Privacy Policy
Last updated: June 18, 2026
This Privacy Policy describes how LocalPatron collects, uses and protects the personal data of users of the localpatron.app platform, in compliance with the General Data Protection Regulation (GDPR — EU 2016/679) and, for users based in the United Kingdom, the UK GDPR (Data Protection Act 2018).
1. Data Controller
Fabrice Dal Maso — LocalPatron
Self-employed (Autónomo) · Tax ID: Z0414929Z
Calle Zurbaran 22, 03187 Los Montesinos, Alicante, Spain
[email protected]
2. Data Collected
| Category | Data | Source |
|---|---|---|
| User account | Email address, password (hashed — never stored in clear text) | Directly by the user |
| Establishment | Name, city, sector, SEO keywords, preferred tone, description (optional) | Directly by the user |
| Google Reviews | Author (public Google name), rating, content, date — public data from your listing | Google Business Profile API (after OAuth connection) |
| Google OAuth Token | OAuth 2.0 access and refresh tokens (AES-256-GCM encrypted, server-side only) | Google API at login |
| Generated responses | Response content, SEO score, status (draft / validated / published), dates | Generated by the AI service from reviews |
| Usage | Actions performed, number of AI generations used | Automatically during use |
| Payment | Stripe customer identifier (we never store card data) | Stripe |
2bis. Workspace Collaborator Data
LocalPatron supports multi-establishment management through Workspaces with differentiated roles (Admin / Manager / Viewer). When an account holder (Admin) invites collaborators, the following data is collected:
- Email address (for invitation and authentication)
- Actions performed in the Workspace (usage logs — legal basis: legitimate interest, art. 6.1.f GDPR)
Responsibility: LocalPatron acts as data processor with respect to the personal data of invited collaborators. The Admin is responsible for informing their collaborators about this processing.
Invited collaborators have the same GDPR rights as the account holder (access, rectification, erasure, portability) and may exercise them at [email protected]. Their data is deleted upon closure of the Admin's account or upon removal from the Workspace, whichever occurs first.
3. Purposes and Legal Bases
| Purpose | Legal basis (GDPR / UK GDPR art. 6) |
|---|---|
| Service provision (generating suggestions, publishing after validation) | Performance of contract (art. 6.1.b) |
| Transmitting review content to AI generation service | Performance of contract (art. 6.1.b) |
| Subscription management and billing | Performance of contract (art. 6.1.b) |
| Security and fraud prevention | Legitimate interest (art. 6.1.f) |
| Push notifications (if enabled) | Explicit consent (art. 6.1.a) |
| Service improvement (anonymised usage logs) | Legitimate interest (art. 6.1.f) |
| Legal and accounting obligations | Legal obligation (art. 6.1.c) |
LocalPatron uses Groq Inc. (primary AI provider, llama-3.3-70b-versatile), Anthropic PBC (automatic failover and specialised tasks, claude-haiku-4-5-20251001 and claude-sonnet-4-6), and Google LLC (Gemini 2.0 Flash, image analysis, multilingual translation, and review fraud detection). Data transmitted is minimal: anonymised review content, sector, keywords, establishment name. No provider uses transmitted data to train AI models.
3.1 GDPR Direct Identifier Masking Module
Before any textual content is transmitted to AI APIs, LocalPatron automatically detects and masks: email addresses, phone numbers, IBAN numbers, and bank card numbers. Note: reviewer names (public Google data, already visible to all) are not masked — only direct private identifiers are processed.
3.2 AI Transparency (EU AI Act — Article 50)
In accordance with Article 50 of the EU AI Act (Regulation (EU) 2024/1689), LocalPatron informs users that response suggestions, photo descriptions, posts and service descriptions are generated by artificial intelligence systems. These contents are labelled as such in the interface before any validation. The user retains full control and is solely responsible for content they choose to publish.
