Privacy Policy

Effective Date: April 30, 2026 · Last Updated: June 4, 2026

1. Introduction

WatchLocal.ai ("WatchLocal," "we," "us," or "our") is an AI-powered local visibility management platform. We help small businesses get found everywhere their customers look — across search engines, directories, review sites, social platforms, and AI-powered search tools.

To do this, we ask our clients to connect their business accounts on platforms like Google, Meta, and others so our AI agents can manage and optimize their online presence on their behalf. This Privacy Policy explains exactly what data we collect, how we use it, how we protect it, and your rights as a client.

We believe in radical transparency. If you have questions about anything in this document, contact us at david@watchlocal.ai.

2. Information We Collect

2a. Business Information You Provide

When you onboard through our Intake process, we collect your business name, address, phone number, website URL, and primary business contact name and email. This information is necessary to set up your accounts, manage your listings, and deliver our services.

2b. Platform Access Credentials

When you connect your accounts through our Access Connect feature, we receive OAuth access tokens and refresh tokens from the platforms you authorize. We never see or store your passwords. All authentication is handled through each platform's official OAuth 2.0 protocol. These tokens allow our AI agents to manage your business profiles on your behalf.

Tokens are encrypted at rest and stored on secure cloud infrastructure (Netlify Blobs with encrypted storage). Access is restricted to our automated service agents and authorized personnel only.

2c. Platform Authorization Details

We are transparent about exactly what access we request on each platform. Each row below lists the specific OAuth scope or permission we request and the action it enables on your behalf.

Platform	Access Requested	What It Allows Us To Do
Google Business Profile	`business.manage`	Manage your business listing, posts, photos, Q&A, and reviews
Google Analytics	`analytics.edit`	View your website traffic data and configure basic tracking
Google Tag Manager	`tagmanager.manage.users`	Set up conversion tracking tags for your website
Google Search Console	Guided verification	Monitor your search performance and indexing status
Meta — Facebook Pages	`pages_show_list` `pages_manage_metadata` `pages_manage_posts` `pages_manage_engagement` `pages_read_engagement` `pages_read_user_content` `pages_messaging` `business_management`	pages_show_list: see the list of Facebook Pages you administer so you can pick which ones we manage. pages_manage_metadata: update your Page's About section, business hours, services, and contact details. pages_manage_posts: create, edit, and publish posts to your Facebook Page on your behalf. pages_manage_engagement: respond to comments and reactions on your Page posts (after your approval). pages_read_engagement: read Page-level engagement metrics such as reach, impressions, and post performance. pages_read_user_content: read reviews, recommendations, and visitor posts on your Page so we can draft owner responses for your approval. pages_messaging: read and send messages on your Page's Messenger conversations with customers, only on Page-connected business conversations. business_management: required dependency to access Pages and Instagram Business assets owned by your Meta Business Portfolio.
Meta — Instagram Business	`instagram_basic` `instagram_content_publish` `instagram_manage_comments` `instagram_manage_messages`	instagram_basic: read your Instagram Business profile basic info (username, profile picture, bio, follower count) and your media. instagram_content_publish: publish feed posts, reels, and stories to your Instagram Business account on your behalf. instagram_manage_comments: read and respond to comments on your Instagram Business posts (after your approval). instagram_manage_messages: read and respond to direct messages on your Instagram Business account, only on business conversations.
CMS (Website)	Guided access setup	Optimize on-page SEO elements, schema markup, and site structure
Nextdoor	Guided claim	Claim and manage your Nextdoor business page

Specific Meta data we access: When you authorize our Meta integration, we access the following data categories on the Facebook Pages and Instagram Business accounts you connect — and only those: Page profile and metadata (name, About, hours, services, contact info, category); Page posts and post performance metrics (reach, impressions, engagement); Page reviews, recommendations, and visitor posts; comments and reactions on your Page posts; messages in Page-connected Messenger conversations between your business and your customers; the list of Pages and ad-account business assets in your Meta Business Portfolio; Instagram Business profile basic information; Instagram Business media (posts, reels, stories) and their performance metrics; Instagram comments on your business posts; Instagram direct messages on your business account. We do not access your personal Facebook profile, your personal Facebook friends, your personal Instagram account, or any data outside the Pages and Instagram Business accounts you explicitly authorize.

