Privacy Policy
Last updated: May 9, 2026
GBP Wizard (“we,” “our,” or “us”) is operated by Rocket SBS. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform at gbpwizard.com.
1. Information we collect
We collect the following categories of information:
Account information
When you create an account, we collect your email address, full name, and password (stored as a secure hash via Supabase Auth). If you sign in with Google OAuth, we receive your Google account email and name.
Business information
To audit and manage your Google Business Profile, we collect your business name, address, phone number, website URL, business categories, hours, description, and any other profile data you enter or that we retrieve from Google's APIs on your behalf.
Google Business Profile data
When you connect your GBP account via OAuth, we store an encrypted access token (AES-256-GCM) that allows us to read and write your GBP listing on your behalf. We use this to fetch performance metrics (impressions, calls, website clicks, direction requests, photo views) and to push approved changes to your listing.
Payment information
Billing is handled entirely by Stripe. We do not store your credit card number, CVV, or bank details. We receive and store a Stripe customer ID, subscription ID, and plan status.
Usage data
We collect information about how you interact with our platform, including pages visited, features used, and actions taken. This is collected via PostHog analytics (only for authenticated users).
Communications
If you contact us, we store your name, email address, and message content.
2. How we use your information
- To provide, operate, and improve the GBP Wizard service
- To calculate your GBP health score and generate optimization tasks
- To push approved changes to your Google Business Profile via the GBP API
- To process payments and manage your subscription via Stripe
- To send transactional communications (score improvements, alerts, monthly reports) via GoHighLevel
- To analyze usage patterns and improve our product via PostHog
- To detect and prevent fraud, abuse, and security incidents
- To respond to your support requests and inquiries
- To comply with legal obligations
We do not sell your personal data to third parties. We do not use your data to train AI models.
3. Third-party services
We use the following third-party services to operate our platform:
| Service | Purpose | Privacy policy |
|---|---|---|
| Supabase | Database, authentication, file storage | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| GBP API, OAuth, Maps | policies.google.com/privacy | |
| PostHog | Product analytics (authenticated users) | posthog.com/privacy |
| GoHighLevel | Email and SMS communications | www.gohighlevel.com/privacy-policy |
| Anthropic | AI-generated suggestions (server-side) | anthropic.com/privacy |
| Sentry | Error tracking and monitoring | sentry.io/privacy |
| Vercel | Hosting and edge delivery | vercel.com/legal/privacy-policy |
4. Data retention
We retain your data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g., billing records, which are retained for 7 years).
GBP performance metrics are retained on a rolling 36-month window and automatically purged beyond that point.
5. Data security
We use industry-standard security measures including:
- AES-256-GCM encryption for all Google OAuth tokens at rest
- TLS 1.2+ for all data in transit
- Row-level security policies on all database tables
- Supabase's SOC 2 Type II compliant infrastructure
No method of transmission or storage is 100% secure. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
6. Your rights
Depending on your location, you may have the right to:
- Access a copy of the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and data
- Object to or restrict certain processing
- Data portability (export your data in machine-readable format)
To exercise any of these rights, email us at privacy@gbpwizard.ai.
7. Cookies
We use cookies for authentication, preferences, and analytics. See our Cookie Policy for details.
8. Children's privacy
GBP Wizard is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 14 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.