Privacy Policy

2. What We Collect

Account information

When you sign in via Google OAuth, Google passes us your name and email address. That's all they share with us, and it's all we need to create your account. We don't receive your Google password, contact list, calendar, or anything else.

Billing information

All payments are processed by Stripe. When you enter card details at checkout, that information goes directly to Stripe — we never see, store, or log your card number, CVV, or expiry date. We do store your Stripe customer ID, your current plan, and a record of past invoices so you can review your billing history.

Usage data

We log activity inside the product: searches run, leads collected this month, exports downloaded, features used, and your current quota usage. We use this to enforce plan limits, show you your history in the dashboard, and understand which parts of the product are actually useful.

Chrome extension activity

The Local Leads extension runs inside your browser only when you're actively using it on a Google Maps search page — after you click “Start Scrape.” It reads publicly visible business listings from the page (the same information anyone can see) and sends them to our servers to be stored in your account. The extension does not run in the background, does not read other tabs, and does not collect any data about your browsing outside of Google Maps searches you explicitly start.

Lead data

The business listings the extension collects — names, addresses, phone numbers, websites, review counts, categories — are stored in your account's lead database. This is the core of what the service does. Every piece of this information is publicly visible on Google Maps; the extension just saves it so you don't have to copy it manually.

Technical data

We collect standard server-side information: IP address, browser type, and operating system. We use this for debugging (it helps us reproduce issues when something breaks) and for detecting unusual or abusive usage patterns.

3. How We Use Your Data

We use the data we collect to:

• Create and manage your account
• Run the service — store your leads, enforce quotas, power the dashboard
• Process billing through Stripe
• Send you important account emails: receipts, billing alerts, major policy changes
• Respond to support requests and fix bugs you report
• Detect and prevent abuse, quota gaming, or service misuse
• Understand how the product is used so we can improve it

We don't use your data to train AI models. We don't use it for advertising. We don't build behavioral profiles to sell. The data you put into Local Leads stays in Local Leads.

4. Who We Share Your Data With

We don't sell your data. We only share it with the vendors that are strictly necessary to run the service. Here's exactly who sees what:

We may share data if legally required — for example, in response to a valid court order or law enforcement request. If Developios is acquired or goes through a significant business change, your data may transfer to the new operator. We'll notify you before that happens.

5. Cookies & Local Storage

We only use cookies for what's strictly necessary:

• Authentication session cookie — keeps you logged in between page loads. It's cleared when you sign out.
• Lightweight preferences — small values stored in browser local storage (like your last filter state in the dashboard) so the app feels consistent between sessions.

We don't run advertising cookies, Facebook Pixel, Google Ads remarketing, or any third-party behavioral tracking. None.

6. The Lead Data You Collect

This section is worth reading carefully. The business contact information your extension collects is publicly available on Google Maps — we're providing the infrastructure to gather and organize it, but how you use it is entirely your responsibility.

You are responsible for using lead data in compliance with applicable law, including:

• CAN-SPAM Act (USA) — governs commercial email
• GDPR (EU/UK) — governs personal data of EU and UK residents
• CCPA (California) — California consumer privacy rights
• TCPA (USA) — governs cold calling and SMS
• Any other local privacy, anti-spam, or consumer protection laws that apply to your jurisdiction or audience

In practice: don't send spam, don't cold-call people who have opted out, and be transparent about where you got someone 's contact information if they ask. Local Leads is a tool for legitimate outreach — use it that way.

7. Data Retention

We keep your account data and leads for as long as your account is active. If you delete your account, we permanently remove your personal information and lead database within 30 days of the deletion request. We don't keep shadow copies.

Aggregated, anonymized statistics — things like “total leads collected in May” — may be retained indefinitely. This data cannot identify you.

Billing records (invoices, payment history) are retained for 7 years as required by standard accounting regulations. This is a legal obligation, not a choice.

8. Your Rights

Depending on where you live, you may have the right to:

• Access — request a copy of the data we hold about you
• Correct — update inaccurate information associated with your account
• Delete — ask us to remove your account and all associated data
• Export — get your lead data in a portable format (CSV export is available directly in the app at any time)
• Object to processing — opt out of non-essential communications

To exercise any of these rights, email hello@developios.com. We'll respond within 30 days. We may need to verify your identity before acting on a request — this is to protect you, not to create friction.

9. Data Security

We use industry-standard practices to protect your data:

• All data is transmitted over HTTPS — always encrypted in transit
• Passwords are never stored — sign-in is handled entirely by Google OAuth
• Our database uses row-level security (RLS), which means your data is only accessible to your account — not other users, not our internal tools, unless you explicitly grant access
• Stripe handles all payment card data under full PCI DSS compliance

No system is perfectly secure, and we won't pretend otherwise. If we ever discover a breach that affects your data, we will notify you promptly — not bury it.

10. Children's Privacy

Local Leads is a business tool designed for adults. We don't knowingly collect data from anyone under 18. If you believe we have inadvertently received data from a minor, contact us at hello@developios.com and we'll delete it immediately.

11. International Data Transfers

Our infrastructure runs on Supabase and Vercel, which may process data in the United States or the European Union. If you're located in the EU or UK, your data may be transferred outside the EEA. Supabase provides appropriate safeguards for such transfers, including Standard Contractual Clauses where required.

12. Changes to This Policy

If we make material changes — collecting new types of data, sharing with new parties, or anything that meaningfully affects your rights — we'll notify you by email and with an in-app notice at least 14 days before those changes take effect.

Minor clarifications (fixing a typo, rewording something without changing its meaning) may be updated without notice. The “Last updated” date at the top of this page always reflects the current version.

13. Contact

Privacy questions, data access requests, or deletion requests — email hello@developios.com. You can also reach us through the contact form.