You can revoke WatchLocal's access to any platform at any time through that platform's security settings (for example, Google Account Permissions or Facebook Business Integrations).

2d. Photos and Media

You may upload business photos, videos, and other media through our Photo/Video Drop feature. These are used exclusively to enhance your business profiles across your connected platforms. You retain full ownership of all media you provide.

2e. Scan and Audit Data

We collect publicly available information about your business from search engines, AI search tools, directories, review sites, and other online platforms. This data is already public — we organize, score, and present it to help you understand and improve your visibility.

2f. Usage Data

We collect basic website usage data (pages visited, time on site, device type) to improve our service. We do not use invasive tracking, advertising cookies, or third-party analytics services that follow you across the web.

3. How We Use Your Information

We use the information we collect to deliver the 70 actions across 10 visibility pillars that form our service. Specifically:

Active Profile Management: Our AI agents use your connected account access to create, update, and optimize your business profiles across platforms — including posting content, uploading photos, responding to reviews, updating business information, and managing your local SEO.

Visibility Monitoring: We continuously scan 80+ online platforms to track your business presence, generate visibility scores, produce audit reports, and deliver ongoing monitoring.

Content Creation: We use your business information and media to generate posts, descriptions, and content for your profiles. All AI-generated content is reviewed before publication.

Communication: We send you reports, updates on visibility changes, and notifications about actions taken on your behalf.

Service Improvement: We use aggregated, anonymized data to improve our scanning accuracy, AI models, and platform coverage. Your individual business data is never used to train third-party AI models.

4. AI and Automation

Our AI Commitment: WatchLocal uses AI agents to manage your local business presence. We believe you should know exactly how AI is involved in managing your business.

WatchLocal employs AI-powered agents that perform actions on your behalf across your connected platforms. These agents operate under human oversight — our team reviews and approves actions before they are published. Key points about our AI usage:

What our AI agents do: Generate business descriptions, create social media posts, optimize listing details, analyze review sentiment, identify visibility gaps, and recommend improvements.

Human review: All content generated by AI is subject to review before it is published to your platforms. Automated posting only occurs for categories of content that have been pre-approved.

Accuracy: While we strive for accuracy, AI-generated content may occasionally contain errors. We encourage you to review all content posted to your profiles and notify us of any inaccuracies.

Third-party AI providers: We may use third-party AI services (such as OpenAI and Google Cloud AI) to power certain features. When we do, only the minimum necessary data is shared with these providers, and it is processed under strict data processing agreements. Your business data is not used to train these providers' general-purpose models.

5. What We Do NOT Do

We believe in being explicit about our boundaries:

We do not sell your personal or business information to anyone, ever.
We do not share your data with advertisers.
We do not access your Gmail, Google Drive, your personal Facebook profile, your personal Facebook friends, your personal Instagram account, your personal direct messages, or any service or account beyond the business assets listed in the authorization table above. The Meta scopes listed above apply only to the Facebook Pages and Instagram Business accounts you explicitly authorize through OAuth — never to personal Meta accounts.
We do not store your passwords. All authentication uses OAuth tokens.
We do not share your business data with your competitors.
We do not use your individual data to train AI models for third parties.
We do not send unsolicited marketing emails.
We do not share mobile opt-in information, SMS/text-messaging consent, or phone numbers collected for text messaging with any third parties or affiliates for their marketing or promotional purposes, and we never sell them.

6. Data Sharing

We share your information only in these limited circumstances:

Connected Platforms: When you authorize a platform through Access Connect, we share your business information with that platform to manage your listings. This is the core of our service — we post, update, and optimize on your behalf.

