Effective date: 4 March 2026
Privacy Policy
Privacy Policy
This policy explains what personal data we process in GBP Optimiser, how we use it, which providers help us operate the service, and the rights available under UK data protection law.
What We Collect and Use
What we collect: Account details, connected Google Business Profile data, content you create, billing metadata, support records, and operational logs used to run the app.
Why we use it: To authenticate users, sync and manage business profile data, process payments, send email and SMS communications, provide support, protect the platform, and improve the service.
Who helps us: Key providers used in the app include Google, Paddle, AI providers, Zendesk, Resend, Mailgun, and Twilio, each acting within the services they power for us.
Your rights: Depending on the circumstances, you may ask for access, correction, deletion, restriction, objection, portability, and the right to complain to the ICO.;
1. Who we are
This Privacy Policy explains how Locali and 3local Ltd collects, uses, stores, and shares personal data when you use GBP Optimizer and related services. Locali is a sub contractor for the services of 3local Ltd. Locali does not store or sell any of your personal information.
3local Ltd is registered in England and Wales under company number 16598862. Our registered office is 232 Stamford Street Central, Ashton-Under-Lyne, United Kingdom, OL6 7NQ. For the purposes of UK data protection law, we are the data controller for the personal data described in this policy except where we act on your instructions as a service provider in relation to your own customer data.
If you have privacy questions, you can contact us at [email protected].
2. Personal data we collect
We collect account and identity data such as your name, email address, login details, workspace membership, profile settings, and records of sign-in or security events.
If you connect a Google account or Google Business Profile, we may collect and process connected account identifiers, granted permissions, profile details, locations, business descriptions, categories, opening hours, attributes, posts, reviews, replies, media, performance insights, search keyword data, and related metadata required to provide the Service.
We collect content and operational data you create or upload in the Service, including draft and published posts, images, profile edits, review response drafts, review request campaign data, scheduled emails, scheduled SMS messages, support requests, feature requests, bug reports, and related notes or attachments.
We also collect billing and transaction data such as subscription details, plan information, customer billing identifiers, transaction references, invoices, usage records, SMS credit purchases, and customer portal interactions. Full payment card details are handled by our payment providers rather than stored directly by us.
3. Data we collect automatically
We collect technical, device, and usage information needed to operate and secure the Service, such as IP address, browser type, approximate device details, session information, page or feature usage, audit trails, API logs, error data, and security-related activity records.
Where you contact support or submit a bug report, we may collect the information you provide about the issue, including page URLs, browser information, screen resolution, screenshots, expected behaviour, and reproduction steps.
4. How we use personal data
We use personal data to create and manage accounts, authenticate users, maintain workspaces, provide connected Google Business Profile features, create and schedule content, generate AI-assisted suggestions, support review management, process support enquiries, and provide the functionality you request.
We use data to process subscriptions, SMS credit purchases, invoices, and customer portal requests; to detect and prevent fraud, misuse, unauthorised access, and abuse; to monitor performance and reliability; to troubleshoot incidents; and to improve the Service and user experience.
We may also use contact and account information to send service messages, transactional emails, security notices, billing notices, workspace invitations, product updates related to your account, and responses to support requests.
5. Legal bases under UK GDPR
We process personal data where necessary for the performance of a contract with you, including creating accounts, providing subscriptions, syncing connected data, managing workspaces, sending operational communications, and delivering paid features.
We process certain data to comply with legal obligations, including accounting, tax, fraud prevention, law enforcement cooperation, and regulatory record-keeping where applicable.
We also process data where necessary for our legitimate interests, including securing the Service, investigating misuse, improving functionality, keeping audit trails, handling support, and defending legal claims, provided those interests are not overridden by your rights and interests.
Where consent is required by law for particular communications or data uses, we will rely on consent and you may withdraw that consent at any time, though this does not affect prior lawful processing.
6. Third-party providers and sharing
We share personal data with service providers and subprocessors where necessary to run the Service. These may include Google for account connection and business profile functionality, Paddle for subscriptions, one-off purchases, invoicing and billing support, AI model providers for content and response generation, Zendesk for support ticket handling, Resend and Mailgun for email delivery, and Twilio for SMS delivery.
We may also share data with hosting, infrastructure, analytics, security, legal, and professional advisers where reasonably necessary for service delivery, compliance, protection of rights, or corporate administration.
