Legal Document

Privacy Policy

Effective date: June 2, 2026 · Last updated: June 2, 2026

Questions? Email scout@gmapsscout.com

This policy explains what personal data GMapsScout collects about you, why we collect it, how we use it, and what rights you have. We have written it to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and applicable US state privacy laws effective as of 2026.

Contents

  1. 1. Who We Are
  2. 2. Scope of This Policy
  3. 3. Information We Collect
  4. 4. Legal Basis for Processing (GDPR)
  5. 5. How We Use Your Data
  6. 6. Data Processors & Sub-Processors
  7. 7. International Data Transfers
  8. 8. Analytics & Cookies
  9. 9. Data You Collect Using the Extension
  10. 10. Data Retention
  11. 11. Security & Breach Notification
  12. 12. Your Rights — EU / EEA / UK (GDPR)
  13. 13. Your Rights — California (CCPA/CPRA)
  14. 14. Your Rights — Other US States
  15. 15. Do Not Sell or Share My Personal Information
  16. 16. EU & UK Representative
  17. 17. Children's Privacy
  18. 18. Changes to This Policy
  19. 19. Contact & Complaints

1. Who We Are

GMapsScout (“we,” “us,” or “our”) is a software business based in the State of Michigan, United States. We operate the website gmapsscout.com and the GMapsScout Chrome extension (collectively, the “Service”).

For the purposes of applicable data protection law, GMapsScout is the data controller of personal data collected directly through our website and extension account system.

Data Controller Contact

Email: scout@gmapsscout.com

Website: gmapsscout.com

State: Michigan, United States

2. Scope of This Policy

This policy covers personal data we collect when you:

  • Visit and use gmapsscout.com;
  • Install, register for, or use the GMapsScout Chrome extension;
  • Purchase a paid subscription;
  • Contact us by email or other means.

This policy does not cover the business data (leads) you collect using the extension. That data is processed entirely on your device. See Section 9 for details.

3. Information We Collect

3.1 Account & Authentication Data

When you sign in using Google OAuth, we receive your Google account email address and display name. This is used to create and manage your account.

3.2 Payment & Billing Data

When you purchase a paid plan, your payment is processed by Stripe, Inc. We receive a payment confirmation and subscription status from Stripe. We do not store, see, or have access to your full credit card number, CVV, or bank account details. Stripe's privacy policy governs how your payment data is handled.

3.3 Usage & Analytics Data

We collect anonymized, aggregated data about how visitors use our website through Vercel Analytics. This includes page views and general navigation patterns. Vercel Analytics does not use cookies and does not collect personally identifiable information.

We also collect limited account-linked usage counts from the extension — specifically, the number of leads you scrape and enrichments you run per day and per month. These counts are tied to your account and are used to enforce your plan's usage limits, operate billing, and detect abuse. They are numerical counts only and never include the content of your lead lists (business names, contact details, or any scraped data).

3.4 Communications Data

If you email us, we retain the content of your message and your email address to respond and for support records.

3.5 Technical Data

Our hosting provider (Vercel) may log IP addresses, browser type, and access timestamps in server logs for security and performance purposes. These logs are retained for a limited period and are not used for marketing.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases under Article 6 of the GDPR:

Data CategoryLegal BasisArticle 6 Basis
Account email & namePerformance of contract (providing the Service)Art. 6(1)(b)
Payment & billing dataPerformance of contract; Legal obligation (tax records)Art. 6(1)(b)(c)
Feature usage analytics (anonymized)Legitimate interests (improving the Service)Art. 6(1)(f)
Website analytics (cookieless, aggregated)Legitimate interests (understanding site performance)Art. 6(1)(f)
Support communicationsLegitimate interests (providing support)Art. 6(1)(f)
Server logs / technical dataLegitimate interests (security, fraud prevention)Art. 6(1)(f)
Legal compliance recordsLegal obligationArt. 6(1)(c)

Where we rely on legitimate interests (Art. 6(1)(f)), we have assessed that our interests do not override your fundamental rights and freedoms, given the limited, non-sensitive nature of the data processed and the privacy-preserving analytics tools we use.

