PageLeap Logo
Home

Privacy Policy

Effective Date: April 21, 2026
Last Updated: April 21, 2026

This Privacy Policy describes how PageLeap LLC ("PageLeap," "we," "us," or "our") collects, uses, shares, and safeguards information in connection with the PageLeap website at pageleap.com, the PageLeap Local Advisor service, the PageLeap admin and brand dashboards, the Intent Stack suite, and any related APIs, embeds, or tools (collectively, the "Services").

If you use the Services on behalf of a business you represent, you agree to this policy on behalf of that business. If you do not agree, do not use the Services.

1. Scope and Categories of Data

This policy covers three categories of personal information, each handled differently:

  • Visitor Data — information collected when anyone visits a PageLeap-hosted page, including landing pages we build on behalf of our customers.
  • Customer Account Data — information about the businesses and individuals who sign up for a PageLeap dashboard, brand portal, or Intent Stack subscription.
  • Google User Data — information we access from Google APIs when a customer connects their Google Business Profile (and in the future, other Google services) to PageLeap. Google User Data is treated with heightened restrictions as described in Sections 5 and 6.

2. Information We Collect from Visitors

2.1 Information You Provide

  • Reviews and feedback: name, rating, review text, and optional email hash or order reference you submit to identify yourself as a verified buyer.
  • Catering and contact forms: name, email, phone, event date, party size, and any notes you include.
  • Correspondence: messages you send to privacy@pageleap.com or other PageLeap addresses.

2.2 Information Collected Automatically

  • Device and connection: IP address, user agent, browser type, operating system, referrer URL.
  • Usage: pages viewed, time on page, interaction events, search queries inside the Services.
  • Cookies and similar technologies: see Section 9.

3. Information We Collect from Customer Accounts

When a business or individual signs up for a PageLeap dashboard or brand portal, we collect:

  • Account details: name, email address, role, company name, password hash (if not using social sign-in).
  • Billing information: handled by our payment processor; we store the minimum required to associate a subscription with an account.
  • Content you enter into the dashboard: reply drafts, moderation decisions, location metadata, menus, catering rules, event listings, and related operational content.
  • Audit trail: a record of material actions you take inside the dashboard (see the sp_review_audit trail and equivalent logs) to support security, support, and compliance requests.

4. Information from Third Parties

  • Authentication providers (e.g., Google Sign-In) — basic profile information to create or authenticate your account.
  • Analytics providers (e.g., Google Analytics, PostHog, Matomo) — aggregated usage metrics.
  • Ordering, review, and location platforms that customers authorize — see Section 5.

5. Google User Data: Google Business Profile and Related Services

When a customer connects a Google Business Profile (or any other Google service we integrate with) through the PageLeap dashboard, we access a limited set of data from Google APIs on that customer's behalf. This data is collectively referred to as "Google User Data." What follows explains what we access, why, how long we keep it, and how to revoke it.

5.1 Google APIs and Scopes We Request

  • Google Business Profile API (scope https://www.googleapis.com/auth/business.manage) — required to list locations owned by the connecting user, retrieve Google reviews posted about those locations, post and edit owner replies to those reviews, and delete owner replies. We request no broader scope than necessary to operate the review-management and location-management features the customer activates.
  • Google Sign-In (scopes openid, email, profile) — for account authentication only.

5.2 Google User Data We Receive and Store

  • Google account identifier, display name, email address, and profile photo URL of the connecting user.
  • Google Business Profile location data: location name, address, phone, hours, categories, place ID.
  • Google reviews attached to those locations, including reviewer display name, rating, text, language, and timestamps.
  • Owner replies to those reviews, including text and timestamps.
  • OAuth refresh and access tokens associated with the connecting user.

5.3 How We Use Google User Data

  • To display Google reviews and owner replies inside the customer's PageLeap dashboard and on the corresponding PageLeap-hosted landing pages that the customer controls.
  • To let the customer compose, edit, submit, approve, reject, post, and delete owner replies to Google reviews through the dashboard, with each action written back to Google via the Google Business Profile API.
  • To produce aggregated review metrics (star average, review count, reply rate) for the customer's own reporting.
  • To verify the authenticity of first-party PageLeap reviews by matching hashed email addresses against connected Google order records, where the customer has enabled that feature and their order platform supports it.

5.4 How We Do Not Use Google User Data

  • We do not use Google User Data to serve advertising, including retargeting, personalized, or interest-based advertising.
  • We do not sell, rent, or transfer Google User Data to data brokers or information resellers.
  • We do not use Google User Data to train, fine-tune, or evaluate generalized artificial intelligence or machine learning models.
  • We do not allow humans to read Google User Data except (a) with the connecting user's explicit consent for specific content, (b) where strictly necessary for security investigations or to comply with applicable law, or (c) where the data has been aggregated and anonymized such that individual users cannot be identified.

