GPBBoostSign in

Privacy Policy

Last updated: April 2, 2026

1. Information We Collect

When you use GPB Boost, we collect the following information:

  • Account information: Your name, email address, and profile photo from your Google account when you sign in.
  • Google Business Profile data: Business names, locations, and post history accessed via the Google Business Profile API on your behalf.
  • Usage data: Post generation history, scheduling activity, and feature usage to improve the product.
  • Billing data: Subscription and payment information processed by Stripe. We do not store full card numbers.
  • Lead capture data: Email addresses voluntarily submitted through the free post generator.

2. How We Use Your Information

  • To authenticate your account and connect to your Google Business Profile.
  • To generate and schedule posts to your Google Business Profile locations.
  • To process subscription payments and manage your billing.
  • To send product updates and important account notifications.
  • To improve the AI post generation quality and product features.

3. Google Data Usage

GPB Boost requests access to your Google Business Profile solely to read your business locations and create posts on your behalf. We do not access, read, or modify any other Google account data. Your Google OAuth tokens are stored securely and are never exposed to the browser.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Sharing

We do not sell your personal data. We share data only with the following service providers:

  • Stripe — payment processing and subscription management.
  • Neon / PostgreSQL — secure database hosting for account and subscription data.
  • Anthropic — AI post generation (business name, type, and topic only; no personal data).
  • Vercel — application hosting and serverless infrastructure.

5. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription and request account deletion, we will delete your personal data within 30 days, except where retention is required by law.

6. Security

We use industry-standard security practices including encrypted connections (HTTPS), secure token storage, and access controls. OAuth tokens are stored in signed, server-side JWTs and never exposed to client-side JavaScript.

7. Your Rights

You may at any time:

  • Request a copy of the data we hold about you.
  • Request correction or deletion of your personal data.
  • Revoke Google OAuth access from your Google account settings.
  • Cancel your subscription via the billing portal.

To exercise any of these rights, email hello@gpbboost.com.

8. Cookies

We use a single session cookie for authentication (NextAuth.js). We do not use third-party advertising or tracking cookies.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or an in-app notice. Continued use of GPB Boost after changes constitutes acceptance.

10. Contact

Questions about this policy? Contact us at hello@gpbboost.com.

Terms of ServiceBack to Home