AutoGBPBack to Home

Privacy Policy

Last updated: February 20, 2026

1. Introduction

AutoGBP SEO ("we," "our," or "us") provides a Google Business Profile management platform that helps businesses and agencies optimize their local search presence. This Privacy Policy explains how we collect, use, store, and share your information, including data obtained through Google APIs.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and password (stored securely with encryption). We do not collect any additional personal information during registration.

2.2 Google Business Profile Data

When you connect your Google account via OAuth 2.0, we access the following data through the Google Business Profile API, with your explicit consent:

  • Business location information (name, address, phone, website, categories)
  • Customer reviews and your replies
  • Business posts and media (photos)
  • Performance metrics (impressions, clicks, search keywords)
  • Your Google email address (for account linking)

2.3 OAuth Tokens

We store encrypted OAuth 2.0 access tokens and refresh tokens to maintain your connection to Google APIs. These tokens are encrypted at rest using AES-256 encryption and are only used to make authorized API calls on your behalf.

3. How We Use Your Data

We use your data exclusively to provide and improve the user-facing features of our platform:

  • Displaying and managing your business reviews
  • Creating, scheduling, and publishing posts to your Google Business Profile
  • Uploading and optimizing photos for your business listing
  • Generating performance analytics and reports
  • Running AI-powered audits of your business profile
  • Tracking local search rankings
  • Generating AI-enhanced content (posts, review replies, photo metadata)

4. Google API Services - Limited Use Disclosure

AutoGBP SEO's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data to provide or improve user-facing features that are prominent in our application's user interface.
  • We do not transfer Google user data to third parties, except as necessary to provide or improve user-facing features, for security purposes, or to comply with applicable law.
  • We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, or it is required to comply with applicable law.
  • We do not transfer, sell, or use Google user data to determine creditworthiness or for lending purposes.

5. Data Storage and Security

  • All data is stored in secure, managed databases (Supabase) with row-level security policies.
  • OAuth tokens are encrypted at rest using AES-256 encryption before storage.
  • All data transmission uses HTTPS/TLS encryption in transit.
  • User passwords are hashed using industry-standard algorithms before storage.
  • We implement role-based access controls to ensure users can only access their own data.

6. Data Sharing

We do not sell, rent, or trade your personal information or Google user data. We only share data in the following limited circumstances:

  • Service providers: We use third-party services (Supabase for database, Vercel for hosting, Stripe for payments, OpenAI for AI features) that process data on our behalf under strict data processing agreements.
  • AI processing: When you use AI features (audit summaries, post generation, review replies), your business data may be sent to AI model providers (OpenAI) for processing. This data is used solely to generate responses and is not retained by the AI provider for training purposes.
  • Legal requirements: We may disclose data if required by law, legal process, or government request.

7. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide our services. You can request deletion of your data at any time:

  • Disconnect a location: Disconnecting a Google Business Profile location from our platform will delete all stored OAuth tokens and locally cached data for that location.
  • Delete your account: Contact us to request full account deletion. We will delete all your data, including Google API data, within 30 days.
  • Revoke access: You can revoke our access to your Google account at any time through your Google Account permissions page.

8. Google OAuth Scopes

Our application requests the following Google OAuth scopes, which are the minimum required for our functionality:

  • business.manage -- Required to read and write your Google Business Profile data (locations, reviews, posts, photos, performance metrics).
  • userinfo.email -- Required to identify your Google account and link it to your AutoGBP account.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for Google API data access at any time
  • Export your data in a portable format

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your data rights, please contact us at privacy@autogbp.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.