5.5 Retention of Google User Data

  • OAuth refresh tokens: stored encrypted at rest; deleted immediately when the customer disconnects their Google account, revokes access at myaccount.google.com/permissions, or closes their PageLeap account.
  • Google reviews and owner replies: cached for no more than 30 days after last retrieval, consistent with the Google Maps Platform / Business Profile caching limits. Cached copies are refreshed on each sync and deleted within 30 days of account disconnection.
  • Location metadata: retained only while the connection is active and for up to 90 days after disconnection for support and audit purposes, after which it is deleted.

5.6 How to Revoke Access and Delete Google User Data

  • Disconnect Google Business Profile inside the PageLeap dashboard under Account → Integrations.
  • Revoke PageLeap's access directly at myaccount.google.com/permissions.
  • Email privacy@pageleap.com to request full deletion of any Google User Data PageLeap holds about you. We will confirm deletion within 30 days.

6. Google API Services: Limited Use Commitment

PageLeap's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. How We Use Information (Other Than Google User Data)

  • Operate, maintain, and improve the Services.
  • Authenticate users and secure accounts.
  • Provide customer support and respond to requests.
  • Measure and understand how the Services are used, in aggregate.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms.
  • Send operational communications (account, billing, security) and, where you have opted in, marketing messages you can unsubscribe from at any time.
  • Comply with legal obligations and enforce our agreements.

8. How We Share Information

We do not sell personal information. We share information only as follows:

  • With subprocessors that host, operate, or secure the Services under written data-processing agreements (see Section 11).
  • With your instruction — for example, we send your owner replies back to Google when you click Post.
  • For legal reasons — to comply with law, respond to valid legal process, enforce our Terms, or protect the rights, safety, or property of PageLeap, our users, or the public.
  • In a business transfer — in connection with a merger, acquisition, financing, or sale of assets, subject to the acquirer honoring this policy for the transferred data.

We do not share Google User Data with advertising partners, analytics providers, retargeting networks, data brokers, or third-party AI model trainers. Advertising tooling described elsewhere in this policy applies only to pageleap.com marketing surfaces and does not draw on Google User Data.

9. Cookies and Tracking

We use cookies and similar technologies for three purposes:

  • Essential cookies for session management, authentication, and CSRF protection on the dashboards.
  • Analytics cookies (Google Analytics, PostHog, Matomo) to understand aggregate usage of pageleap.com marketing pages and the dashboard.
  • Marketing cookies on pageleap.com marketing pages only (not on customer-operated dashboards or landing pages) for retargeting PageLeap prospects.

Cookies set on pageleap.com marketing surfaces do not read, write, or otherwise interact with Google User Data. You can manage cookies through your browser settings or through our cookie preferences link in the footer.

10. Security

  • All traffic to and from the Services is encrypted in transit using TLS 1.2 or higher.
  • OAuth refresh tokens and other sensitive credentials are stored encrypted at rest.
  • Access to production systems is limited to a short list of named PageLeap personnel, uses multi-factor authentication, and is logged.
  • Human access to Google User Data is limited to the purposes described in Section 5.4 and is audited.
  • We run vulnerability scans and apply security patches on a scheduled basis, and we maintain an incident-response process that includes notification to affected customers and regulators as required.

11. Subprocessors

We engage the following categories of subprocessors. A current named list is available on request to privacy@pageleap.com.

  • Infrastructure and hosting (compute, storage, CDN).
  • Transactional email and notifications.
  • Analytics (Google Analytics, PostHog, Matomo).
  • Payment processing.
  • AI providers used to draft owner reply suggestions at the customer's request. Prompt inputs sent to these providers exclude OAuth tokens and are subject to each provider's enterprise no-training terms where available.
  • Security, logging, and uptime monitoring.

12. Your Rights and Choices

Depending on your location (California, EEA, UK, and other jurisdictions), you may have rights that include:

  • Access to the personal information we hold about you.
  • Correction of inaccurate information.
  • Deletion of your information, subject to legal exceptions.
  • Portability of information in a machine-readable format.
  • Opt-out of marketing communications and of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).
  • Revocation of Google API access, as described in Section 5.6.

To exercise any right, email privacy@pageleap.com. We respond within 30 days.

13. Account Deletion and Data Retention

  • Account deletion: email privacy@pageleap.com from the address on your account, or use the in-dashboard delete flow where available.
  • On deletion we remove account credentials, OAuth tokens, and personal profile fields within 30 days. Audit logs, billing records, and content that has been made public through our customers' landing pages are retained on the schedules required by law or by our contractual obligations to the customer whose pages they appear on.

14. Children

The Services are not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact privacy@pageleap.com and we will delete it.

15. International Transfers

PageLeap is based in the United States and our infrastructure and subprocessors are primarily located in the United States. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States. We use Standard Contractual Clauses or equivalent safeguards for transfers of personal information from the EEA, UK, and Switzerland.

16. Changes to This Policy

We may update this policy from time to time. We will post the revised policy with a new Effective Date and, for material changes, provide notice by email to the address on your account or via the dashboard before the change takes effect.

17. Contact

Privacy questions, data requests, or Google User Data deletion requests:
privacy@pageleap.com

General business contact:
will@pageleap.com

PageLeap LLC · United States