Privacy Policy

1. About MaxGrowth Agency

MaxGrowth Agency (“we”, “us”, “our”) operates the website maxgrowthagency.com and the client portal at app.maxgrowthagency.com (collectively, “the Services”). This Privacy Policy explains how we collect, use, and protect your information across both platforms.

2. Information we collect

Website visitors (maxgrowthagency.com)

  • Contact form submissions — name, email, phone number, and message content when you reach out to us
  • Analytics data — pages visited, time on site, referral source, device type, and IP address via Google Analytics
  • Cookies — functional and analytics cookies to improve your browsing experience

Portal users (app.maxgrowthagency.com)

  • Account information — name, email address, and role (admin/employee/client)
  • Project data — tasks, documents, messages, and files you create or upload
  • Connected Google accounts — with your explicit consent via OAuth, we may access:
    • Google Analytics 4 — read only: traffic, sessions, conversion, and page-performance data (analytics.readonly)
    • Google Search Console — read only: search performance, top queries, top pages, CTR (webmasters.readonly)
    • Google Ads — read only: campaign performance, clicks, impressions, cost, conversions, ROAS (adwords)
    • Google Business Profile — read and write: business info, performance metrics, reviews, posts, and photos (business.manage). What we read and write under this scope is described in detail in section 2a.
    • Google Sheets — read-only spreadsheet data (spreadsheets.readonly)

2a. Google Business Profile — what we read and what we write

The portal uses the business.manage scope to give agency staff a single dashboard for managing client Business Profiles. This is a read-and-write scope. The lists below describe exactly what the portal does with it.

What we read

  • List of Business Profile accounts and locations the connected user manages
  • Business information for the selected location: name, primary phone, website, categories, address, regular hours, special hours, description, attributes, photos
  • Daily performance metrics: search and Maps impressions (desktop / mobile), call clicks, website clicks, direction requests
  • Reviews: reviewer name, star rating, comment, timestamp, and any owner reply
  • Local Posts and media (photos) attached to the location

What we can write — only when an authorised agency-staff user clicks the corresponding button inside the portal

  • Edit business information — update business name, primary phone, website, regular hours, and description via narrow updateMask PATCH calls. Each edit covers a single field group and is reviewable by Google before it goes live.
  • Reply to reviews — create, edit, or delete a public owner reply on a review. The reply text is supplied by the agency staff member at the time of submission. The portal does not auto-generate or auto-post replies.
  • Publish or schedule Local Posts — create a new Local Post with text, an optional call-to-action button, and an optional image. Posts may be published immediately or scheduled by passing Google’s native scheduledTime field. Authorised users can also delete posts they no longer want.
  • Upload or remove photos — submit a photo to the location (uploaded directly from the user’s device or fetched by Google from a publicly accessible URL); delete existing photos.

What we never do under this scope

  • We never create, claim, verify, transfer, suspend, or delete a Business Profile listing.
  • We never modify or delete customer-written reviews; we only reply to them on the owner’s behalf.
  • We never create or answer Q&A entries on the listing.
  • We never edit special hours, services, attributes, opening dates, or service-area boundaries.
  • We never perform any write action automatically. Other than Local Post publishing at the user-chosen scheduledTime, every write is initiated by an authorised human user explicitly clicking a button in the portal.
  • We never share Business Profile content with parties other than the agency staff and client portal users authorised on the specific client account.

3. How we use your data

  • To provide and improve our agency services
  • To display analytics, search, paid-media, and local-search dashboards and reports within the portal
  • To allow authorised agency staff to manage your Google Business Profile on your behalf, when explicitly initiated by a human user inside the portal (see section 2a)
  • To respond to enquiries submitted via our website
  • To send service-related communications (project updates, task notifications)

We do not sell, rent, or share your data with third parties. We do not use your data for advertising or for training generative AI / machine-learning models. The portal makes no automated changes to your Google data; every write action listed in section 2a is initiated by an authorised human user clicking a button.

4. Google API Services

MaxGrowth Agency Portal’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as needed to provide or improve the portal’s user-facing features for the user from whom the data originated, and we do not use it to serve advertisements or train generalised AI / ML models.

5. Data storage and security

Data is stored in secure databases on our hosting infrastructure. Access is restricted to authenticated, authorised users only. OAuth tokens are encrypted at rest and can be revoked at any time via your Google Account permissions page or by requesting disconnection inside the portal. For Google Business Profile specifically, we cache only daily performance metrics in our database; reviews, posts, and photos are fetched live from Google on each dashboard load and are not persisted. Edits, replies, posts, and photo uploads are passed through to Google’s APIs and never stored except as activity-log entries (timestamp, user, action) for audit purposes.

6. Data retention

Contact form data is retained for as long as needed to respond to your enquiry. Portal data is retained while your account is active. When a Google connection is removed, tokens are deleted immediately and cached metrics within 30 days. Activity-log entries are retained for 12 months for accountability.

7. Your rights

You may at any time:

  • Revoke Google OAuth access via your Google Account settings
  • Disconnect a service inside the portal, which deletes the corresponding tokens immediately
  • Request deletion of your data by contacting us
  • Request a copy of data we hold about you

8. Cookies

We use essential cookies for site functionality and analytics cookies (Google Analytics) to understand how visitors use our website. You can control cookies through your browser settings.

9. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date.

10. Contact

Questions about this policy can be sent to support@maxgrowthagency.com.

Last updated: May 6, 2026

Free Consultation
Free Consultation
Chat with us