TransparencyHow RepAlmighty uses Google APIs
Effective: May 25, 2026 ยท RepAlmighty, Inc. ยท repalmighty.com
1. Why we integrate with Google
RepAlmighty integrates with Google APIs to help local businesses manage their online presence automatically. Our platform acts as an authorized manager of Google Business Profiles on behalf of business owners who explicitly connect their account via Google OAuth 2.0.
We only access data the business owner has authorized us to access, and only to provide the features they have enabled. Authorization is always explicit โ we never access any Google account without the owner completing the OAuth consent flow.
2. What Google APIs we use and why
Google Business Profile API
Read listing data (name, address, hours, categories, description), publish posts, upload photos, manage Q&As, post review responses, and retrieve performance metrics including profile views, search impressions, direction requests, and website clicks. Used to automate and optimize the business owner's GBP listing on their behalf.
Google Search Console API
Read search analytics data including impressions, clicks, and keyword rankings. Used to show business owners how they perform in Google Search and to identify keyword opportunities. Read-only โ we never modify Search Console data.
Google Places API
Look up businesses by name and location to retrieve public listing data including address, phone, rating, review count, and photos. Used by our free Practice Grader tool to generate scan reports. No OAuth required โ uses public data only.
Google PageSpeed Insights API
Measure website performance scores including mobile speed, desktop speed, and Core Web Vitals. Used to show businesses where their website needs improvement. Public API โ no user data involved.
Google OAuth 2.0
Used to authenticate business owners and request permission to access their Google Business Profile and Search Console data. We request only the minimum scopes needed. Owners see exactly what access they are granting before approving.
3. How authorization works
Business owners connect their Google account through our standard OAuth 2.0 flow. The Google consent screen clearly lists every permission being requested before the owner approves. RepAlmighty stores access tokens encrypted using AES-256-GCM and never stores the owner's Google password.
The owner can disconnect at any time from their RepAlmighty dashboard under Settings โ Integrations โ Disconnect Google. They can also revoke access directly at myaccount.google.com/permissions. Upon disconnection, all stored tokens are immediately deleted.
4. What we never do with Google data
โ We never use Google data for advertising or remarketing purposes
โ We never share Google user data with third parties except as strictly required to provide our Service (e.g., sending emails via SendGrid)
โ We never use Google data to train AI models that serve other customers or businesses
โ We never allow humans to read your Google data unless you explicitly request support or it is required for security purposes
โ We never post to Google Business Profile without the business owner's explicit authorization
โ We never retain Google API data after an account is cancelled โ all data is deleted within 30 days of cancellation
โ We never access Google data for any purpose beyond providing the RepAlmighty features the business owner has enabled
5. Data security
All Google OAuth tokens are encrypted at rest using AES-256-GCM with keys derived from a per-environment secret. Data is transmitted exclusively over TLS. Access to production systems is restricted to authorized personnel only. We do not log or store raw Google API responses beyond what is necessary to display data in the dashboard.
6. Compliance
7. Contact
Questions about how we use Google APIs? Contact us at legal@repalmighty.com or visit our Privacy Policy and Terms of Service.