Privacy policy

Google User Data

Our applications use Google APIs to help customers manage their online presence. This section describes what Google user data we access, how we use it, who we share it with, how we store and protect it, and how long we keep it. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data accessed

When you grant access through Google's OAuth consent screen, we may receive the following Google user data, depending on which connections you authorize:

• Google account identity (scopes: openid, userinfo.email, userinfo.profile) - your email address, name, profile picture, and Google account ID. Used only to identify you across sessions and to display your account in our dashboard.
• Google Business Profile (scope: business.manage) - the business locations you manage, location attributes (name, address, phone, hours, categories, website), posts, photos, reviews and review replies, Q&A, and performance insights. We read and (with your direction) write updates back to your locations.
• Google Analytics (scopes: analytics.readonly, analytics.edit) - the GA4 properties, data streams, configuration, and aggregate traffic metrics for properties you authorize.
• Google Search Console (scopes: webmasters, webmasters.readonly) - the sites you have verified, search performance queries, indexing status, and sitemap submissions for those sites.
• Google Ads (scope: adwords) - the customer accounts you manage, campaign configuration, ad copy, keywords, and performance reports.
• Google Tag Manager (scope: tagmanager) - the containers you manage and tag configuration.
• Google Indexing API - URL submission requests we make on your behalf when content on your website changes.
• Gmail (scope: gmail.send where authorized) - permission to send transactional or outreach email from your Gmail account on your behalf. We do not read your inbox, your sent mail, or your contacts.
• Google Maps Platform - we send addresses and place names to Google Maps Geocoding and Places APIs to resolve them to coordinates. These requests are made with our own API key, not with your Google credentials.

How we use Google user data

• To display your business locations, analytics, search performance, and ad performance inside our customer dashboard.
• To publish updates, posts, photos, and review responses to your Google Business Profile when you instruct us to (manually or via approved automation rules).
• To submit URL update requests through the Indexing API when content on your website changes.
• To generate AI-assisted suggestions (review responses, post copy, ad copy, content). Suggestions are produced from your data with our LLM subprocessors, described below, and require your approval before any publication.
• To send authorized transactional or outreach email from your Gmail account when you have explicitly configured a workflow that requires it.

Limited Use. We use Google user data only to provide and improve the user-facing features described above. We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, or as required by law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising. We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized.

Data sharing

We do not sell Google user data. We share Google user data only with the subprocessors that operate our platform, each bound by a data processing agreement and acting only on our instructions:

• Supabase - our database and authentication infrastructure (United States region). Stores tokens, business profile metadata, and dashboard data.
• Anthropic - the large-language-model provider that powers AI suggestions inside the dashboard. Data sent for inference is governed by Anthropic's zero-retention enterprise terms and is not used for model training.
• Netlify and Railway - our application hosting providers. Process requests in transit but do not retain Google user data.
• Sentry - error monitoring. Receives application errors and stack traces; we scrub tokens and Google user data from error payloads before they leave our servers.

We also use Twilio (SMS), SendGrid (email), Stripe (billing), and Bland (voice) for their respective product functions, but those subprocessors do not receive Google user data.

Data storage and protection

• Encryption in transit. All connections to our applications and to Google APIs use TLS 1.2 or higher.
• Encryption at rest. Google access and refresh tokens, OAuth state, and other sensitive credentials are encrypted at rest in our Supabase Postgres database.
• Tenant isolation. Customer data is logically isolated by tenant and protected by Postgres row-level security policies so one customer cannot read another customer's Google data.
• Access controls. Production database access is restricted to a small number of operations staff and uses multi-factor authentication. Every staff action that touches a customer record is recorded in an immutable action log.
• Secret rotation. OAuth client secrets and service-account keys are rotated when staff with access leave the company and on a routine schedule.
• Incident response. Suspected unauthorized access triggers an internal investigation, token revocation for affected accounts, notification to affected customers, and (where applicable) disclosure to Google within the timeframes required by Google's policies.

Data retention and deletion

• We retain Google user data only as long as you keep the connection active in our dashboard or as long as it is reasonably needed to provide the service you signed up for.
• You can disconnect any Google service at any time from the Connections page in our dashboard. Disconnecting revokes our access tokens with Google and queues your cached Google user data for deletion within 30 days.
• You can also revoke our access at any time from your Google account permissions page. Revocation through Google immediately stops our ability to call Google APIs on your behalf.
• You can request deletion of all your Google user data and all other personal information we hold by emailing support@websitewannabe.com. We confirm receipt within 5 business days and complete deletion within 30 days unless we are required by law to retain a specific record.
• Account-closure data deletion is irreversible. Aggregated, anonymized analytics that cannot be tied back to your account may be retained.