Privacy Policy
Last updated: April 3, 2026
1. Identity and Contact Details of the Data Controller
1.1 The data controller for personal data collected through the Localmente platform is Localmente S.r.l., hereinafter referred to as "Localmente", "we", or "the Controller".
1.2 For any questions regarding the processing of personal data, the data subject may contact the Controller at:
- Institutional website: https://localmentesrl.it
- Web application: https://app.localmentesrl.it
- Privacy email: privacy@localmentesrl.it
- Support email: support@localmentesrl.it
2. Scope of Application
This Privacy Policy describes how Localmente collects, uses, stores, and protects the personal data of users who access and use the Localmente SaaS platform. It applies to all personal data processed in connection with use of the Platform, including data obtained through the Google Business Profile API integration. By using the Platform, the user declares to have read and understood this Policy.
3. Categories of Personal Data Processed
3.1 Data provided directly by the user at registration
- Personal details: full name.
- Contact details: email address.
- Login credentials: passwords are stored in irreversibly hashed form; Localmente has no access to plain-text passwords.
- Business data: business or agency name, VAT number, full address, geographical coordinates, phone number, business email, website, Google Business category, slug identifier.
3.2 Data collected automatically during Platform use
- Navigation and usage data: pages visited, features activated, operation timestamps, session durations.
- Device technical data: IP address, browser type and version, operating system, screen resolution.
- Technical cookies: session cookies only, required for authentication. No profiling or third-party tracking cookies are used.
3.3 Data from the Google Business Profile API integration
| Category | Specific data received | Purpose |
|---|---|---|
| Integration credentials | Access token, refresh token, Google account ID, Google account email | Secure authentication to Google APIs |
| Listing information | Name, address, phone, website, hours, category, attributes, listing URL | Display and update within the Platform |
| Reviews | Review text, reviewer name, star rating (1–5), date, existing response | Monitoring, sentiment analysis, response management |
| Google Business posts | Title, body text, post type, validity dates, attached URLs | Creation, editing, publishing, and archiving of posts |
| Statistics | Visibility and interaction data | Reports and ranking monitoring |
3.4 Billing data
Payment data is processed directly by Stripe Inc. (PCI-DSS certified). Localmente has no access to payment card data.
4. Google API Permissions: Detail and Justification
The integration requires the https://www.googleapis.com/auth/business.manage scope to read and update listing information, manage reviews and responses, publish posts, and access statistics. The userinfo.email and userinfo.profile scopes are requested solely to identify the authorised Google account. Localmente does not request broader permissions than necessary.
5. Google API Services — Limited Use Disclosure
Localmente's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
Localmente commits to: (a) use Google Data exclusively for the declared purposes; (b) not transfer it to third parties except to necessary technical infrastructure providers; (c) not use it for advertising; (d) not use it to train general-purpose AI models; (e) not allow human access to Google Data except in limited, documented cases.
6. Purposes and Legal Basis for Processing (GDPR)
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Account management, authentication, Service features | Art. 6.1.b — Performance of a contract |
| Billing and tax obligations | Art. 6.1.b + Art. 6.1.c — Legal obligation |
| System logs and security | Art. 6.1.f — Legitimate interest |
| Aggregated analysis for Service improvement | Art. 6.1.f — Legitimate interest |
7. Data Retention
| Data category | Retention period |
|---|---|
| Account and business data | Duration of contract + 12 months |
| Google tokens | Until revocation, deleted within 24 hours |
| Data synchronised from Google | Duration of contract + 30 days |
| System logs | 90 days |
| Billing data | 10 years (tax obligation) |
| Anonymised data | Indefinite |
8. Data Security
Localmente implements: HTTPS/TLS 1.2+, encryption at rest for tokens and sensitive data, Row-Level Security on the database, bcrypt hashing for passwords, multi-factor authentication for internal staff, and audit logs of critical operations. In the event of a high-risk data breach, affected users will be notified as required by Art. 34 GDPR.
9. Recipients and International Data Transfers
| Provider | Service | Country |
|---|---|---|
| Supabase Inc. | Database, authentication, storage | USA |
| Vercel Inc. | Hosting, CDN | USA |
| Stripe Inc. | Payments and billing | USA |
| Google LLC | Google Business Profile API, OAuth | USA |
| Anthropic PBC | AI-powered SEO content generation | USA |
| Microsoft (Bing) | Ranking monitoring API | USA |
Transfers outside the EEA are carried out on the basis of Standard Contractual Clauses (SCC) approved by the European Commission.
10. Revoking Google Authorisation and Data Deletion
10.1 Via the Platform
Dashboard → Settings → Integrations → Google Business Profile → Disconnect. Tokens are deleted immediately.
10.2 Via Google
https://myaccount.google.com/permissions → find "Localmente" → Remove access. Tokens stored by Localmente will be deleted within 24 hours.
10.3 Full account and data deletion request
Send a request to privacy@localmentesrl.it with your name, email, and specification of data to be deleted. Within 48 hours the account is deactivated; within 30 days all personal data is securely deleted and written confirmation is sent. Billing data (10-year tax obligation) and anonymised data are excluded from deletion.
11. Data Subjects' Rights (GDPR)
| Right | GDPR Article |
|---|---|
| Right of access | Art. 15 |
| Right to rectification | Art. 16 |
| Right to erasure ("right to be forgotten") | Art. 17 |
| Right to restriction of processing | Art. 18 |
| Right to data portability | Art. 20 |
| Right to object | Art. 21 |
| Right not to be subject to automated decision-making | Art. 22 |
To exercise your rights: privacy@localmentesrl.it. Response within 30 days. You may also lodge a complaint with the competent supervisory authority. For Italian users: Garante per la Protezione dei Dati Personali — https://www.garanteprivacy.it.
12. Cookies and Tracking Technologies
Only strictly necessary technical cookies are used: authenticated session cookies (session duration / 7 days with "remember me") and UI preference cookies (30 days). No profiling, marketing, or third-party tracking cookies are used.
13. Minors
The Platform is not intended for persons under 18 years of age. To report data submitted by a minor: privacy@localmentesrl.it.
14. Changes to this Privacy Policy
Substantial changes are communicated with at least 14 days' notice by email or in-app notification. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
15. Contact
Localmente S.r.l.
Corso Castelfidardo 30/A - 10129 Torino (TO) — Italy
VAT: 13100310013
Privacy email: privacy@localmentesrl.it
Support email: support@localmentesrl.it
Website: https://localmentesrl.it