Privacy Policy — GMB Engine

1. Information We Collect

When you sign in with Google OAuth, we receive your name, email address, and profile picture. We also receive an access token and refresh token for your Google Business Profile account, scoped to https://www.googleapis.com/auth/business.manage.

We cache reviews, post data, and analytics from your GBP account in our Firestore database to power the dashboard and reduce API calls.

2. How We Use Your Data

To display your GBP reviews, posts, and analytics in the dashboard
To generate AI-powered reply suggestions via Google Gemini
To send review alert emails via SendGrid when configured
To process subscription payments via Razorpay

3. Data Sharing

We do not sell or share your data with third parties except for the services required to operate GMB Engine: Google (OAuth and GBP API), Razorpay (billing), and SendGrid (email alerts). All services are bound by their own privacy policies.

4. Data Retention

Session tokens are stored in Firestore and expire after 30 days of inactivity. Cached review data is retained until you disconnect your GBP account or delete your organisation. You can request data deletion by emailing privacy@jhonnyops.com.

5. Security

We use HttpOnly, Secure cookies for session management. OAuth tokens are encrypted at rest in Firestore. We do not store credit card data — all payment processing is handled by Razorpay, which is PCI-DSS compliant.

6. Your Rights

You can revoke GMB Engine's access to your Google account at any time via Google Account Permissions. To delete your account and all associated data, email privacy@jhonnyops.com.

7. Contact

Questions about this policy? Email privacy@jhonnyops.com.