Privacy Policy

Last Updated: March 14, 2026

Papalocal is a product of eWebify, LLC ("eWebify," "Papalocal," "we," "us," or "our"). We operate the website papalocal.com and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

By using Papalocal, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, phone number, business name, mailing address, and password when you register.
• Business Profile Data: Business description, services, products, service areas, photos, logos, employee information, and other profile details.
• Payment Information: Billing details processed through our third-party payment processors (Stripe). We do not store full credit card numbers on our servers.
• Communications: Messages, reviews, referrals, and other content you submit through the platform.
• Email Account Data: When you connect an email account (e.g., Gmail) via OAuth, we access email metadata (sender, recipient, subject, date) and message content solely to sync messages and extract contacts for your CRM. We do not sell or share your email content with third parties.
• Support Requests: Information you provide when contacting us for help.

1.2 Information Collected Automatically

• Device & Browser Data: IP address, browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, time spent, referral URLs, click patterns, and feature usage.
• Location Data: Approximate location derived from IP address to provide localized content and services.
• Cookies & Similar Technologies: Session cookies, persistent cookies, and local storage for authentication, preferences, and analytics. See Section 7 for details.

1.3 Information From Third Parties

• OAuth Providers: When you connect accounts (Google/Gmail, Jobber, Stripe), we receive profile information and authorized data as permitted by your granted scopes.
• Partners & Referrals: Business partners may share contact information in connection with referral services.
• Public Sources: Business information from public directories, Google Business Profiles, and similar sources.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our platform and services.
• Create and manage your account and business profiles.
• Process transactions and send related billing information.
• Facilitate business referrals, partnerships, and lead distribution.
• Sync email accounts and extract contacts into your CRM (Email Sync feature).
• Power AI-driven features including automated review replies, referral generation, and task creation.
• Send service notifications, updates, and administrative messages.
• Personalize content and recommend relevant businesses and services.
• Analyze usage trends to improve our platform and develop new features.
• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations and enforce our terms.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• With Your Consent: When you explicitly authorize sharing, such as connecting to third-party services.
• Service Providers: With trusted vendors who process data on our behalf (hosting, payment processing, email delivery, analytics). These providers are bound by contractual obligations to protect your data.
• Business Partners & Referrals: Contact information shared between businesses in the context of partner referrals you have opted into.
• Co-Op Members: Business profile information visible to other co-op members within the Papalocal network.
• Legal Requirements: When required by law, subpoena, court order, or governmental request.
• Safety & Enforcement: To protect rights, property, or safety of Papalocal, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Retained while your account is active and for up to 3 years after deactivation for legal and business purposes.
• Synced Email Data: Retained while the email sync add-on is active. If you disconnect an email account, synced data is preserved but syncing stops. You may request deletion.
• Transaction Records: Retained for 7 years as required for tax and financial compliance.
• Usage Logs: Retained for up to 12 months, then aggregated or deleted.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and sensitive data at rest (AES-256).
• OAuth 2.0 token-based authentication for third-party email connections (no passwords stored).
• Encrypted storage of OAuth tokens and API credentials.
• Regular security assessments and access controls.
• Managed hosting infrastructure (WP Engine) with enterprise-grade security.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5.1 Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law. Notification will be sent via email to the address associated with your account and, where appropriate, posted on our website. The notification will include the nature of the breach, the types of data affected, steps we are taking in response, and recommended actions you can take to protect yourself.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a portable, machine-readable format.
• Opt-Out: Unsubscribe from marketing emails using the link in any email. Service-related communications cannot be opted out of.
• Revoke OAuth Access: Disconnect third-party accounts (Gmail, Jobber, Stripe) at any time through your settings.
• Do Not Track: We currently do not respond to Do Not Track browser signals.

To exercise any of these rights, contact us at support@papalocal.com.

7. Cookies & Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our platform (e.g., page views, feature usage).
• Functional Cookies: Remember preferences like language, region, and display settings.

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

8. Third-Party Services

Our platform integrates with third-party services. Each has its own privacy practices:

• Google (Gmail OAuth): Google Privacy Policy. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
• Stripe (Payments): Stripe Privacy Policy
• Jobber (CRM Integration): Jobber Privacy Policy
• SendGrid (Email Delivery): Twilio/SendGrid Privacy Policy
• WP Engine (Hosting): WP Engine Privacy Policy
• Amazon S3 (File Storage): AWS Privacy Policy

9. Google API Services — Limited Use Disclosure

Papalocal's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data (Gmail messages, contacts) for the purposes described in this privacy policy: syncing emails and extracting contacts into your business CRM.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your email content unless (a) you give explicit consent, (b) it is necessary for security purposes, (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, with your consent, or as required by law.

10. Children's Privacy

Papalocal does not allow individuals under the age of 18 to create their own accounts. Minors may only access the Platform under a parent or legal guardian's account, under their supervision, with access limited to features approved by the account holder. We do not knowingly collect personal information directly from children under 13. If we learn that we have collected data from a child under 13 without verifiable parental consent, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at support@papalocal.com.

11. California Privacy Rights (CCPA/CPRA) — Do Not Sell or Share My Personal Information

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, and share.
• Right to Delete: Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Because we do not sell or share personal information, there is no need to opt out. If our practices ever change, we will update this policy and provide an opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information (such as account login credentials, precise geolocation, or financial data) to only what is necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected: Identifiers (name, email, phone, IP address); commercial information (transaction history, wallet balance); internet activity (usage data, cookies); geolocation data (approximate, from IP); professional information (business details); and inferences drawn from the above to personalize your experience.

To submit a request, email support@papalocal.com with the subject line "California Privacy Request." We will verify your identity before processing any request and respond within 45 days as required by law.

12. International Users

Papalocal is operated from the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. By using our services, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of Papalocal after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

eWebify, LLC (operating as Papalocal)
105 Depot Ct
Peachtree City, GA 30269
Email: support@papalocal.com
Website: www.papalocal.com