Starship
starship / search / google-youtube-sales

Audit report

Google & YouTube

Broad accessReach : moderateSensitive Access

by Google LLC · Sales Channels · Shopify App Store

Sales Channelsv5.8.0
Risk level
Broad access
Executive summary

Canal officiel Google avec Merchant Center, Performance Max, YouTube Shopping. Risque Medium, partage de données vers Google pour les ads, mais avec un cadre de conformité mature et des contrôles merchant clairs.

Key insights

  • Sync catalogue Merchant Center + intégrations Google Ads & YouTube.
  • Risque Medium, partage acheteur vers Google pour les ads, encadré.
  • Note 4,5 sur 8 950 avis, meilleure que le canal Meta.
  • Conformité héritée de Google Cloud (SOC 2, ISO 27001, EU-US DPF).

Top findings

No critical or high findings detected.
Synthesis

Analysis summary

Canal officiel Google avec Merchant Center, Performance Max, YouTube Shopping. Risque Medium, partage de données vers Google pour les ads, mais avec un cadre de conformité mature et des contrôles merchant clairs.

Key insights
  • Sync catalogue Merchant Center + intégrations Google Ads & YouTube.
  • Risque Medium, partage acheteur vers Google pour les ads, encadré.
  • Note 4,5 sur 8 950 avis, meilleure que le canal Meta.
  • Conformité héritée de Google Cloud (SOC 2, ISO 27001, EU-US DPF).
  • Tag Manager / GA4 souvent installés en complément (responsabilité marchand).

This section is available to signed-in users

Sign up free to unlock findings, data flow and theme code analysis for every Shopify app.

Get started
Permissions

OAuth scopes requested

These are the access permissions this app asks for during install. The sensitivity column reflects PII exposure and merchant impact.

read_products
Low

Sync catalogue Merchant Center.

read_orders
Medium

Attribution ads.

read_inventory
Low

Sync stock.

write_pixels
High

Tag Google Ads.

This section is available to signed-in users

Sign up free to unlock findings, data flow and theme code analysis for every Shopify app.

Get started

This section is available to signed-in users

Sign up free to unlock findings, data flow and theme code analysis for every Shopify app.

Get started
Attack surface

Network surface

Primary domain
google.com
TLS grade
A+
HSTS
Enabled
CSP
Enabled

TLS 1.3, HSTS preload, CSP stricte (Google).

Posture

Compliance & certifications

GDPR webhooks Pass
SOC 2 Type II Pass
ISO 27001 Pass
PCI DSS Fail

Google Cloud SOC 2, ISO 27001, EU-US DPF. DPA publique. Historique d'amendes RGPD CNIL.

Privacy policy
Track record

Publisher reputation

Publisher
Google LLC
Verified Shopify Partner
Yes
Years active
6
Other apps
0
Past incidents
  • 2019, Amende CNIL 50M€ (consentement).
LLM exposure

AI / LLM usage

No LLM usage detected. This app does not appear to forward any customer or merchant data to large-language-model providers.