Privacy Policy

Overview

Total Front Page Content ("we", "our", or "the Service") is a marketing-management platform operated by Total AI Marketing, LLC. This Privacy Policy describes what information we collect, how we use it, and the rights you have over that information. This policy applies to all users of our platform, including business owners whose advertising campaigns we manage and the agencies (resellers) that resell our service.

Information We Collect

From Google Services (via OAuth authorization)

When an authorized account holder grants our application access to their Google services, we receive and store the following:

• Google account profile — email address and basic profile information of the user who granted authorization
• Google Ads / Local Services Ads data — campaign configuration, ad performance metrics, lead records (including caller name, phone number, message text, call duration, call recording URL), credit and feedback state, budget settings, and Google verification artifacts (license, insurance, background check status)
• Google Business Profile data (when applicable) — review counts, review ratings, and public business information

We use OAuth 2.0 refresh tokens to maintain access on behalf of the authorizing account. Tokens are stored encrypted and used solely to call Google APIs for the purposes described below.

From clients (via our intake form)

• Business name, contact name, contact email, contact phone
• Service address (street, city, state, zip)
• Industry / service category
• Google Business Profile URL
• Certificate of insurance, professional license documents, and business photos uploaded by the client during onboarding

Automatically

• Server access logs (IP address, request URL, timestamp) retained for security and operational diagnostics

How We Use Information

We use the information we collect solely to deliver the marketing-management service the user has asked us to provide. Specifically:

• Manage Google Local Services Ads (LSA) campaigns on behalf of authorized accounts — including budget adjustments, bidding strategy changes, and ad scheduling
• Sync, classify, and respond to leads generated by Google LSA
• Submit lead-quality feedback to Google to support credit recovery
• Monitor ad position, performance metrics, and account health
• Generate reports and dashboards for the authorizing account holder and their authorized agency representatives
• Send operational alerts (e.g., document expirations, performance issues) to the contact email on file

What We Do Not Do

We commit to the following limits on the use of Google user data:

• We do not sell or rent Google user data to any third party
• We do not use Google user data for advertising, marketing, or any purpose unrelated to managing the user's Google Ads campaigns
• We do not use Google user data to train artificial-intelligence or machine-learning models that are made available to third parties
• We do not share Google user data with humans except (a) the user themselves, (b) authorized representatives of the agency reselling our service to that user, or (c) to comply with applicable law
• We do not access Google user data beyond the OAuth scopes the user has granted

Limited Use of Google Workspace and Google API Data

Our use and transfer to any other app of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Data Sharing and Disclosure

We share data only as follows:

• With the authorizing account holder — the user who granted OAuth access can view all data associated with their account through our platform
• With the agency reseller — the agency that sold our service to the user has access to portfolio-level metrics for their book of business, under the agency's own brand
• With service providers — we use third-party providers (e.g., DataForSEO for SERP position tracking, Anthropic for AI lead classification, Twilio and SMTP providers for messaging) only to the extent necessary to deliver the service. These providers are bound by their own privacy obligations
• When required by law — we may disclose data to comply with legal obligations, lawful requests, or to protect rights and safety

Data Retention

We retain Google user data for as long as the user maintains an active account with us. If a user revokes OAuth access or terminates their service, we delete the OAuth tokens immediately and purge associated lead, performance, and campaign data within 90 days, except where retention is required by law (e.g., billing records).

Your Rights

At any time, the authorizing user may:

• Revoke OAuth access at myaccount.google.com/permissions. This immediately stops our ability to call Google APIs on their behalf.
• Request data deletion by contacting us at the address below. We will delete personal data and Google user data within 30 days of a verified request, except where retention is legally required.
• Request a copy of the data we hold about them by contacting us.

Security

We protect Google user data using industry-standard security practices, including:

• HTTPS / TLS for all data in transit
• Database access restricted to authenticated application servers
• OAuth tokens stored with database-level access controls
• Server-side credential management (no client-side exposure of API keys)
• Routine security review of dependencies and infrastructure

Children's Privacy

Our service is intended for businesses and is not directed to children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to active users via the contact email on file.

Contact Us