ThirtyFive B.V. (“we,” “our,” or “us”) operates 35Local and is committed to protecting the privacy of our clients and their customers. This Privacy Policy describes how we collect, use, store, and protect information in line with GDPR and other applicable data protection laws.

1. Data Storage Location

• All business data is primarily stored on secure servers located within the European Union (EU).

• Depending on service type, certain technical or functional data may be processed using trusted cloud providers, including Firebase, Google Cloud, Replit, and Framer. These providers maintain their own compliance with GDPR and international security standards.

2. Subprocessors

We may use third-party providers (“subprocessors”) to deliver parts of our Service. These include, but are not limited to:

• Google Analytics, Google Workspace, Google Tag Manager (analytics, reporting, productivity)

• SendGrid, Twilio (communication services)

• Firebase, Replit (infrastructure and hosting)

All subprocessors operate under strict contractual obligations to ensure compliance with GDPR and data security.

3. Data We Collect

• Business Account Data: Information provided to connect and manage Google My Business profiles (store names, addresses, phone numbers, hours).

• Usage Metrics: Anonymized data such as profile views, searches, calls, directions, website clicks, and reviews.

• Technical Data: IP addresses, browser type, session logs for stability and security.

• Support Communication: Information provided through support requests, emails, or customer service.

We do not collect or store identifiable customer data (e.g., names, emails, payment info of end customers).

4. How We Use Data

• To optimize and manage your business listings across Google My Business.

• To generate anonymized analytics and performance reports.

• To detect errors, maintain accuracy, and improve service delivery.

• To communicate with you regarding updates, support, and service changes.

5. Data Retention

• Business data is retained as long as the client account remains active.

• Upon contract termination, all data is securely deleted within 60 days, unless legally required otherwise.

• Aggregated anonymized data may be retained for benchmarking and service improvement.

6. Security

• All data transfers are encrypted (TLS/HTTPS).

• Access to client data is limited to authorized personnel under confidentiality agreements.

• We implement regular audits, monitoring, and backups to maintain data integrity.

7. Your Rights

As a data subject under GDPR, you may:

• Request access, correction, or deletion of your personal data.

• Restrict or object to processing.

• Request data portability.

• File a complaint with a Data Protection Authority.

Requests can be submitted to legal@thirtyfive.co.

8. Children’s Privacy

Our Service is intended for business use only and is not directed at individuals under 18.

9. Policy Updates

We may update this Privacy Policy to reflect changes in law, technology, or service. Updates will be posted with a revised “Last Updated” date.

10. Contact Information

ThirtyFive B.V.
Email: legal@thirtyfive.co