Your Privacy, Our Priority
We are committed to full transparency about how we handle your data. This policy is written in plain English β not legal jargon.
Overview
LocalSEOFlow (βwe,β βus,β or βourβ) operates the website at localseoflow.com and provides an AI-powered image metadata management and Local SEO platform (βthe Serviceβ). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
By accessing or using LocalSEOFlow, you agree to the practices described in this policy. If you disagree with any part of this policy, you must discontinue use of the Service.
Data We Collect
We collect the minimum data necessary to provide our Service. Here is exactly what we collect:
1. Account Data (if you register)
- Email address β for authentication and service communications
- Password β stored as a secure bcrypt hash (never in plaintext)
- Account creation date and last login timestamp
- Subscription plan β Free, Pro, or Ultra tier
2. Usage Data (automatically collected)
- Tool usage counts β how many images processed per month (for plan enforcement)
- IP address β for rate limiting and security abuse prevention
- Browser type and OS β for compatibility and debugging
- Pages visited and time spent β via cookie-free analytics
3. Payment Data (if you subscribe)
- Payment is processed through Stripe β we never see or store your full card number
- We store your Stripe Customer ID and subscription status
4. Communication Data
- Messages you send via our contact form
- Support emails you send to us
How We Use Your Data
We use your data exclusively to provide, improve, and secure the Service:
- Service Delivery β Authenticating your account, processing tool requests, enforcing plan limits
- Billing & Subscriptions β Managing your plan, processing payments via Stripe
- Security β Detecting and preventing fraud, abuse, and unauthorized access
- Service Improvement β Aggregate, anonymized usage analytics to improve tool performance
- Communications β Sending essential service notifications (password resets, billing alerts)
- Legal Compliance β Meeting our obligations under GDPR, CCPA, and applicable law
We do not use your data for advertising, profiling, or selling to third parties.
Data Sharing
We do not sell, rent, or trade your personal data. We share data only in these limited cases:
1. Service Providers (Sub-processors)
- Supabase β Database and authentication (EU servers available)
- Stripe β Payment processing (PCI DSS Level 1 certified)
- Google Gemini API β AI-powered content generation (no personal data transmitted)
- Vercel β Hosting and edge deployment
2. Legal Requirements
We may disclose your data if required by law, court order, or to protect the rights, property, or safety of LocalSEOFlow, our users, or the public.
3. Business Transfers
In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you with 30 daysβ advance notice.
Data Storage & Security
We take data security seriously and implement industry-leading measures:
- Encryption in transit β All data transferred over TLS 1.3
- Encryption at rest β Database is encrypted using AES-256
- Password hashing β bcrypt with a minimum cost factor of 12
- Access control β Principle of least privilege enforced for all internal systems
- Rate limiting β All API endpoints are protected against brute-force attacks
- Security headers β CSP, HSTS, X-Frame-Options, and more
Data Retention: Account data is retained while your account is active. You can request deletion at any time. Usage logs are retained for 90 days for security purposes.
Your Rights
Under GDPR (for EU/EEA residents) and CCPA (for California residents), you have the following rights:
Request a copy of all personal data we hold about you
Correct inaccurate or incomplete data
Request deletion of your account and all associated data
Receive your data in a machine-readable format
Object to processing based on legitimate interests
Restrict processing in certain circumstances
To exercise any of these rights, email us at privacy@localseoflow.com. We will respond within 30 days (GDPR requirement).
Third-Party Services
Our Service integrates with the following external services. Each has its own privacy policy:
Children's Privacy
LocalSEOFlow is not directed at children under the age of 13 (or 16 in the EU under GDPR). We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us immediately at privacy@localseoflow.com and we will delete it promptly.
Policy Changes
We may update this Privacy Policy periodically. When we make material changes, we will:
- Update the βLast Updatedβ date at the top of this page
- Send an email notification to registered users
- Display a prominent notice on our website
We recommend reviewing this policy annually. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions, requests, or complaints:
LocalSEOFlow Privacy Team
π§ Email: privacy@localseoflow.com
β±οΈ Response time: Within 30 days (GDPR compliant)
π Website: Contact Form
If you are in the EU and feel your rights have not been respected, you have the right to lodge a complaint with your local Data Protection Authority (DPA).