Hyvlo collects and processes the following information to provide local SEO automation services:

• Business information: Business name, address, phone number, website URL, Google Business Profile data (ratings, reviews, photos, categories)
• Customer contact data: Name, phone number, email address (for review requests and service communications)
• Service records: Job descriptions, service types, completion dates, invoice amounts
• Usage data: Dashboard interactions, agent execution logs, API usage metrics

• Manage and optimize your Google Business Profile
• Send review requests to your customers via SMS or email (with consent)
• Generate SEO audit reports and competitive analysis
• Track ranking performance and competitor activity
• Generate content for your business listings
• Provide billing and subscription management

We share data with these processors to deliver our services:

• Google APIs: Places API, Business Profile API — to manage your listing
• Anthropic (Claude AI): For content generation and SEO analysis — no PII sent
• Twilio: SMS delivery for review requests
• Resend: Email delivery for reports and review requests
• Stripe: Payment processing — we never store card details

You have the right to:

• Access: Request a copy of all data we hold about you or your business
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Opt-out: Withdraw consent for review request communications at any time
• Portability: Receive your data in a machine-readable format

To exercise these rights, contact us at [email protected]

• Active subscription data: retained while your subscription is active
• Cancelled accounts: data retained for 90 days, then deleted
• Prospect/audit data: retained for 12 months after last interaction
• Billing records: retained for 7 years per legal requirements
• Competitor snapshots: cached for 90 days, then refreshed or purged

Review request messages are sent only with prior consent from the customer. Every SMS includes opt-out instructions ("Reply STOP to unsubscribe"). Every email includes an unsubscribe link.

We comply with TCPA (US), CAN-SPAM, and CASL (Canada) regulations.

We protect your data with:

• Encrypted connections (HTTPS/TLS)
• JWT-based authentication with httpOnly, Secure cookies
• Row-level database isolation for multi-tenant data
• Rate limiting and CSRF protection on all endpoints
• Structured audit logging of all data access