Service Providers: We use trusted infrastructure providers to operate our platform, including Netlify (hosting and serverless functions), Cloudflare (network security and DNS), and Supabase (database). These providers process data on our behalf under their respective data processing agreements and are prohibited from using your data for their own purposes.

AI Service Providers: As noted in Section 4, we may use third-party AI services for content generation and analysis. Only the minimum data required is shared, under strict contractual protections.

Legal Requirements: We may disclose information when required by law, legal process, or government request, or to protect the rights, safety, or property of WatchLocal, our clients, or the public.

7. Data Storage and Security

Your data is stored on secure cloud infrastructure with the following protections:

All connections use HTTPS encryption in transit.
OAuth tokens are encrypted at rest in secure cloud storage.
Access to client data is restricted to authorized automated agents and personnel.
We conduct regular security reviews of our infrastructure and access controls.

While we implement industry-standard security measures, no system is 100% secure. In the event of a data breach affecting your information, we will notify you within 72 hours of becoming aware of the breach, along with details of what occurred and steps we are taking to address it.

8. Data Retention and Deletion

We retain your business data and access tokens for as long as your account is active and we are providing services to you. Upon termination of service:

We revoke all platform access tokens within 7 days.
We retain basic account information for 30 days in case you wish to reactivate.
After 30 days, or upon your request, we delete all your data from our systems.
Aggregated, anonymized data that cannot identify your business may be retained indefinitely for service improvement.

8a. How to Request Data Deletion

You can request deletion of your data — including all OAuth tokens, profile information, audit history, and any data WatchLocal collected from connected Meta, Google, or other platforms on your behalf — at any time. We process deletion requests within 7 business days of receipt.

To request data deletion, follow these steps:

Send an email to david@watchlocal.ai with the subject line "Data Deletion Request".
Include in the email body the business name and email address associated with your WatchLocal account so we can identify the records to delete.
We will reply within 2 business days to confirm receipt and to verify the request was sent by an authorized representative of the business.
Once verified, we revoke all OAuth tokens for your connected platforms (Facebook Pages, Instagram Business, Google Business Profile, and any others), purge your business records, audit history, OAuth tokens, and uploaded media from our production storage and from backups within 7 business days.
You will receive a final confirmation email when deletion is complete.

If you authorized WatchLocal through Facebook Login and want to revoke our access immediately without going through email, visit Facebook Business Integrations, find "WatchLocal" in the list, and remove the integration. This revokes our Meta access tokens immediately. Email us afterward to also request deletion of any business data we previously collected on your behalf.

9. Cookies and Tracking

We use minimal cookies necessary for site functionality (such as session management and authentication state). We do not use advertising cookies, social media tracking pixels, cross-site analytics, or any third-party trackers that follow you across the web.

10. Your Rights

Regardless of where you are located, you have the right to:

Access all data we hold about your business.
Correct any inaccurate information.
Delete your data and close your account (see Section 8a above).
Revoke platform access at any time through each platform's settings.
Export a copy of your data in a standard format.
Object to specific types of data processing.

To exercise any of these rights, contact us at david@watchlocal.ai. We will respond within 30 days.

11. Children's Privacy

WatchLocal.ai is a business service not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy as our services evolve. We will notify clients of material changes by email at least 14 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of WatchLocal.ai after changes are posted constitutes acceptance of the updated policy.

13. Mobile & SMS Messaging

For businesses that use our review-request service, we collect the mobile phone numbers of their customers — provided directly to the business at the time of service — in order to send service-related text messages, such as a request to leave a Google review after a completed job.

We use these mobile numbers only to send the service-related messages described in our SMS & Text Messaging Program terms.
Mobile opt-in data, SMS consent, and phone numbers are never sold, rented, or shared with third parties or affiliates for their own marketing or promotional purposes. They are not used for any purpose other than delivering the messages you consented to.
You can opt out of text messages at any time by replying STOP, or reply HELP for assistance.
Message and data rates may apply.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or your rights, contact us at:

Email: david@watchlocal.ai
Organization: WatchLocal.ai
Location: Celina, Texas