MyLocalGrowth Logo
Features Pricing FAQ Login Start 14-Day Free Trial

Privacy Policy

Last Updated: May 5, 2025

1. Introduction

MyLocalGrowth (operated by 9x Innovations LLC, “9x Innovations,” “we,” “our,” or “us”) is committed to protecting the privacy of individuals who visit our websites, use our GMB (Google Business Profile, formerly Google My Business) management software-as-a-service platform, and associated services (collectively, the “Service”). This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect your Personal Information and your rights in relation to this information.

By accessing or using our Service, you signify your understanding of and agreement to the terms of this Policy. If you do not agree with this Policy, please do not use our Service.

This Policy should be read in conjunction with our Terms and Conditions of Service (“Terms”).

2. Information We Collect

We collect information to provide and improve our Service. The types of information we collect depend on how you interact with us.

2.1. Information You Provide Directly:

  • Account Information: When you register for an account, we collect information such as your name, business name, email address, phone number, and user account credentials (username and password).
  • Payment Information: If you subscribe to paid services, our third-party payment processors (e.g., Stripe) collect payment information (e.g., credit card details, billing address). We do not store full payment card details ourselves.
  • Communication Information: If you contact us directly (e.g., for support, feedback), we may collect your name, email address, phone number, the contents of your message, and any other information you choose to provide.
  • GMB Profile Information (via Google API): When you connect your Google Business Profile(s) to our Service using Google OAuth, we access and store information from your GMB account(s) on your behalf and as per your authorization. This may include: Business name, address, phone number, website, categories, attributes, description, operating hours, photos, videos, posts, reviews, Q&A, booking information, product/service listings, GMB Insights, and other user-generated content.
  • Communication Preferences: Your preferences for receiving marketing communications from us.

2.2. Information Collected Automatically:

  • Usage Data: Information about how you use our Service, such as features accessed, pages viewed, time spent on pages, clicks, and other interaction data.
  • Device and Connection Information: IP address, browser type and version, operating system, device identifiers, time zone setting, and information about your internet connection.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies. Please see our Cookie Policy for more details.
  • Location Data: We may collect imprecise location data (e.g., derived from your IP address) for analytics and service improvement.

2.3. Information from Third Parties:

  • Google: As described above, we receive information from your GMB account(s) when you authorize access via Google OAuth.
  • Social Media Platforms: If you interact with our social media pages, we may collect information you make public or provide to us.
  • Business Partners & Marketing Partners: We may receive information from partners with whom we collaborate (e.g., for joint marketing activities), provided they have a lawful basis to share such information.

3. How We Use Your Information

We use your Personal Information for the following purposes:

3.1. To Provide and Maintain the Service:

  • Create and manage your account.
  • Process your subscriptions and payments.
  • Enable you to access and use the GMB management features (e.g., posting updates, managing reviews, updating profile info).
  • Provide customer support and respond to your inquiries.
  • Send you service-related communications (e.g., account verification, technical notices, security alerts).

3.2. To Improve and Personalize the Service:

  • Analyze usage patterns to understand how our Service is used, improve functionality, and enhance user experience.
  • Personalize your experience with the Service (e.g., suggesting relevant tasks).
  • Develop new features, products, and services.

3.3. For Marketing and Advertising (Our Own Services):

  • Send you promotional communications, newsletters, and offers about our products and services, where permitted by law and based on your communication preferences. You can opt-out at any time.
  • Measure the effectiveness of our marketing campaigns.

3.4. For Legal, Safety, and Security Purposes:

  • Comply with applicable laws, regulations, legal processes, or governmental requests.
  • Protect the rights, property, or safety of 9x Innovations, our users, or the public.
  • Prevent, detect, investigate, and respond to fraud, unauthorized access/use of the Service, breaches of terms and policies, or other wrongful conduct.
  • Enforce our Terms and Conditions.

3.5. Use of Information Obtained from Google APIs:

Our use and transfer of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Information obtained via Google APIs (like your GMB data) will only be used to provide or improve user-facing features clearly visible within the MyLocalGrowth application (e.g., displaying your reviews, allowing you to post updates, showing insights).
  • We will not transfer Google API data to others unless necessary to provide or improve these user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (with notice to you).
  • We will not use Google API data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We will not allow humans to read your Google API data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (like investigating abuse), to comply with applicable law, or for the Service's internal operations related to aggregated and anonymized data.

4. Cookies and Tracking Technologies

We use cookies and similar technologies (like web beacons and pixels) to collect and use Personal Information about you, including to understand usage, manage sessions, and improve the Service. We use tools like Google Analytics to help us analyze traffic. For more detailed information about the types of cookies and similar technologies we use, why, and how you can control them, please see our Cookie Policy.

