Legal · Updated 2026-06-24
Privacy Policy
Mainstreet respects your privacy. This page describes what data we collect, how we use it, and your rights.
Data we collect
- Business information you provide during signup (name, email, business name, address).
- Publicly available information from your Google Business Profile, accessed only after you grant us delegated access through Google's OAuth consent flow.
- Cold-outreach prospects: business name, address, phone, website, public Google Business Profile data. Processed under GDPR Article 6(1)(f) — Legitimate Interest. You can opt out at any time using the unsubscribe link in any message we send.
How we use it
- Operate the service you signed up for.
- Send service-related communications (delivery reports, billing).
- Improve our product (in aggregate, never identifiable).
How we protect it
- All credentials encrypted at rest (Supabase Postgres).
- We never see your Google password — OAuth delegation via Postproxy means we hold access tokens, not credentials.
- Production secrets are gitignored and rotated on key compromise.
Your rights
Email hello@mainstreet.sh to request your data, delete it, or opt out of any processing. We respond within 30 days.