5. How We Use Your Data

  • To create and manage your account;
  • To process payments, manage subscriptions, and send receipts;
  • To provide customer support and respond to inquiries;
  • To improve the Service using anonymized usage data;
  • To send transactional emails (plan confirmations, billing notices, support replies) — not marketing emails;
  • To detect and prevent fraud, abuse, and security threats;
  • To comply with legal obligations (tax, financial regulation, law enforcement requests).

We do not sell, rent, or trade your personal information to any third party for their marketing purposes. We do not use your data to serve targeted advertising.

6. Data Processors & Sub-Processors

We use the following third-party services to operate the Service. Each is a data processor acting on our behalf under a data processing agreement:

Stripe, Inc.

Payment processing and subscription management

Based in: United States · Privacy Policy ↗

Vercel, Inc.

Website hosting, edge network, and cookieless analytics

Based in: United States · Privacy Policy ↗

Google LLC

Google OAuth sign-in; Chrome Extension distribution infrastructure

Based in: United States · Privacy Policy ↗

We do not share your personal data with any other third parties except as required by law or with your explicit consent.

7. International Data Transfers

GMapsScout is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data is transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

We rely on the following safeguards for international transfers:

  • Stripe: Complies with EU Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c). Stripe is also certified under the EU-US Data Privacy Framework.
  • Vercel: Provides SCCs for EU customers and operates under GDPR-compliant data processing agreements.
  • Google LLC: Certified under the EU-US Data Privacy Framework and provides SCCs.

You may request a copy of the relevant transfer mechanism by emailing scout@gmapsscout.com.

8. Analytics & Cookies

This website does not use tracking or advertising cookies. We use Vercel Analytics, which is designed to be privacy-first: no cookies are set, no cross-site tracking occurs, and no personally identifiable information is collected. Data is aggregated and anonymized.

We may use strictly necessary, functional session cookies to maintain your login state if you have a paid account. No third-party advertising, remarketing, or behavioral tracking cookies are used on this site.

Because we do not use non-essential cookies, a cookie consent banner is not required under the ePrivacy Directive or GDPR for this website.

9. Data You Collect Using the Extension

The GMapsScout extension enables you to collect publicly visible business information from Google Maps and, when you use the enrichment feature, from the public pages of business websites you choose to enrich. The enrichment feature causes your own browser to visit those third-party websites directly; your visits to and collection from those sites are subject to each site's own terms and privacy practices. We do not receive, store, access, or process any lead data you collect, and that data is never transmitted to our servers. All lead data is stored locally in your browser unless you explicitly export it.

You are entirely responsible for how you store, use, transfer, and act upon any data you collect. This includes compliance with GDPR, CCPA, CAN-SPAM, CASL, and all other applicable laws. Some data collected (such as individual business owner names and email addresses) may constitute personal data under applicable law, and you are the data controller of that data.

See our Terms of Service for the full scope of your legal responsibilities.

10. Data Retention

Data TypeRetention Period
Account data (email, name)Until account deletion + 30 days
Payment & billing records7 years (tax / financial regulation)
Support emails3 years from last contact
Server access logs90 days
Anonymized analytics dataIndefinitely (not linked to individuals)

To request deletion of your account data, email scout@gmapsscout.com. We will process deletion requests within 30 days, subject to any legal retention obligations.

11. Security & Breach Notification

We use industry-standard security measures to protect your personal data, including HTTPS/TLS encryption for all data in transit, access controls limiting who can access account data, and secure third-party processors (Stripe, Vercel) with their own security certifications.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33);
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34);
  • Notify affected US residents as required by applicable state breach notification laws.

No method of internet transmission is 100% secure. We cannot guarantee absolute security.

12. Your Rights — EU / EEA / UK (GDPR)

If you are located in the EU, EEA, or UK, you have the following rights under the GDPR (or UK GDPR):

Right of access (Art. 15)

Request a copy of the personal data we hold about you.

