Privacy Policy

SmartLocol, ("SmartLocol," "we," "us," or "our") operates the SmartLocol website and web application (the "Service") that provides Google Business Profile monitoring and guidance services. This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Google's API Services User Data Policy.

1. Definitions

Personal Data

Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly.

Business Profile Data

Information related to your Google Business Profile, including business name, address, phone numbers, website URLs, business hours, categories, verification status, and profile health metrics.

Controller

The entity that determines the purposes and means of processing personal data. SmartLocol acts as a Controller for your account information and as a Processor for Google Business Profile data accessed on your behalf.

Processor

An entity that processes personal data on behalf of the Controller.

Data Subject

An identified or identifiable natural person whose personal data is processed by a Controller or Processor.

2. Google API Services & Compliance

SmartLocol integrates with Google's Business Profile API and Places API (New) to provide our monitoring and guidance services. Our integration is designed to meet Google's comprehensive privacy and security requirements.

2.1 OAuth Scopes and Permissions

We request only the following Google OAuth scope(s) necessary for our Service:

• https://www.googleapis.com/auth/business.manage - Read-only access to your Google Business Profile data
• https://www.googleapis.com/auth/userinfo.email - Access to your email address for account identification
• https://www.googleapis.com/auth/userinfo.profile - Access to basic profile information (name, picture)

2.2 Read-Only Access and Authorization

We only request necessary permissions to monitor your Google Business Profile. We cannot and would not modify your listings. You explicitly grant access to your specific business profile through Google's secure OAuth 2.0 flow, which follows industry-standard security practices.

2.3 Token Security and Management

All Google API tokens are encrypted using AES-256 encryption and stored securely in our database. Access tokens are automatically rotated every 60 days and can be revoked at any time through your Google account settings. When you disconnect your Google account from SmartLocol, all associated tokens are immediately and permanently deleted.

3. Information We Collect

3.1 Account Information

When you create an account with us, we collect:

• Google account email address
• Profile name and picture (from Google)
• Account preferences and settings
• Notification preferences
• Account creation and last login timestamps

3.2 Business Profile Data

With your explicit authorization, we collect the following data from your Google Business Profile:

• Business name and address
• Phone numbers and website URLs
• Business hours and categories
• Verification status and history
• Profile health metrics and compliance status
• Review ratings and response status (metadata only)

3.3 Usage and Analytics Data

We automatically collect certain information when you access and use our Service:

• Device information (browser type, operating system, device identifiers)
• Log information (IP address, access times, pages viewed, actions taken)
• Feature usage patterns and performance metrics
• Error reports and diagnostic information

3.4 Cookies and Tracking Technologies

We use Google Analytics to track aggregate usage metrics and improve our Service. Google Analytics uses cookies to collect information about how visitors use our website. This information is used to compile reports and help us improve our Service. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from, and the pages they visited.

We also use essential cookies for authentication and session management. You can control cookie settings through your browser preferences, though disabling certain cookies may limit your ability to use some features of our Service.

No personally identifiable information is shared with third parties through our analytics implementation.

4. How We Use Your Information

4.1 Service Provision

We use your information to:

• Monitor your Google Business Profile for potential threats, policy violations, and verification issues
• Provide real-time alerts about issues that could affect your business visibility
• Generate personalized, step-by-step guidance for profile optimization
• Maintain health dashboards and performance analytics
• Ensure compliance with Google's Business Profile policies

4.2 Communication

We may use your contact information to:

• Send you important notifications about your account or Service changes
• Provide customer support and respond to your inquiries
• Send security alerts and breach notifications
• Deliver service-related announcements and updates

4.3 Service Improvement

We use aggregated and anonymized data to:

• Analyze usage patterns and improve our Service functionality
• Develop new features and capabilities
• Conduct research and analytics to enhance user experience
• Ensure system security and prevent fraud

5. Information Sharing and Disclosure

5.1 No Data Sales

We never sell, rent, or monetize your personal data or business information. Your information is used exclusively for providing our monitoring and guidance services.

