LEGAL
Google API Disclosure
Last updated: July 17, 2026
This page explains, in plain language, what access Mapseo requests to your Google account, what we do with it, and how you stay in control. It supplements our Privacy Policy.
The scope we request
Mapseo requests a single sensitive OAuth scope: https://www.googleapis.com/auth/business.manage — the official scope for managing Google Business Profiles. We do not request access to your Gmail, Drive, Calendar, Contacts, or any other Google data.
What we access, and why
| Data | Why we need it |
|---|---|
| Business accounts & locations (name, address, phone, categories, hours, website, verification state) | To list your profiles, let you choose which to manage, and to monitor them for unwanted changes and suspensions. |
| Local posts | To create, schedule, and publish the posts you approve or automate. |
| Reviews and review replies | To show reviews in your inbox, draft replies, and publish replies under the rules you set. |
| Photos / media | To attach images to posts and use your photo library when you choose. |
| Performance metrics (views, searches, calls, direction requests) | To show your dashboard KPIs and build your monthly reports. |
What we never do with your Google data
- We never sell it.
- We never use it for advertising.
- We never transfer it to third parties except the subprocessors required to run the Service (listed in our Privacy Policy), as required by law, or in a merger/acquisition with prior notice.
- We never use it to train generalized AI/ML models.
- No human reads it except with your explicit permission (e.g. you ask support to look at something), for security incident investigation, or in anonymized aggregate.
Limited Use statement
Mapseo’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
How your tokens are protected
Your OAuth refresh token is encrypted at the application layer before being stored, on top of database-level encryption at rest. Tokens are used only by our servers to call Google’s APIs on your behalf and are never exposed to the browser or third parties.
Staying in control
- Disconnect any Google connection from Settings inside the app — we stop all API activity immediately and delete the stored tokens.
- Revoke Mapseo’s access entirely from your Google Account security settings.
- Request full deletion of your data — see Data Deletion Instructions.