5. Information Sharing and Disclosure

We do not sell your Personal Information. We may share your Personal Information with the following categories of third parties:

  • Service Providers: Companies that perform services on our behalf, such as payment processing (e.g., Stripe), cloud hosting (e.g., AWS, Google Cloud, Vercel), email delivery (e.g., Mailgun), customer support tools, and analytics providers (e.g., Google Analytics). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
  • Google: As necessary to provide the Service features that interact with the Google Business Profile API, based on your authorization.
  • Advertising and Analytics Partners: We may share usage and device data (like cookie IDs or IP addresses) with partners like Google Analytics to help us analyze usage and measure the effectiveness of our *own* marketing campaigns (we do not share your GMB data for third-party advertising).
  • Legal Requirements: If required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (a) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (b) enforce our agreements with you; (c) investigate and defend ourselves against any third-party claims or allegations; (d) protect the security or integrity of our Service; or (e) exercise or protect the rights and safety of 9x Innovations, our users, personnel, or others.
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your Personal Information.
  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

6. External Sites

The Service may contain links to third-party websites, applications, or other properties (“Other Sites”). Other Sites may also reference, advertise, or link to the Service. We do not endorse or sponsor Other Sites and are not responsible for the privacy practices or the content of Other Sites. The practices described in this Privacy Policy do not apply to information gathered by third parties through Other Sites. We encourage you to read the privacy policies of each website that you visit.

7. Data Retention

We retain your Personal Information for as long as your account is active or as needed to provide you the Service. We will also retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Typically, account information is retained for the duration of your subscription and for a reasonable period thereafter for operational purposes or as required by law. GMB data accessed via API is retained as necessary to provide the Service features and is deleted or anonymized upon account termination according to the process outlined in our Terms (typically within 30 days for active data, longer for backups).

8. Your Privacy Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your Personal Information, including:

  • Right to Access: You may have the right to request access to the Personal Information we hold about you.
  • Right to Rectification: You may have the right to request correction of inaccurate Personal Information we hold about you.
  • Right to Erasure (Deletion): You may have the right to request the deletion of your Personal Information, subject to certain exceptions.
  • Right to Restrict Processing: You may have the right to request that we restrict the processing of your Personal Information under certain conditions.
  • Right to Data Portability: You may have the right to receive your Personal Information in a structured, commonly used, and machine-readable format.
  • Right to Object: You may have the right to object to the processing of your Personal Information under certain conditions, particularly for direct marketing purposes.
  • Right to Withdraw Consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time.

Marketing Opt-Out: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions included in those emails or by contacting us. Please note that you may still receive non-promotional messages regarding your account or our ongoing business relations.

To exercise any of these rights, please contact us using the contact information provided in Section 14.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your Personal Information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of Personal Information we have collected about you, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request the deletion of Personal Information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request the correction of inaccurate Personal Information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not “sell” your Personal Information as traditionally defined. We also do not “share” your Personal Information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: We do not collect or process Sensitive Personal Information for purposes that would require us to offer a Right to Limit under the CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Information We Collect and Why (California Residents):

We collect the following categories of personal information for the specified business or commercial purposes:

Identifiers

Such as real name, business name, postal address (if provided), unique personal identifier (like user ID), online identifier (like cookie ID), Internet Protocol (IP) address, email address, account name, phone number.

Purposes: Performing services (account creation/maintenance, customer service, payment processing); Security (detecting incidents, protecting against fraud/illegal activity); Debugging (identifying/repairing errors); Improving Services; Auditing interactions and compliance.

Commercial Information

Such as records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies (related to our Service).

Purposes: Performing services (processing payments, managing subscriptions); Improving Services; Auditing transactions.

Internet or Other Electronic Network Activity Information

Such as browsing history, search history, and information regarding your interaction with our website, application, or advertisements (Usage Data, Device/Connection Info).

Purposes: Performing services; Security; Debugging; Internal research for development; Improving Services; Auditing interactions and compliance.

Geolocation Data

Imprecise location derived from IP address.

Purposes: Performing services; Security; Debugging; Internal research; Improving Services; Auditing interactions.

Professional or Employment-related Information

Such as business name, business address, job title (implicitly through account registration).

Purposes: Performing services (account setup and communication).

Inferences Drawn from Other Personal Information

Profile reflecting preferences or characteristics related to Service usage.

Purposes: Performing services (personalization); Security; Debugging; Internal research; Improving Services; Auditing interactions.

