Tracking Auditor
Run free audit

Help & Support

How Tracking Auditor works, how the scoring works (and how it improves over time), answers to common questions, and how to reach us.

How it worksHow scoring worksReading findingsHow scoring evolvesCommon questionsContact us

How it works

  1. 1

    Connect

    Sign in with Google. Tracking Auditor requests read-only access to Google Tag Manager and Google Analytics, plus permission to create files in your Google Drive (for exports). It cannot modify or read anything else in your Drive.

  2. 2

    Select

    Choose the GTM container and/or GA4 property you want to audit. You can run an audit with GA4 alone, with GTM, or both.

  3. 3

    Audit

    We pull your live container configuration and the last 30 days of GA4 traffic data through the Google APIs, cross-reference them, and score the setup. Nothing is written back to your accounts.

  4. 4

    Review & export

    You get a graded, on-screen report with prioritised findings and a full audit register. On a paid plan you can export a client-ready Google Doc and a Google Sheet of the full register to your own Drive.

How scoring works

Every audit is scored across five dimensions. Each is scored from 0–100, then combined into a single weighted overall score and an A–F grade. The weights reflect how much each area affects data trustworthiness and compliance risk.

DimensionWeightWhat it covers
Consent Architecture30%Consent Mode v2, per-tag consent types, whether marketing tags are gated until a visitor accepts cookies.
GTM Tag Governance20%Container hygiene — one GA4 config tag, no duplicates, snippet installed correctly, unused/orphaned tags, legacy UA tags.
GA4 Event Quality20%Event naming, duplicate events, the ecommerce event funnel, property configuration and data settings.
Cookie Classification15%Whether cookies fire before consent is given, based on your CMP/cookie declaration.
Conversion Integrity15%Conversion tag consent, key events configured correctly, duplicate-purchase and transaction-ID checks.

Grades

A
90–100
Excellent
B
75–89
Good
C
60–74
Fair
D
40–59
Poor
F
0–39
Failing

How to read the report

  • Findings are ranked by severity — Critical, High, Medium, and Low — so you know what to fix first.
  • The Audit Register (the Google Sheet, and the on-screen detail) lists every individual check with a Pass / Fail / Warning / Info result, what we found, and a recommended action.
  • Compliance status (Compliant / Partial / Non-compliant) is a separate flag for privacy-law risk, based on whether tracking runs before consent.

When a finding needs a closer look

Many checks flag potential risk from the shape and naming of your setup — not from reading the actual values in your data. The audit can see how your tags, events, and parameters are configured; it can’t always tell what a given field truly contains, or why it’s there.

For example, a GA4 parameter named email_address is flagged as possible personal data, because a field with that name often does carry PII. But if it only ever holds a hashed value, or a simple true/false flag, it may be perfectly fine. The name looked risky; the reality wasn’t. That’s a false positive — the check did its job by surfacing it, and your investigation cleared it.

So treat findings as signals to verify, not final verdicts. A Critical or High rating tells you where to look first — it doesn’t prove a problem exists. Check the flagged item, confirm what’s actually happening, and if it doesn’t apply to you, note it as reviewed and move on. If a check keeps flagging something that isn’t a real issue, tell us — that feedback is how we make the checks sharper.

How scoring evolves

Tracking Auditor is improved continuously. We regularly add new checks and refine existing ones as best practices change and as the GA4, GTM, and consent ecosystems evolve.

Because of that, re-running an audit after we ship an update can produce a different score even if your setup hasn’t changed. That’s expected — it usually means we’ve added a check that surfaced something already present, or tightened how an existing one is judged. Your configuration didn’t get worse; the audit got more thorough.

New checks are additive and designed to be fair. If you ever want to understand why a specific result changed between two runs, email us with both audit dates and we’ll explain exactly what moved.

Common questions

My GTM container or GA4 property isn't in the list

The dropdowns show every account the connected Google account can access. If something's missing, the Google account you signed in with doesn't have access to it — ask the account owner to grant you at least read access, then reconnect.

The audit errored or timed out

Large GTM containers and properties with lots of traffic take longer to analyse. Try running it again first. If it keeps failing, email us with your domain and roughly when it happened and we'll look into it.

I'm not seeing GA4 data-quality results

The data-quality checks read the last 30 days of traffic via the GA4 Data API. A brand-new property, or one with very little traffic, won't have enough data for those specific checks — the rest of the audit still runs.

Why did my score change when nothing changed on my site?

We add and refine checks regularly. A re-run after we ship an improvement can score differently even if your setup is identical — see “How scoring evolves” above. Your configuration didn't get worse; we got more thorough.

A finding doesn't look right for our setup

Some checks flag risk from naming and configuration patterns rather than from reading your actual data, so a finding can be a false positive once you investigate — see “When a finding needs a closer look” above. Verify the flagged item; if it genuinely doesn't apply, treat it as reviewed. If a check is consistently wrong for you, email us and we'll refine it.

Exports are locked

The Google Doc and Google Sheet exports are available on paid plans. The on-screen audit — scores, findings, and the full register — is always available, including on the free audit.

What can Tracking Auditor access?

Read-only access to Google Tag Manager, Google Analytics (Admin + Data), and Google Drive (create-files-only). We never modify your accounts — the only thing we write is the export file we create in your own Drive. Full detail is in the Privacy Policy.

Contact us

Stuck on something, found a bug, or have feedback on a finding? Email us directly — a real person reads every message, and we usually reply within one business day.

Email hello@trackingauditor.io

To help us help you faster, include: the domain you were auditing, what you expected vs. saw, and a screenshot if it’s a visual issue.