Legal · Updated 2026-06-24

Privacy Policy

Mainstreet respects your privacy. This page describes what data we collect, how we use it, and your rights.

Data we collect

  • Business information you provide during signup (name, email, business name, address).
  • Publicly available information from your Google Business Profile, accessed only after you grant us delegated access through Google's OAuth consent flow.
  • Cold-outreach prospects: business name, address, phone, website, public Google Business Profile data. Processed under GDPR Article 6(1)(f) — Legitimate Interest. You can opt out at any time using the unsubscribe link in any message we send.

How we use it

  • Operate the service you signed up for.
  • Send service-related communications (delivery reports, billing).
  • Improve our product (in aggregate, never identifiable).

How we protect it

  • All credentials encrypted at rest (Supabase Postgres).
  • We never see your Google password — OAuth delegation via Postproxy means we hold access tokens, not credentials.
  • Production secrets are gitignored and rotated on key compromise.

Your rights

Email hello@mainstreet.sh to request your data, delete it, or opt out of any processing. We respond within 30 days.