This privacy policy applies to (1) the BizProfile marketing website (this site) and (2) the BizProfile Manager application (the product you use to manage Google Business Profile). We describe what data we collect, why we use it, how long we keep it, and your rights.

1. Who we are

BizProfile (or “we”) operates the marketing website and the BizProfile Manager SaaS application. For privacy requests or questions, contact us at privacy@bizprofile.app or via our contact form. We are the data controller for the personal data we process as described below.

2. Scope: marketing site vs. product

  • Marketing website (this site): Contact form, demo request form, newsletter signup, cookies, analytics, and related usage data.
  • BizProfile Manager (the application): Account registration, profile, Google connection, locations, reviews, reply templates, insights, posts, team members, billing, audit logs, and related product data.

If you only use the marketing site, only the marketing-site sections apply. If you use BizProfile Manager, the product sections also apply.

3. Data we collect on the marketing website

  • Contact form: Name, email, company (optional), and message. We use this to respond to your enquiry. We may also store UTM parameters (e.g. source, medium, campaign) from your session to understand how you found us. We require your consent before submission.
  • Demo request form: Name, email, company (optional), phone (optional), number of locations (optional), and UTM parameters. We use this to follow up on your demo request and to improve our sales process.
  • Newsletter: Email address (and UTM parameters if present). We use it to send product updates and marketing only if you have subscribed. You can unsubscribe at any time.
  • Cookies and similar technologies: We use a cookie-consent banner. Essential cookies (e.g. session, CSRF) are required for the site to function. If you accept non-essential cookies, we may load analytics (e.g. Google Analytics with IP anonymization) and use event tracking to understand how the site is used. We do not sell this data to third parties.
  • Internal use: Form submissions may be used for lead scoring, funnel analysis, and, if configured, syncing to CRM tools (e.g. HubSpot, Salesforce). This is for our legitimate business purposes (sales and marketing).

4. Data we collect in BizProfile Manager

  • Account and profile: When you register, we collect name, email, and password (stored hashed). You can add or update your name, email, and profile photo in your profile. We may send verification and transactional emails.
  • Google connection: When you connect your Google account to use the Business Profile API, we receive and store access and refresh tokens in an encrypted form. We use these only to access your GBP locations, reviews, insights, and to post replies or local posts on your behalf. We do not use your Google data for advertising or sell it to third parties.
  • Product data: Data that flows through the product—locations, reviews, reply templates, insights, scheduled posts, project names, report footers, logos, team member emails and roles, shared dashboard tokens—is stored in our systems and is strictly isolated per account. We do not mix or share this data between accounts.
  • Billing: Subscription and payment are handled by Razorpay. We store your plan (tier), subscription identifier, and billing state. We do not store full payment card details; those are held by Razorpay under their privacy policy.
  • Audit and operations: We keep audit logs of certain actions (e.g. reply posted, settings changed, team member added) for security and compliance. We do not log the full content of review replies in audit logs; we log metadata (e.g. action type, user, timestamp).
  • AI features: When you use AI-powered draft replies or “improve reply,” we send the necessary text to our configured AI provider (e.g. Google Gemini or OpenAI). We log usage metadata (e.g. operation type, token counts) for billing and limits; we do not log the full reply text in our systems. The AI provider’s use of data is governed by their terms and privacy policy.
  • Notifications: You can set preferences for emails (e.g. new review, reply ready, sync failure). We store these preferences and send emails accordingly; we may throttle sending to respect quotas.

5. Legal basis and consent

We process your data based on: (a) your consent (e.g. contact form, newsletter, cookie banner, optional profile photo); (b) performance of a contract (e.g. providing BizProfile Manager and billing); (c) legitimate interests (e.g. security, fraud prevention, improving our services, analytics where consent is given). You can withdraw consent where it applies—for example by unsubscribing from the newsletter, rejecting non-essential cookies, or contacting us to delete your data.

6. Data retention

We keep your data only as long as needed for the purposes above. Form submissions and newsletter data are retained for as long as needed to fulfil your request and our legitimate business purposes (e.g. marketing until you unsubscribe or ask for deletion). Account and product data are retained while your account is active and for a reasonable period after closure for legal and operational needs. Audit logs and logs are retained according to our internal policies and applicable law. You can request deletion of your personal data (see “Your rights” below).

7. Your rights (including GDPR)

Depending on where you live, you may have the right to: access your personal data; correct inaccurate data; request deletion; request restriction of processing; object to processing; data portability; and withdraw consent. You also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at privacy@bizprofile.app or via the contact form. We will respond within a reasonable time and in line with applicable law.

8. Third parties and international transfer

We use third-party services that may process personal data on our behalf: Google (OAuth, Business Profile API, and optionally Analytics), Razorpay (payments), and AI providers (e.g. Gemini, OpenAI) for draft replies. Where we use analytics or CRM integrations, their processing is subject to their own privacy policies. Data may be processed in countries outside your residence; we ensure appropriate safeguards (e.g. contracts, adequacy decisions) where required by law.

9. Security

We use industry-standard measures to protect your data: encryption of sensitive data (e.g. Google tokens), secure authentication, account-scoped isolation so one customer’s data is not accessible to another, and access controls. No system is completely secure; we will notify you and regulators where we are legally required to do so in the event of a breach affecting your personal data.

10. Children

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it.

11. Changes to this policy

We may update this privacy policy from time to time. We will post the updated version on this page and, where appropriate, notify you (e.g. by email or a notice in the product). The “Last updated” date below indicates when the policy was last revised. Continued use of the marketing site or BizProfile Manager after changes constitutes acceptance of the updated policy where permitted by law.

12. Contact

For privacy requests, questions, or to exercise your rights: privacy@bizprofile.app or use our contact form.

Last updated: March 8, 2026.