Privacy Policy

Last updated: 2026-04-09

GBPHive ("we", "us", "our") provides Google Business Profile management, local rank tracking, and analytics tools. This policy explains what data we collect, how we use it, and the choices you have.

1. Information we collect

• Account information — name, email, password (hashed), and billing details.
• Google account data — when you connect Google Business Profile, Google Search Console, or Google Analytics, we access the data needed to display insights and perform actions you authorize. Scopes are shown on Google's consent screen before you grant them.
• Usage data — pages visited, features used, errors, IP address, and user agent for security and product improvement.
• Customer data you upload — businesses, locations, keywords, posts, media, and reviews you manage in GBPHive.

2. How we use Google user data

Data accessed from Google APIs is used solely to provide the GBPHive features you request: managing your Google Business Profile, retrieving Search Console and Analytics metrics, and generating insights. We do not sell, transfer, or use Google user data for advertising, train AI models on it, or share it with third parties except as required to provide the service (e.g. our hosting and database providers).

GBPHive's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How we use information

• Provide, maintain, and improve GBPHive.
• Process payments and manage subscriptions.
• Communicate with you about your account, security, and updates.
• Detect and prevent fraud or abuse.
• Comply with legal obligations.

4. Sharing

We share data only with:

• Service providers — Cloudflare (hosting, database), Stripe (payments), Resend (email), and similar processors bound by data processing agreements.
• Legal authorities when required by law.
• In a business transfer if GBPHive is acquired or merged.

5. Data retention

We retain account data while your subscription is active. After cancellation, we delete or anonymize personal data within 90 days unless we are legally required to keep it longer.

6. Your rights

You may access, export, correct, or delete your data at any time from your account settings or by emailing [email protected]. You may also disconnect Google integrations at any time, which revokes our access immediately.

7. Security

We encrypt data in transit (TLS) and at rest. OAuth tokens are encrypted with per-account keys. Access to production systems is restricted and logged.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

9. Children

GBPHive is not intended for users under 16.

10. Changes

We may update this policy. Material changes will be communicated by email or in-app notice.

11. Contact

Questions? Email [email protected].