Legal

Privacy Policy

Last updated: March 2026 · Effective: March 2026 · Sidekick LLC, Malden, MA

Profile Sidekick is a Google Business Profile management service. This policy describes how we collect, use, store, and protect data — including Google user data accessed via OAuth 2.0 and the Google Business Profile API. We take your privacy seriously. We do not sell your data. We do not share your data with third parties except as required to provide the service.

1. Who we are

Profile Sidekick is operated by Sidekick LLC, a Massachusetts single-member LLC. Our principal place of business is Malden, Massachusetts. You can contact us at anthony@profilesidekick.com or through our website at profilesidekick.com.

2. What data we collect

We collect the minimum data necessary to provide the service.

Account data: Your name and email address, provided when you create an account.

Google user data (via OAuth 2.0): With your explicit authorization, we access the following data from the Google Business Profile API:

Your Google Business Profile information: business name, address, phone number, website, hours of operation, business categories, and profile attributes
Your Google Business Profile posts (published and draft)
Customer reviews posted on your Google Business Profile, including review text, ratings, and reviewer display names
Your existing review responses
Customer questions and answers on your Google Business Profile
Performance metrics: profile impressions, clicks, calls, direction requests, and search keyword data provided by the GBP Performance API
Google-suggested profile updates surfaced via the getGoogleUpdated endpoint

We do not access: Your Gmail, Google Drive, Google Photos, Google Calendar, personal Google account information, or any Google service other than Google Business Profile.

Payment data: Billing is handled entirely by Stripe. We do not store credit card numbers or payment credentials. We receive confirmation of successful payments from Stripe.

Usage data: We log the actions Profile Sidekick takes on your behalf (posts published, reviews responded to, profile updates made) for your activity history and our internal operations.

3. How we use Google user data

We use Google Business Profile data for the following specific purposes only:

Publishing posts: We use the GBP Posts API (localPosts.create) to publish weekly posts to your profile on your behalf
Responding to reviews: We use the GBP Reviews API (reviews.updateReply) to post responses to customer reviews on your behalf, subject to your approval settings
Updating profile information: We use the Business Information API (locations.patch, locations.updateAttributes) to keep your profile complete and accurate
Monitoring for unauthorized changes: We use locations.getGoogleUpdated to detect when Google has altered your profile data without your authorization, and alert you
Answering customer questions: We use the Q&A API (questions.answers.upsert) to post answers to customer questions on your behalf
Generating your monthly performance report: We use the GBP Performance API (locations.getDailyMetricsTimeSeries) to retrieve your profile's performance metrics

We do not use Google user data for advertising, profiling, training machine learning models, or any purpose other than providing the Profile Sidekick service to you.

4. How we store and protect your data

OAuth tokens: Your Google OAuth 2.0 access and refresh tokens are stored encrypted in Google Cloud Secret Manager. They are never stored in plaintext, never in environment variables, and never in application code.

Profile data: Your business profile data is stored in Google Cloud Firestore, a managed database service operated by Google Cloud. Data is stored in the United States (us-central1 region). Access is restricted to authenticated Profile Sidekick systems acting on your behalf.

Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256, managed by Google Cloud).

Access controls: Only Profile Sidekick's automated systems and, where necessary for support, the company operator (Anthony, Sidekick LLC) can access your data. We do not employ third-party contractors who have access to your Google data.

5. Data sharing and third parties

We do not sell your data. We do not share your Google user data with third parties except:

Google: All GBP API calls are made to Google's servers. Google's own privacy policy governs Google's use of that data
Stripe: Payment processing only. Stripe does not receive Google user data
Anthropic (Claude API): We use Anthropic's Claude API to generate post content and review responses. We pass your business name, category, and relevant context to the API. We do not pass personally identifiable information about your customers. Anthropic's privacy policy governs their use of API inputs
Google Cloud Platform: Our infrastructure provider. Your data is hosted on GCP. Google's cloud services privacy terms apply
Legal requirements: We may disclose data if required by law, court order, or to protect the rights and safety of Profile Sidekick or its users

6. Your rights and controls

Revoking Google access: You can revoke Profile Sidekick's access to your Google account at any time by visiting myaccount.google.com/permissions and removing Profile Sidekick. Revoking access immediately stops all automated actions on your profile.

Cancelling your account: You can cancel your Profile Sidekick account at any time from your dashboard or by emailing anthony@profilesidekick.com. There are no cancellation fees.

Data deletion: Upon cancellation, we will delete your stored Google data within 30 days. To request immediate deletion, email anthony@profilesidekick.com with the subject line "Data deletion request."

Data access: You may request a copy of the data Profile Sidekick holds about you by emailing anthony@profilesidekick.com. We will respond within 10 business days.

7. Data retention

We retain your account data and activity history for as long as your account is active. We retain performance metrics and post history to provide you with historical reporting. Upon account cancellation, all Google user data is deleted within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely.

8. Cookies and tracking

Our marketing website (profilesidekick.com) does not use tracking cookies or third-party analytics at this time. Our application uses session cookies strictly necessary to maintain your login state. We do not use advertising cookies or cross-site tracking.

9. Children's privacy

Profile Sidekick is a business tool intended for adults operating registered businesses. We do not knowingly collect data from individuals under 18 years of age.

10. Changes to this policy

We will notify you of material changes to this Privacy Policy by email at the address associated with your account, at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

11. Contact

For any privacy questions, data requests, or concerns, contact:

Anthony
Sidekick LLC
Malden, Massachusetts
anthony@profilesidekick.com