To exercise these rights, California residents can contact us at hello@9xlocal.com or via the methods described in Section 14. We may need to verify your identity before processing your request.

10. Data Security

We implement and maintain reasonable administrative, technical, and physical security measures designed to protect the Personal Information we collect against unauthorized access, disclosure, alteration, loss, or destruction. These measures include encryption, access controls, secure development practices, and regular security assessments. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information.

11. International Data Transfers

Your Personal Information may be transferred to, stored in, and processed in countries other than the country in which you reside, including the United States, where our servers and central database are located. Data protection laws in these countries may differ from those in your country. By using the Service, you consent to the transfer of your information to the U.S. and other countries where we or our service providers operate.

12. Children’s Privacy

Our Service is not directed to individuals under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect Personal Information from children. If we become aware that we have inadvertently collected Personal Information from a child without parental consent, we will take steps to delete such information promptly. If you believe that we might have any information from or about a child, please contact us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated Policy on our website, updating the “Last Updated” date, and/or through other appropriate communication channels (such as email notification to registered users) prior to the change becoming effective. We encourage you to review this Policy periodically.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

9x Innovations LLC
Email: hello@9xlocal.com

Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) forms part of the Agreement (defined in the Terms of Service) between 9x Innovations LLC (“Processor”) and the Customer (“Controller”) who uses the Service.

1. Definitions

Capitalized terms not defined herein shall have the meaning set forth in the Agreement or applicable Data Protection Law (e.g., CCPA/CPRA). "Personal Data", "Processing", "Data Subject", "Controller", "Processor", "Personal Data Breach" shall have the meanings ascribed to them in Applicable Data Protection Law. "Customer Data" means the Personal Data Processed by Processor on behalf of Controller in connection with the provision of the Service.

2. Roles and Responsibilities

The parties acknowledge that Controller is the Controller of Customer Data, and 9x Innovations is the Processor acting on behalf of the Controller. Processor shall Process Customer Data only in accordance with Controller’s documented lawful instructions as set forth in the Agreement and this DPA, unless required to do otherwise by applicable law.

3. Details of Processing

  • Subject Matter: The provision of the GMB management Services as described in the Agreement.
  • Duration: For the term of the Agreement, plus any period required for data deletion as specified herein or in the Agreement.
  • Nature and Purpose: To enable Controller to manage its GMB profile(s), monitor performance, manage reviews and posts, and utilize other features of the Service.
  • Types of Personal Data: GMB Profile Information (business name, address, phone, website, hours, photos, posts, reviews, Q&A, insights, etc.) accessed via Google API based on Controller authorization; Controller's user account details (name, email, etc.).
  • Categories of Data Subjects: Controller’s customers (whose reviews or interactions appear on GMB), employees (if listed on GMB), and authorized users of the Service employed by Controller.

4. Processor’s Obligations

Processor agrees to: (a) ensure personnel authorized to process Customer Data are bound by confidentiality obligations; (b) implement and maintain appropriate technical and organizational security measures; (c) provide general authorization for the use of sub-processors (listed in Annex 1), remain liable for sub-processors, and provide Controller notice of changes; (d) reasonably assist Controller in responding to Data Subject Rights requests; (e) notify Controller without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data; (f) reasonably assist Controller with data protection impact assessments (DPIAs) and consultations with supervisory authorities, at Controller's expense; (g) upon termination of the Agreement, delete or return all Customer Data as requested by Controller, unless retention is required by law; (h) make available to Controller information necessary to demonstrate compliance and allow for audits, at Controller's expense.

5. Controller’s Obligations

Controller represents and warrants that it has complied, and will continue to comply, with all its obligations under Applicable Data Protection Law in respect of its Processing of Customer Data and instructions to Processor. Controller is responsible for the lawfulness of the Processing instructions it provides to Processor.

6. International Data Transfers

Where Processing involves a transfer of Customer Data subject to transfer restrictions under Applicable Data Protection Law, the parties agree that such transfers shall be governed by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, where required.

Annex 1: List of Sub-processors

This list is current as of the “Last Updated” date of this policy. Controller provides general authorization for Processor to engage these sub-processors.

  • Payment Processors: Stripe, Inc. (USA) - Purpose: Payment processing.
  • Analytics Providers: Google LLC (Google Analytics - USA) - Purpose: Website and Service usage analytics.
  • Email Delivery Provider: Mailgun Technologies, Inc. (USA) - Purpose: Sending transactional and marketing emails.
  • Cloud Infrastructure Hosting: Vercel Inc. (USA), Amazon Web Services, Inc. (AWS - USA), Google Cloud Platform (GCP - USA) - Purpose: Hosting the Service infrastructure and data storage.