Privacy Policy

    This Privacy Policy explains how Locapage ("we", "us", "Company") collects, uses, stores, and protects your personal data when you use our service. We are committed to complying with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

    1. Data Controller

    The data controller for the personal data processed through this service is:
    Dominic Mueller, operating as Locapage
    Mainzer Str. 19, 50678 Köln, Germany
    Email: contact@locapage.com
    Phone: +49 221 169 295 34

    2. Data We Collect

    We collect the following categories of personal data:

    • Email address — provided when you create a website or log in (used for authentication, communications, and account management).
    • IP address — collected automatically for security, fraud prevention, and rate limiting.
    • Usage data — pages visited, features used, browser type, device type, operating system, referring URL, and timestamps.
    • Business data — publicly available Google Business information (name, address, phone, reviews, photos, opening hours) used to generate your website.
    • Payment data — processed exclusively by Stripe. We do not store credit card numbers, CVVs, or full payment details. We receive and store your Stripe customer ID and subscription status.

    3. Legal Bases for Processing (GDPR)

    We process your data based on the following legal grounds:

    • Contract performance (Art. 6(1)(b) GDPR) — to provide the Service, generate your website, process payments, and manage your subscription.
    • Legitimate interests (Art. 6(1)(f) GDPR) — for security, fraud prevention, service improvement, and analytics. We balance our interests against your rights and freedoms.
    • Legal obligation (Art. 6(1)(c) GDPR) — to comply with tax, accounting, and other legal requirements.
    • Consent (Art. 6(1)(a) GDPR) — where applicable, for optional communications or analytics cookies. You can withdraw consent at any time.

    4. How We Use Your Data

    • Service delivery — generating, hosting, and maintaining your website.
    • Authentication — verifying your identity via email OTP.
    • Payment processing — managing subscriptions and billing through Stripe.
    • Communications — service notifications, support, and important updates.
    • Security & fraud prevention — monitoring for abuse, rate limiting, and protecting the platform.
    • Service improvement — analytics, performance monitoring, and product development.

    5. Data Sharing & Third-Party Processors

    We share data with the following categories of recipients, all subject to appropriate data processing agreements:

    • Stripe Inc. (USA) — payment processing. Subject to Stripe's Privacy Policy.
    • Supabase Inc. (USA) — database hosting and authentication infrastructure.
    • Vercel Inc. (USA) — website hosting and content delivery.
    • Google LLC (USA) — Google Places API for business data retrieval.
    • OpenAI (USA) — AI content generation (business data is sent for processing; no personal data is shared).
    • Pexels — stock image retrieval for website visuals.

    We do not sell, rent, or trade your personal data to third parties. Data is shared only as necessary to provide the Service.

    6. International Data Transfers

    Some of our third-party processors are located in the United States. For transfers outside the EU/EEA, we rely on:

    • The EU-US Data Privacy Framework (where applicable).
    • Standard Contractual Clauses (SCCs) approved by the European Commission.
    • Other appropriate safeguards as required by GDPR Article 46.

    7. Data Retention

    • Account data — retained for the duration of your subscription plus 30 days after cancellation.
    • IP addresses and rate-limiting logs — automatically deleted after 2 hours.
    • Cached business data — automatically deleted after 30 days.
    • Payment records — retained as required by tax and accounting laws (typically 7–10 years).
    • Analytics data — retained in anonymized form.

    8. Your Rights (GDPR)

    Under the GDPR, you have the following rights:

    • Right of access (Art. 15) — request a copy of your personal data.
    • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
    • Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
    • Right to restriction (Art. 18) — restrict processing under certain conditions.
    • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
    • Right to object (Art. 21) — object to processing based on legitimate interests.
    • Right to withdraw consent — where processing is based on consent, withdraw at any time.

    To exercise any of these rights, contact us at contact@locapage.com. We will respond within 30 days.

    Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

    9. Your Rights (CCPA — California Residents)

    If you are a California resident, you have additional rights under the CCPA:

    • Right to know — what personal information we collect, use, disclose, and sell.
    • Right to delete — request deletion of your personal information.
    • Right to opt-out of sale — we do not sell your personal data.
    • Right to non-discrimination — we will not discriminate against you for exercising your rights.

    To exercise CCPA rights, contact us at contact@locapage.com.

    10. Children's Privacy

    Locapage is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will promptly delete it.

    11. Security Measures

    We implement appropriate technical and organizational measures to protect your data, including:

    • Encryption in transit (TLS/SSL) and at rest.
    • Access controls and authentication.
    • Regular security assessments and monitoring.
    • Automated rate limiting and abuse prevention.

    However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

    12. Cookies

    We use essential cookies for service functionality and authentication. See our Cookie Policy for full details on what cookies we use, their purposes, and how to manage them.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before they take effect. The "last updated" date below indicates when this policy was last revised.

    14. Contact

    For privacy-related questions, data subject requests, or complaints, contact us at: contact@locapage.com

    Last updated: April 12, 2026