LionLens OSLionLens OS

Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes how LionLens OS, a product operated by Insta Perf LLC ("we," "our," or "us"), an Iowa limited liability company, collects, uses, and protects information when you use our local SEO audit platform (the "Service"). By using the Service, you agree to the practices described below.

1. Information We Collect

We collect the following types of information:

  • Account information: name, email address, and password (stored as a one-way hash).
  • Business information: business names, addresses, phone numbers, website URLs, and other data you submit for audits.
  • Audit data: results generated by our automated checks, including website content snapshots, Google Business Profile data, and AI-generated analysis.
  • Google Business Profile data (when you connect your account): When you authorize LionLens to connect to your Google Business Profile via Google's OAuth flow, we access only the GBP data necessary to provide our service. This may include: account names, location names and addresses, business categories, phone numbers, website URLs, posts, and reviews. We access only profiles you have permission to manage. We do not access Gmail, Google Drive, Google Calendar, or any other Google service outside the Business Profile scopes you grant.
  • Usage data: how you interact with the Service (pages viewed, features used, timestamps).
  • Payment information: when you subscribe to a paid plan, Stripe processes your payment and stores billing details. We never see or store your full card number.

2. How We Use Your Information

  • To run audits, generate reports, and provide competitor intelligence.
  • To authenticate and secure your account.
  • To improve our audit algorithms and the Service itself.
  • To communicate with you about your account, billing, and product updates.
  • To comply with legal obligations.
  • To synchronize Google Business Profile data into your audits, surface insights about your locations, and (where you've enabled them) publish posts or reply to reviews on your behalf — only when you initiate these actions or schedule them.

3. Third-Party Services

We use the following third-party services to operate LionLens OS:

  • Supabase for authentication and database hosting.
  • Vercel for application hosting.
  • Inngest for background job processing.
  • Anthropic Claude for AI competitor intelligence.
  • Google APIs:
    • Google Places API for public business data (address validation, place details).
    • Google PageSpeed Insights API for website performance metrics.
    • Google Business Profile APIs (Account Management, Business Information, and legacy v4) for managing connected GBP accounts. We access these only when you grant explicit OAuth consent.
  • Stripe for subscription payment processing.

Each of these services has its own privacy policy governing how they handle data.

4. Google Business Profile OAuth & Data Handling

When you connect your Google Business Profile to LionLens, the following applies:

What we request access to

We request the minimum necessary OAuth scopes — business.manage (for GBP API access), and openid, email, profile (so we can display "Connected as [your email]" in the LionLens dashboard). We do not request access to Gmail, Drive, Calendar, Photos, or any other Google service.

How tokens are stored

OAuth refresh tokens and short-lived access tokens are encrypted at rest in our database using AES-256-GCM authenticated encryption with a server-side encryption key. Tokens are never exposed to your browser or to any third party.

How we use GBP data

We fetch your GBP data only when you (or scheduled tasks you've enabled) initiate an action — running an audit, viewing a location, scheduling a post. We do not run background scrapes or aggregate your data with other users' data.

What we do NOT do with your GBP data

  • We do not sell, rent, or share your Google Business Profile data with third parties.
  • We do not use your data for advertising or targeting.
  • We do not use your data to train AI/ML models. Our AI features operate on the public, real-time results of an audit and do not retain GBP data.
  • We do not aggregate your GBP data with other users' data.

How to revoke access

You can disconnect at any time from your LionLens dashboard at Settings → Integrations → Disconnect. When you disconnect, we immediately revoke your OAuth grant at Google's revocation endpoint (oauth2.googleapis.com/revoke) and delete all stored tokens and cached GBP data from our database. You can also revoke independently at myaccount.google.com/permissions.

Compliance with Google's Limited Use Policy

Our use of information received from Google APIs adheres to Google's Limited Use Policy, including the Limited Use requirements.

5. Data Retention

We retain your account and audit data for as long as your account is active. You can request deletion of your account at any time by contacting us. When you delete your account or disconnect your Google Business Profile, we remove all related personal data and OAuth tokens within 30 days, except where required by law to retain it longer.

6. Your Rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Port your data to another service.
  • Opt out of marketing communications.

To exercise any of these rights, contact us at the email below.

7. Security

We use industry-standard security measures including:

  • Encryption in transit via TLS for all data exchanged with our servers.
  • Encryption at rest for sensitive data in our database, including OAuth tokens (AES-256-GCM authenticated encryption).
  • One-way hashing for passwords (bcrypt).
  • Row-level security (RLS) policies in our database ensuring users can only access their own data.
  • OAuth token revocation upon disconnect or account deletion.

No method of electronic transmission or storage is 100% secure, but we take reasonable steps to protect your information.

8. Cookies

We use essential cookies to keep you logged in and to maintain your session. We do not use third-party advertising cookies.

9. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice in the Service. The "Last updated" date at the top reflects the current version.

11. Contact

If you have questions about this Privacy Policy or our practices, email us at Vince@LionLensOS.com.