Privacy Policy
How DieselLocal collects, uses, and protects your data
Last updated: May 2026
What Data We Collect
Account and shop information
- User account information (email address, name, hashed password)
- Shop business information (name, phone, address, services offered, operating hours)
- Onboarding and persona data provided during setup
- Subscription and billing information (processed by Stripe)
Google Business Profile data (when connected)
- Business Profile information (name, address, phone, hours, categories, description, photos)
- Google reviews and review metadata (reviewer name, rating, text, date)
- GBP Insights data (search impressions, direction requests, call clicks, website clicks)
- GBP post history and status
- OAuth tokens (encrypted at rest, used only to access the authorized Business Profile)
Google Business Profile data is collected only after the shop owner explicitly connects their Google account through OAuth 2.0 consent.
Usage and analytics data
- Dashboard activity and feature usage
- Review invite send/click tracking
- Aggregated performance metrics
Google Business Profile & OAuth Data Use
DieselLocal's Google API Usage Policy
DieselLocal accesses Google Business Profile data only after an authorized shop owner connects their Google account through standard OAuth 2.0 consent. We request only the scopes necessary to provide the services described below.
How we use Google data
Google Business Profile data is used exclusively to provide the following services requested by the authorized business:
- Profile management: Keeping business hours, services, descriptions, and photos accurate
- Review workflows: Monitoring incoming reviews and drafting responses governed by your consent settings
- Content drafting: Creating GBP posts in the shop's voice — published through an approval workflow by default. Done-for-you automation is available only when you choose that option and authorize the workflow.
- Reporting and dashboard: Providing visibility, performance, and engagement metrics from GBP Insights through the custom dashboard, weekly reports, and monthly statements
- Visibility analysis: Analyzing market and location visibility relative to competitors
What we do NOT do with Google data
- We do not sell Google user data. Not to advertisers, not to data brokers, not to anyone.
- We do not share Google data with unrelated third parties
- We do not use Google data for advertising or profiling
- We do not retain Google data after a user disconnects their account, except as required by law
Publishing and consent controls
DieselLocal never publishes, edits, replies, or changes your Google Business Profile without authorization. Manual approval is the default for all public-facing actions. Done-for-you automation is available only when a shop owner explicitly chooses that option and authorizes the workflow. Even when done-for-you support is selected, DieselLocal preserves shop-owner controls, permissions, visibility, and the ability to review or disable workflows at any time.
All public actions are logged. Shop owners can review, change, or revoke consent settings at any time from their custom dashboard. The dashboard also provides visibility into marketing activity, pending approvals, account permissions, weekly reports, and monthly statements.
Disconnecting Google access
Shop owners can disconnect their Google account at any time through their DieselLocal dashboard settings. Upon disconnection, DieselLocal immediately stops accessing the Google Business Profile and deletes stored OAuth tokens. Cached GBP data is purged within 30 days unless retention is required by law.
Users can also revoke access directly from their Google Account permissions page.
How We Use Your Data
- Providing DieselLocal marketing services, software-assisted workflows, and platform features
- Managing your Google Business Profile workflows (when connected)
- Displaying analytics and performance metrics in your dashboard
- Generating reports (weekly progress, monthly statements)
- Billing and subscription management
- Customer support and troubleshooting
- Product improvements (using aggregated and anonymized data only)
Third-Party Processors
We share data with the following trusted service providers only as necessary to operate the platform:
- Google: Business Profile API access (only for connected accounts via OAuth)
- Supabase: Database hosting and authentication
- Stripe: Payment processing and subscription management
- Twilio: SMS message delivery
- Email service providers: Transactional email delivery
We do not sell, rent, or share your data for marketing purposes with any third party.
Data Security
- All data transmitted over HTTPS/TLS encryption
- Passwords are hashed using industry-standard algorithms
- OAuth tokens are encrypted at rest
- Database encryption at rest
- Row Level Security (RLS) ensures data isolation between shops
- Regular security reviews and updates
Your Data Rights
- Access: View all your data through the DieselLocal dashboard
- Correction: Edit inaccurate data via account settings
- Deletion: Request complete account and data deletion by contacting [email protected]
- Portability: Export your data in standard formats
- Disconnect Google: Revoke Google access at any time through dashboard settings or your Google Account permissions
Data retention
We retain your data as long as your account is active. After account deletion, we retain minimal data for legal and accounting purposes (up to 7 years) and securely delete all other data within 90 days. Google-specific data (OAuth tokens, cached GBP data) is deleted within 30 days of disconnection.
CCPA & GDPR
We comply with applicable privacy regulations including CCPA and GDPR. We do not sell personal data. You have the right to know what data we collect, request deletion, and opt out of any non-essential processing.
SMS & Email Compliance
SMS compliance (TCPA, CTIA)
- All SMS messages include opt-out language
- Shop owners must have prior consent to contact customers
- Messages are only sent to actual service customers
- STOP requests are honored immediately
- Messages are sent during reasonable hours
Email compliance (CAN-SPAM Act)
- Accurate sender identification
- Clear subject lines
- Unsubscribe mechanism in every email
- Unsubscribe requests honored promptly
Questions about privacy or data use?
We are happy to answer any questions about how we handle your data.
Email us at [email protected]