Can Competitors Reverse-Engineer Your COGS From Google Shopping Feeds

The cost_of_goods_sold field in Google Merchant Center is never shown publicly. But repeated sale-price floors, supplemental feeds, and shared agency access still leak margin structure — here's the realistic threat model.
Quick answer
No — the cost_of_goods_sold attribute in Google Merchant Center is a private field and never appears in Shopping ads, the public product page, or any scrape of your feed. But competitors can still approximate your margin structure by watching how far your sale_price drops during promotions, and by exploiting supplemental feeds or shared agency logins. The COGS field itself is safe; the behavior around it is the leak.
Reverse-engineering COGS from Google Shopping feeds
The practice of inferring a competitor's cost of goods sold by scraping their public Shopping ad prices, promotional floors, and feed behavior over time.
Google Merchant Center accepts a cost_of_goods_sold attribute that feeds Smart Bidding and profit reporting, but Google treats it as strictly internal — it is never emitted in the rendered Shopping ad, the product landing page, or any public API. Reverse-engineering therefore does not target that field directly. Instead, competitors run price-scraping tools against your Shopping surfaces for weeks or months, log every sale_price change, and use the lowest observed floor as a proxy for your break-even point. The threat is real but narrower than most merchants assume, and the biggest leak vectors are usually operational (supplemental feeds, agency access) rather than the feed data itself.
The concern comes up whenever a finance lead first sees the cost_of_goods_sold column in a Shopify export mapped into Merchant Center. The instinct is understandable: if Google can see it, and my agency can see it, who else can?
Why competitors think they can reverse-engineer your COGS
Shopping ads expose price, availability, shipping cost, and — during promotions — the sale_price alongside the strikethrough price. That is enough public data for a scraper to build a longitudinal price history for every SKU in your catalog.
Once a competitor has 60-90 days of that history, they can spot the lowest recurring floor. If a beauty SKU always bottoms out at €14.90 during Black Friday, Boxing Day, and end-of-season sales, that floor is treated as your gross-margin-zero point. Add an assumed 10-15% contribution margin and they have a working estimate of your landed cost.
The COGS field itself is not the leak
Google Merchant Center holds cost_of_goods_sold as a private attribute — it is not returned by the Content API to unauthenticated callers, not rendered in the Shopping ad, and not visible in the product landing page's structured data. Every documented leak in the wild has come from either (a) inferring floors from public prices, or (b) an operational access failure — never from scraping the field.
What scrapers like Prisync, Price2Spy and Competera can actually see
Commercial competitive-pricing tools operate on the public Shopping surface and your PDP. They record price, availability, promo badges, shipping, and stock indicators — typically twice a day per SKU. None of them access Merchant Center. None see your COGS field.
What they do produce is a clean CSV of every price you have ever advertised. Combined with a rough freight estimate for your category and public data on your supplier region, a smart analyst gets within ±15% of your true landed cost on hero SKUs. On long-tail SKUs they get nowhere close, because you never discount those aggressively enough to reveal a floor.
The real leak surfaces (in order of severity)
Supplemental feeds are the highest-risk surface. Merchants often build a supplemental feed containing custom_label_0 through custom_label_4 with margin buckets, then share the Google Sheet with an agency contractor. That sheet is one forwarded link away from a competitor.
The second surface is agency Merchant Center access — a former agency retains standard access after offboarding and can export the full product feed including cost_of_goods_sold. The third is repeated sale_price floors on hero SKUs, which is the only genuinely public inference channel.
30-day scraping threat model
A direct competitor scraping your Shopping ads for 30 days can reliably reconstruct: your top 20 SKUs by ad spend, your promotional cadence, your lowest advertised price per SKU, and — for any SKU discounted below 70% of MSRP — a landed-cost estimate within ±20%. They cannot see per-SKU margin, blended margin, supplier terms, or freight structure unless a supplemental feed or agency login has leaked.
How to actually protect your margin structure
Stop uploading raw per-SKU COGS in supplemental feeds. Bucket SKUs into 3-5 margin tiers (say, low / mid / high / hero) and pass the tier label into custom_label_2 instead. Smart Bidding gets almost identical signal from tiered margin as it does from per-unit COGS, but a leaked tier map tells a competitor nothing actionable.
Then audit your Merchant Center access list quarterly, revoke every former agency and contractor, and never discount a hero SKU below your true break-even during a public sale. If you must clear inventory below cost, do it on a private channel — email list, loyalty tier, wholesale — not Google Shopping, where every scrape tool in the industry is watching.
Frequently asked questions
No. Google treats cost_of_goods_sold as a private attribute used only for internal reporting and Smart Bidding signals. It is not returned in Shopping ads, the Content API for unauthenticated callers, or any public surface. Only users with Merchant Center access to your account can see it.
No. These tools scrape the public Shopping surface and your product pages — they have no access to your Merchant Center account. They record advertised prices, promotions, and stock indicators. They can infer a floor over time, but they cannot see the actual COGS field.
For hero SKUs that you discount aggressively during predictable sale windows, a competitor with 60-90 days of scraping data typically lands within ±15-20% of your true landed cost. For long-tail SKUs that never go on deep discount, they cannot get close because there is no observable price floor.
Yes, significantly. Primary feeds are automated exports from your commerce platform and rarely contain raw margin data. Supplemental feeds are usually Google Sheets edited by humans, often shared with agencies, and frequently contain custom labels with margin buckets or per-SKU COGS — making them the single largest operational leak surface.
Almost never. Decoy SKUs pollute your own bidding data, confuse Smart Shopping, and cost more in wasted ad spend than any competitor could plausibly extract from your real data. Access hygiene and margin-tier bucketing solve the same problem without harming performance.
That is a serious exposure. A former agency with standard access can export the entire product feed including private attributes like cost_of_goods_sold. Audit your Merchant Center user list every quarter, and revoke access the same day any contract ends — treat it with the same discipline as your ad account permissions.
Only if you upload raw per-SKU COGS. If you upload bucketed margin tiers via custom_label fields, the risk is minimal — a leaked tier label tells a competitor which SKUs are in your top-margin bucket, but not the actual margin figure or your cost basis.
Not directly from the feed. But combined with product images, GTINs, and the price floor, an experienced buyer in your category can often narrow supplier candidates to a shortlist — especially for private-label goods where the manufacturer is identifiable from packaging or hardware details visible in product photos.
Safer, but expensive. Without cost_of_goods_sold, Smart Bidding cannot optimize for profit — only for revenue or ROAS. Most merchants find the incremental profitability from margin-aware bidding outweighs the residual leak risk, provided they use tier buckets rather than raw per-SKU costs.
Quarterly at minimum, and always immediately after any agency or freelancer offboarding. The audit should cover Merchant Center users, Google Ads users with linked Merchant Center access, shared Google Sheets used as supplemental feeds, and any third-party feed management tool that holds an OAuth token to your account.
Get an AI expert review of your site
Paste your URL — Metricuno's AI runs the same heuristic checks a senior CRO consultant would, scoring your page and prioritising the fixes that'll move conversion fastest.