Privacy Policy

How ProfileOps handles data.

Effective May 1, 2026

This policy explains what ProfileOps collects, why it is used, and how it is protected when teams manage Google Business Profile operations through the service.

1. Information ProfileOps Collects

  • Account and user information: names, email addresses, roles, account membership, login state, password reset status, and invitation status.
  • Customer business information: account names, organization names, selected locations, tracked keywords, recommendations, proposals, workflow status, and audit activity.
  • Google Business Profile information: Google account and location identifiers, accessible location details, connection status, and OAuth data needed to keep the read-only connection working.
  • Operational information: timestamps, job IDs, error messages, logs, and service events needed for security, debugging, auditability, and reliability.

2. How ProfileOps Uses Information

  • to create and manage user and customer accounts;
  • to connect and display Google Business Profile locations;
  • to run profile syncs, audits, proposals, and rank workflows;
  • to record approvals, rejections, failures, and audit events;
  • to secure the service and investigate errors or abuse; and
  • to support and improve ProfileOps features.

3. Google API Data

ProfileOps requests Google Business Profile access so customers can choose the business locations ProfileOps should manage or monitor. The current Google integration is read-only. It does not publish profile changes, posts, or other live Google updates.

The use and transfer by ProfileOps of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Sharing

ProfileOps does not sell customer data. Data may be shared with:

  • authorized users and administrators for the same account;
  • Google APIs when you connect or refresh authorized access;
  • service providers that host, secure, process, analyze, notify, or support ProfileOps; and
  • legal, security, or compliance recipients when required to protect users, the service, or the public.

5. AI and Notifications

When configured, ProfileOps may use an AI provider to draft recommendation wording and a notification provider such as Slack to send review or failure alerts. These integrations are used only to operate the requested workflow.

6. Security

ProfileOps uses access controls, session cookies, audit records, encrypted Google refresh-token storage, and operational logs to protect the service. No system can guarantee perfect security, so users should protect credentials and report suspicious access.

7. Retention and Deletion

ProfileOps keeps information while it is needed to provide the service, meet legal or operational requirements, preserve audit history, and resolve disputes. Account administrators may request access changes, correction, export, disconnection, or deletion through their normal ProfileOps contact.

8. Children

ProfileOps is intended for business use and is not directed to children under 13. Children should not create accounts or submit personal information to the service.

9. Changes

ProfileOps may update this policy as the service changes. The effective date will be updated when changes are made. Continued use of the service after an update means the updated policy applies.

10. Contact

Privacy requests should go to your ProfileOps administrator or the person who sent your ProfileOps invitation. They can route the request to the service operator responsible for your account.