pseudo-random gclid is generated with every impression, and if that ad is clicked on, the gclid is logged in Adwords (otherwise it's thrown out). Analytics then uses that number to reconcile the data with Adwords after the fact. Other than that, there's no intrinsic value in the gclid number itself.
In regards to your last point, attempting to crack or reverse-engineer this information is explicitly forbidden in both the Google Analytics and Google Adwords Terms of Service, and is grounds for a permanent ban. Additionally, the TOS that you agreed to when signing up for these services says that it is not your data to use in any way you feel like. Google is providing a free service, so there are strings attached. If you don't like not having complete control over your data, then there are plenty of other solutions out there. However, you will pay a premium for that kind of control.
Google makes nearly all their money from selling ads. Adwords is their biggest money-making product. They're not going to give you confidential information about how it works. They don't know who you are, or what you're going to do with that information. It doesn't matter if you sign an NDA and they have legal recourse to sue you; if you give away that information to a competitor, your life isn't worth enough to pay back the money you will have lost them.
Sorry to break it to you, but "Don't be Evil" or not, Google is a business, not a charity. They didn't become one of the most successful companies in the world by giving away their search algorithm to the first guy who asked for it.
The gclid parameter is encoded in Protocol Buffers, and then in a variant of Base64.
See this guide to decoding the gclid and interpreting it, including an (Apache-licensed) PHP function you can use.
There are basically 3 parameters encoded inside it, one of which is a timestamp. The other 2 as yet are not known.
As far as understanding what these other parameters mean—it may be helpful to compare it to the ei parameter, which is encoded in an extremely similar way (basically Protocol Buffers with the keys stripped out). The ei parameter also has a timestamp, with what seem to be microseconds, and 2 other integers.
FYI, I just posted a quick analysis of some glcid data from my sites on this post. There definitely is some structure to the gclid, but it is difficult to decipher.
I think you can get all the goodies linked to the gclid via google's adword api. Specifically, you can query the click performance report.
https://developers.google.com/adwords/api/docs/appendix/reports#click
I've been working on this problem at our company as well. We'd like to be able to get a better sense of what our AdWords are doing but we're frustrated with limitations in Analytics.
Our current solution is to look in the Apache access logs for GET requests using the regex:
.*[?&]gclid=([^$&]*)
If that exists, then we look at the referer string to get the keyword:
.*[?&]q=([^$&]*).*
An alternative option is to change your Apache web log to start logging the __utmz cookie that google sets, which should have a piece for the keyword in utmctr. Google __utmz cookie and you should be able to find plenty of information.
How accurate is the referer string? Not 100%. Firewalls and security appliances will strip it out. But parsing it out yourself does give you more flexibility than Google Analytics. It would be a great feature to send the gclid to AdWords and get data back, but that feature does not look like it's available.
EDIT: Since I wrote this we've also created our own tags that are appended to each destination url as a request parameter. Each tag is just an md5 hash of the text, ad group, and campaign name. We grab it using regex from the access log and look it up in a SQL database.
This is a non-programmatic way to decode the GCLID parameter. Chances are you are simply trying to figure out the campaign, ad group, keyword, placement, ad that drove the click and conversion. To do this, you can upload the GCLID into AdWords as a separate conversion type and then segment by conversion type to drill down to the criteria that triggered the conversion. These steps:
In AdWords UI, go to Tools->Conversions->Add conversion with source "Import from clicks"
Visit the AdWords help topic about importing conversions https://support.google.com/adwords/answer/7014069 and create a bulk load file with your GCLID values, assigning the conversions to you new "Import from clicks" conversion type
Upload the conversions into AdWords in Tools->Conversions->Conversion actions (Uploads) on left navigation
Go to campaigns tab, Segment->Conversions->Conversion name
Find your new conversion name in the segment list, this is where the conversion came from. Continue this same process on the ad groups and keywords tab until you know the GCLID originating criteria
Well, this is no answer, but the approach is similar to how you'd tackle any cryptography problem.
Possibility 1: They're just random, in which case, you're screwed. This is analogous to a one-time pad.
Possibility 2: They "mean" something. In that case, you have to control the environment.
Get a good database of them. Find gclids for your site, and others. Record all times that all clicks occur, and any other potentially useful data
Get cracking! As you have started already, start regressing your collected data against your known, and see if you can find patterns used decrypting techniques
Start scraping random gclid's, and see where they take you.
I wouldn't hold high hope for this to be successful though, but I do wish you luck!
Looks like my rep is weak, so I'll just post another answer rather than a comment.
This is not an answer, clearly. Just voicing some thoughts.
When you enable auto tagging in Adwords, the gclid params are not added to the destination URLs. Rather they are appended to the destination URLs at run time by the Google click tracking servers. So, one of two things is happening:
The click servers are storing the gclid along with Adwords entity identifiers so that Analytics can later look them up.
The gclid has the entity identifiers encoded in some way so that Analytics can decode them.
From a performance perspective it seems unlikely that Google would implement anything like option 1. Forcing Analytics to "join" the gclid to Adwords IDs seems exceptionally inefficient at scale.
A different approach is to simply look at the referrer data which will at least provide the keyword which was searched.
Here's a thought: Is there a chance the gclid is simply a crytographic hash, a la bit.ly or some other URL shortener?
In which case the contents of the hashed text would be written to a database, and replaced with a unique id.
Afterall, the gclid is shortening a bunch of otherwise long text.
Takes this example:
www.example.com?utm_source=google&utm_medium=cpc
Is converted to this:
www.example.com?gclid=XDF
just like a URL shortener.
One would need a substitution cipher in order to reverse engineer the cryptographic hash... not as easy task: https://crypto.stackexchange.com/questions/300/reverse-engineering-a-hash
Maybe some deep digging into logs, looking for patterns, etc...
I agree with Ophir and Chris. My feeling is that it is purely a serial number / unique click ID, which only opens up its secrets when the Analytics and Adwords systems talk to each other behind the scenes.
Knowing this, I'd recommend looking at the referring URL and pulling as much as possible from this to use in your back end click tracking setup.
For example, I live in NZ, and am using Firefox. This is a search from the Firefox Google toolbar for "stack overflow":
http://www.google.co.nz/search?q=stack+overflow&ie=utf-8&oe=utf-8&aq=t&client=firefox-a&rlz=1R1GGLL_en-GB
You can see that: a) im using .NZ domain, b) my keyword "stack+overflow", c) im running firefox.
Finally, if you also stash the full landing page URL, you can store the GCLID, which will tell you the visitor came from paid, whereas if it doesn't have a GCLID, then the user must have come from natural search (if URL tagging is enabled of course).
This would theoretically allow you to then search for the keyword in your campaign, and figure out which adgroup them came from. Knowing the creative would probably be impossible though, unless you split test your landing URLs or tag them somehow.