5.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service, conducting our business, or serving our users. These service providers include:

• Cloud hosting and infrastructure providers (AWS, Google Cloud)
• Email service providers for notifications
• Security and monitoring service providers
• Customer support and analytics platforms

Any service provider we engage is bound by strict contractual confidentiality and data processing agreements. We conduct regular privacy and security audits of these third parties to ensure they maintain appropriate safeguards for your data.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency), including to meet national security or law enforcement requirements.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
• Access Control: Your data is only accessible to you and our authorized monitoring systems with role-based access controls
• Audit Logging: Complete audit trails track all data access and system actions for security and compliance
• Regular Security Assessments: We conduct regular security reviews and penetration testing
• Employee Training: All employees receive regular privacy and security training

6.2 Data Storage and Transfers

All data is stored in secure data centers located in the United States (AWS US-East-1 and US-West-2 regions). For users in the European Union, any data transferred to our U.S. servers is protected under Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers.

6.3 Security Incident Response

In the unlikely event of a data breach affecting your personal data or business profile information, we will notify affected users within 72 hours of discovering the breach, in accordance with applicable data breach notification laws (GDPR Article 34, CCPA Section 1798.82). We will provide details about the nature of the breach, the data involved, and the steps we are taking to address the incident.

7. Data Retention

We retain your information only as long as necessary for the purposes outlined in this Privacy Policy:

• Active Accounts: We retain your data as long as your account remains active and you continue using our services
• Account Closure: When you close your account, we delete all personal data within 30 days, except where required by law
• Google API Tokens: Access tokens are automatically rotated every 60 days and permanently deleted when you disconnect your Google account
• Anonymized Analytics: Some usage statistics may be retained in anonymized form for service improvement purposes
• Legal Requirements: We may retain certain information for longer periods if required by applicable laws or regulations

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal data:

• Right of Access: Request a complete copy of all data we have collected about your account and business profile
• Right of Rectification: Request corrections to any inaccurate information in your account or profile data
• Right of Erasure: Request complete deletion of your account and all associated data from our systems
• Right to Restrict Processing: Temporarily suspend our monitoring services while retaining your account settings
• Right to Data Portability: Download your data in a portable format for transfer to another service
• Right to Object: Object to the processing of your personal data for specific purposes

8.2 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority in your country
• Right to receive information about automated decision-making (we do not use automated decision-making that significantly affects you)

EU users may contact us to exercise their rights under the GDPR, or lodge a complaint with their local data protection authority. A list of EU data protection authorities can be found at:https://edpb.europa.eu/about-edpb/board/members_en

8.3 CCPA Rights (California Users)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it is used
• Right to delete personal information we have collected
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@smartlocol.com with the subject line "Privacy Rights Request." We will respond to your request within 30 days and may require verification of your identity before processing your request.

9. International Data Transfers

Our services are hosted in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

By using our Service, you consent to the transfer of your information to the United States. We ensure that such transfers comply with applicable data protection laws through the implementation of appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes via email and in-app notifications at least 30 days before they take effect. We encourage you to review this Privacy Policy periodically for any changes.

Continued use of our Service after changes to this Privacy Policy constitutes acceptance of the updated terms. If you do not agree to the updated Privacy Policy, you may discontinue use of our Service and close your account.

12. Contact Information

If you have any questions about this Privacy Policy, your privacy rights, or our data practices, please contact us:

We are committed to resolving any privacy-related concerns promptly and transparently. For urgent privacy matters or security concerns, please mark your email as "URGENT" in the subject line.

13. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal bases:

• Consent: For processing Google Business Profile data and sending marketing communications
• Contract Performance: For providing our monitoring and guidance services
• Legitimate Interests: For service improvement, security, and fraud prevention
• Legal Obligation: For compliance with applicable laws and regulations

You have the right to withdraw your consent at any time where we rely on consent as the legal basis for processing your personal data. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

14. Automated Decision Making

We use automated systems to analyze your Google Business Profile data and generate recommendations. However, we do not make automated decisions that significantly affect you without human oversight. All critical recommendations and alerts are reviewed for accuracy and relevance before being presented to you.

You always retain full control over implementing any recommendations we provide, and our system never takes automated actions on your Google Business Profile without your explicit instruction.