We do not sell your personal data. We may disclose information where required by law, court order, regulatory request, to enforce our terms, to investigate suspected misuse, or in connection with a business reorganisation, sale, or acquisition.
6. Third-party providers and sharing
We share personal data with service providers and subprocessors where necessary to run the Service. These may include Google for account connection and business profile functionality, Paddle for subscriptions, one-off purchases, invoicing and billing support, AI model providers for content and response generation, Zendesk for support ticket handling, Resend and Mailgun for email delivery, and Twilio for SMS delivery.
We may also share data with hosting, infrastructure, analytics, security, legal, and professional advisers where reasonably necessary for service delivery, compliance, protection of rights, or corporate administration.
We do not sell your personal data. We may disclose information where required by law, court order, regulatory request, to enforce our terms, to investigate suspected misuse, or in connection with a business reorganization, sale, or acquisition.
7. Google data and connected account disclosures
If you connect Google services, we access and use relevant Google account and Google Business Profile data only to provide the features you enable, such as listing management, profile sync, insights, posts, media, and review-related workflows.
You can disconnect a Google account within the Service or revoke our access through your Google account permissions. Disconnecting or revoking access may stop some features from functioning and may prevent new sync activity.
We do not use data obtained from Google Workspace APIs to develop, improve, or train generalised AI or machine learning models. Any use of Google-connected data is limited to providing and supporting the user-facing functionality of this Service.
8. AI processing
Where you use AI-assisted features, relevant prompts, business context, draft content, review text, and related instructions may be processed through our AI providers in order to generate suggestions, summaries, or responses within the Service.
AI outputs can contain mistakes or unsuitable recommendations, so users remain responsible for reviewing all generated output before it is used, published, or sent. We do not treat AI outputs as legal, regulatory, or professional advice.
9. Email, SMS, and support data
If you use messaging features, we process recipient contact details, message content, scheduling data, delivery status, transaction or provider identifiers, and related logs in order to send, monitor, and troubleshoot communications.
Support enquiries, feature requests, bug reports, and ticket history may include personal data, business details, attachments, screenshots, and correspondence records so we can respond, investigate, and improve the Service.
10. Cookies, sessions, and local storage
We use cookies and similar technologies, including browser storage and session storage, to keep users signed in, maintain security, remember workspace or interface state, support essential application functionality, and help detect misuse or service issues.
We may also use scripts or embedded services necessary to provide features such as payments, support, review widgets, or marketing/referral tracking where deployed in the application. These technologies may collect technical or interaction data in line with their role in the Service.
Because these technologies are tied to core functionality, disabling them may affect login, checkout, account security, connected integrations, or other parts of the Service.
11. International transfers
Some of our providers may process personal data outside the US. Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place, which may include adequacy regulations, standard contractual clauses, or equivalent lawful transfer mechanisms.
12. Data retention
We retain personal data for as long as reasonably necessary for the purposes set out in this policy, including while your account is active, while we provide the Service, for legitimate business operations, and to meet legal, tax, contractual, fraud prevention, dispute, and record-keeping obligations.
Retention periods vary depending on the type of data, the feature involved, whether the data is needed for support or audit purposes, and whether deletion is requested or required. We may retain limited information after closure where reasonably necessary to comply with law, resolve disputes, enforce agreements, or protect the Service.
13. Your rights
Subject to applicable law, you may have the right to request access to personal data we hold about you, ask for correction of inaccurate data, request deletion, request restriction of processing, object to certain processing, and request portability of data provided by you.
You may also have rights in relation to consent-based processing and to complain if you believe your data protection rights have been infringed. We may need to verify your identity before responding to a request and some rights are subject to legal exceptions.
14. Complaints
If you have concerns about how we handle personal data, please contact us [email protected] so we can reasonably try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters.
15. Changes to this policy
We may update this Privacy Policy from time to time to reflect legal, technical, operational, or product changes. We will publish the latest version on this page and the updated version will apply from its stated effective date.
16. Additions
Disconnect Google access: You can remove connected account access in the app or revoke permissions directly in your Google account settings.
Privacy requests: For access, correction, deletion, or objection requests, email [email protected].
ICO complaints: If you remain unhappy with our response, you may complain to the Information Commissioner's Office.
Terms Of Service
Want to see the Terms and Conditions?
Click below to see what our terms of service are.
© 2025 Locali. All Rights Reserved.