4. Retention Periods
| Data | Period |
|---|---|
| Active user account | Duration of subscription + 30 days after cancellation |
| Account on seasonal pause | Same as active account — all data is retained in full during the pause period (1 to 3 months). No deletion is performed. |
| Google OAuth Token | Duration of active connection — immediate deletion upon disconnection |
| Imported Google Reviews | Duration of active subscription — cascade deletion upon account closure |
| Usage logs (usage_logs) | 12 months (automatic monthly deletion) |
| GBP audit logs (gbp_api_logs) | 90 days (automatic monthly deletion) |
| Import jobs (import_jobs) | 30 days after completion (automatic monthly deletion) |
| Consent logs (consent_logs) | Duration of active subscription + 5 years after cancellation (legal proof — EU AI Act art. 50 — statute of limitations for contractual claims under Spanish law, art. 1964 CC) |
| Email history (user_email_history) | Duration of account — cascade deletion upon closure. Protection against fraudulent reuse of free trial periods. |
| Used trial emails (trial_used_emails) | Salted hash (SHA-256, email never stored in clear text) — 24 months from last use, then automatic deletion — legal basis: legitimate interest (prevention of free trial abuse, GDPR art. 6.1.f), under the exception of art. 17.3 GDPR. |
| Billing data | 6 years (Spanish accounting obligation) |
5. Sub-processors
We use: Supabase (database, US — SCC), Groq Inc. (AI — primary, US — SCC), Anthropic PBC (AI — failover and specialised tasks, US — SCC), Google LLC / Gemini 2.0 Flash (AI — image analysis, translation, fraud detection, US — DPF certified), PostHog EU (analytics — loaded only after explicit consent, disabled by default, EU servers — no transfer), Google LLC / API Business Profile (publishing validated responses, US — DPF certified), Stripe (payments, US/Ireland — DPF certified), Cloudflare (hosting, US — DPF certified), Resend (emails, US — DPF certified), LogSnag (business event monitoring — anonymised workspace identifiers only, no personal data, US — SCC as fallback), Google LLC / Maps Geocoding API (establishment geocoding — city name only, no personal data, US — DPF certified). All act as data processors under GDPR. Transfers outside the EU are covered by EU-US Data Privacy Framework certification (Google, Stripe, Cloudflare, Resend) or EU Standard Contractual Clauses — Commission Decision 2021/914 (Supabase, Groq, Anthropic). DPF certifications are reverified annually at dataprivacyframework.gov.
The right of erasure does not apply to fraud-prevention hashes (trial_used_emails), retained pursuant to art. 17.3 GDPR; these do not directly identify you and are automatically deleted 24 months after last use.
6. Google Business Profile Data
OAuth scope requested: https://www.googleapis.com/auth/business.manage. Your access token is encrypted at rest (AES-256-GCM), stored server-side only, automatically renewed before expiry, and immediately deleted upon disconnection.
Google API Compliance: LocalPatron's use of information received through Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements. See developers.google.com/terms/api-services-user-data-policy.
7. Your Rights
Under GDPR / UK GDPR, you have the right to: access, rectification, erasure («right to be forgotten»), portability, objection, restriction of processing, and withdrawal of consent.
Data portability: you may request an export of your data (generated responses, audits, establishment configuration) in JSON format at [email protected]. This export is provided within 30 days of the request, in accordance with Article 20 of the GDPR / UK GDPR.
To exercise these rights: [email protected]. You may also lodge a complaint with the AEPD (Spanish Data Protection Agency): www.aepd.es. If you are based in the United Kingdom, you may also lodge a complaint with the ICO (Information Commissioner's Office): ico.org.uk.
Exception — fraud-prevention hashes: the right of erasure does not apply to the trial_used_emails table, which stores only irreversible salted hashes (no email in clear text) retained solely to prevent abuse of free trial periods, pursuant to art. 17.3 GDPR. These hashes are automatically deleted 24 months after last use.
8. Cookies
LocalPatron uses: session cookie (Supabase, strictly necessary for operation — legal basis: art. 6.1.b GDPR), PostHog Analytics (statistical analysis, EU servers — legal basis: your prior consent, art. 6.1.a GDPR — opt-in only, disabled by default, not loaded until you accept), and Cloudflare Web Analytics (aggregated anonymous performance data, no cookie, no personal data). No advertising cookies. No advertising trackers. You can withdraw your analytics consent at any time by clearing your browser's local storage entry lp_analytics_consent.
9. Security
We apply: HTTPS/TLS 1.3 encryption in transit and at rest, Row Level Security (RLS) in Supabase, bcrypt password hashing, API keys never exposed client-side, and AES-256-GCM token encryption.
10. Changes
Any material changes to this policy will be notified by email at least 30 days before taking effect.
11. Data Protection Impact Assessment and DPO
LocalPatron has assessed the risks associated with its personal data processing activities, in particular those relating to the Google OAuth token and consent logs. Given the volume of data processed and the profile of users (B2B professionals), LocalPatron considers that the conditions requiring mandatory designation of a Data Protection Officer (DPO) under art. 37 GDPR are not met. This assessment is reviewed annually or whenever substantial changes are made to processing activities.