Privacy Policy
Last updated July 15, 2026
What we collect
Account information: your name, email address, and password (stored as a secure hash).
Practice information you provide: your practice name, services, website address, and any reference material you upload to calibrate content generation.
Google Business Profile data: when you connect your profile, we access your business listing, posts, reviews, and performance metrics through Google’s official API, using credentials you grant and can revoke at any time.
Billing information: payments are processed by Stripe. We never see or store your full card number.
Usage information: basic product analytics such as pages visited and features used, to improve the product.
How we use Google user data
Conmetior Connect’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We access your Google Business Profile solely to provide the features you signed up for: publishing posts you approve, responding to reviews under your settings, monitoring profile health, backing up your profile, and reporting performance.
We do not use Google user data for advertising, do not sell it, and do not allow humans to read it except with your permission, for security purposes, or to comply with law.
Disconnecting your profile from the Connections page revokes our access. You can also revoke access from your Google Account settings at any time.
What we never do
We never sell your data.
We never store patient information. Our content engine is built to refuse patient-identifying details, and we ask you never to include them in reference materials.
We never post to your profile without a post being approved, either by you directly or through automation settings you turned on.
Data retention and deletion
We keep your data while your account is active. If you cancel, your content remains available until the end of your billing period.
To delete your account and data entirely, email support@conmetior.com and we will complete the deletion within 30 days.
Security
OAuth tokens are encrypted at rest with AES-256-GCM. Data is stored with our infrastructure providers (Vercel and Supabase) in the United States. Access to production systems is limited to the Conmetior Connect team.
Contact
Questions about this policy: support@conmetior.com.