Internal SEO ops tool

Google Search Console at scale, in one place.

Connect dozens of Google accounts. Aggregate clicks, impressions and rankings across all properties. Add new sites and verify them automatically via DNS or manually with a meta tag.

Last 30 days

11,437 clicks

▲ 41.7%

Unlimited

connected Google accounts

4 scopes

only what GSC API needs

Fernet

tokens encrypted at rest

HTTPS-only

all traffic, no public sign-up

See your portfolio at a glance

Every connected GSC property is shown as a compact card with live sparklines and a verification badge — CF (Cloudflare DNS) or META (HTML tag). Filter, sort, drill down.

example-uk.co.uk CF

4,150 12,450 4.3% 7.2

1037 keywords with impressions

getthebest.de META

1,266 5,320 2.1% 14.6

316 keywords with impressions

reviewscentral.fr CF

4,921 9,180 3.0% 10.4

1230 keywords with impressions

Built for SEO ops at scale

Four core workflows. No noise, no marketing fluff. Designed for a team that manages hundreds of properties.

Multi-account aggregation

Authorize any number of Google accounts via OAuth. Each token is stored encrypted and isolated. We never read Gmail, Drive or any other Google service.

Performance dashboards

Aggregated clicks/impressions/CTR/position charts with filters for query, page, country, device. Daily auto-sync at 03:00 UTC across every connected account.

Add & verify new sites

Two flows for adding properties: automatic Cloudflare DNS TXT (when the domain is on a connected CF account) or manual HTML meta-tag with copy-to-clipboard helper.

URL Inspection & coverage

Inspect any URL across the portfolio: index status, last crawl time, robots.txt state, declared vs. Google-chosen canonical, sitemap source, rich-result detections.

Permissions & security

We request the minimum OAuth scopes required for Search Console aggregation and site verification. No Gmail. No Drive. No Calendar. Nothing beyond GSC and the email used to identify your connection.

      webmasters
      read & write GSC properties
    
      siteverification
      create & verify ownership tokens
    
      openid
      obtain a stable Google account ID
    
      userinfo.email
      identify which Gmail this token belongs to

Use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Refresh tokens are encrypted with Fernet (AES-128-CBC + HMAC) at rest.

Questions

Is this a public product?

No. It is an internal operations tool for a single SEO team. Access to the dashboard is gated by a shared password. Each Google account that authorizes the tool grants consent through the standard Google OAuth flow.

Does the tool read Gmail or any other Google data?

No. It only requests the Search Console (webmasters) and Site Verification (siteverification) scopes plus minimal account identification (openid, userinfo.email). It never touches Gmail, Drive, Calendar or any other Google product.

How are refresh tokens stored?

Refresh tokens are encrypted at rest using Fernet (AES-128-CBC + HMAC). The encryption key lives in an environment variable separate from the database, so a database leak alone does not expose tokens.

How do I revoke access?

At any time, visit myaccount.google.com/permissions and revoke "GSC Aggregator". The refresh token in our database becomes invalid immediately and the connection is marked as needing re-authorization.

Where is the data hosted?

Application and PostgreSQL database are hosted on Railway. All traffic is HTTPS-only. The application stores only the Search Console performance metrics needed for the aggregation views.

GSC Aggregator

Operator: Anton Maiatsky · anton.maiatsky@growica.com

Privacy Terms Sign in →