Right to rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to restriction (Art. 18)

Request that we restrict processing of your data in certain circumstances.

Right to data portability (Art. 20)

Receive your personal data in a structured, machine-readable format.

Right to object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Right to withdraw consent

Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

Right to lodge a complaint

Lodge a complaint with your national supervisory authority (e.g., the ICO in the UK).

To exercise any right, email scout@gmapsscout.com. We will respond within 30 days (extendable by a further 60 days for complex requests). We may need to verify your identity before processing your request.

13. Your Rights — California (CCPA/CPRA)

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents specific rights. Note: Formal CCPA obligations apply to businesses exceeding $25 million in annual revenue, collecting data of more than 100,000 consumers, or deriving more than 50% of revenue from selling personal information. GMapsScout is likely below these thresholds, but we commit to the following rights regardless:

Right to Know

Know what personal information we collect, use, disclose, and sell about you.

Right to Delete

Request deletion of personal information we have collected from you.

Right to Correct

Request correction of inaccurate personal information.

Right to Opt-Out

Opt out of the sale or sharing of your personal information. We do not sell or share your personal information (see Section 15).

Right to Limit Sensitive PI Use

Limit our use and disclosure of sensitive personal information. We do not collect sensitive personal information as defined by CPRA.

Right to Non-Discrimination

Not be discriminated against for exercising any CCPA right.

To exercise CCPA rights, email scout@gmapsscout.com with subject line “CCPA Request”. We will respond within 45 days.

14. Your Rights — Other US States

As of 2026, over 20 US states have enacted comprehensive consumer privacy laws. While thresholds and specific requirements vary by state, GMapsScout commits to honoring the core rights common across these laws for all US residents:

  • Right to access — know what personal data we hold about you;
  • Right to delete — request deletion of your personal data;
  • Right to correct — request correction of inaccurate data;
  • Right to opt out of sale/sharing — we do not sell or share personal data (see Section 15);
  • Right to non-discrimination — not be penalized for exercising your privacy rights.

This includes but is not limited to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with active privacy laws. Email scout@gmapsscout.com to exercise any right.

15. Do Not Sell or Share My Personal Information

GMapsScout does not sell, rent, share, or disclose your personal information to third parties for their own commercial purposes or for cross-context behavioral advertising.

We do not engage in the “sale” of personal data as defined under the CCPA/CPRA or any applicable US state privacy law. Our third-party service providers (Stripe, Vercel, Google) receive your data only to the extent necessary to provide the Service and are contractually prohibited from using it for their own marketing purposes.

16. EU & UK Representative

Under GDPR Article 27, non-EU companies that systematically process personal data of EU individuals at scale are required to appoint an EU Representative. GMapsScout does not specifically target EU/EEA residents, processes minimal personal data of EU users (limited to account email and anonymized analytics), and believes it qualifies for the Article 27 exemption applicable to non-systematic, non-large-scale processing.

EU and UK residents wishing to exercise their rights or raise a concern may contact us directly at scout@gmapsscout.com. We will respond within 30 days. If we begin systematically offering services specifically to EU/UK residents at scale, we will appoint a formal EU Representative and update this policy.

17. Children's Privacy

The Service is not directed at individuals under 13 years of age (or under 16 where applicable under GDPR). We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact us at scout@gmapsscout.com and we will delete it promptly.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above. For significant changes that materially affect how we process your personal data, we will provide prominent notice (e.g., via in-extension banner or email to registered users).

Continued use of the Service after any change constitutes acceptance of the revised policy.

19. Contact & Complaints

For any privacy-related question, request, or complaint:

GMapsScout — Privacy

Email: scout@gmapsscout.com

Response time: within 30 days

EU/EEA/UK residents who are not satisfied with our response have the right to lodge a complaint with their local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) ↗. A list of EU supervisory authorities is available at edpb.europa.eu ↗.

California residents may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov ↗.

This Privacy Policy was last updated on June 2, 2026. We recommend reviewing it periodically.

Terms of ServiceAccessibility Statement← Back to Home