Skip to content
Security & trust

Built to earn your trust

ProfileDesk connects to Google the official way, holds the minimum it needs, and puts you in control. Here’s exactly how.

OAuth only — never your password Encrypted tokens Revoke anytime

How authentication works

You connect ProfileDesk to your Google Business Profile through Google’s official OAuth consent screen. You review and approve the exact access on Google’s own page, and Google issues us a scoped, revocable token.

  • We never see or store your Google password.
  • Sign-in and consent happen on Google, not on our site.
  • We only ever hold a scoped OAuth token — not your credentials.

What we access

ProfileDesk requests only the scopes needed to manage your Business Profile — reviews, posts, business information and performance data. We ask for the minimum required for the features you actually use.

  • Access is limited to what you grant on the consent screen.
  • No access to unrelated Google services or personal data.
  • We don’t scrape or work around the API — everything is official.

How your data is stored

Data is transmitted over encrypted connections (TLS/HTTPS) and OAuth tokens are encrypted at rest. Access to production systems is restricted and logged, and we retain only what’s needed to run the features you use.

  • OAuth tokens encrypted at rest.
  • All traffic over TLS/HTTPS.
  • Least-data retention — we keep only what the Service needs.

AI data handling

Where you enable AI features, your data is processed only to provide those features. It is never used to train generalized AI models, and brand-voice personalization is scoped to your business account alone.

  • Never used to train, fine-tune or improve generalized AI/ML models.
  • AI runs only to power features you turn on.
  • Every automated AI action is logged and reversible.
Read the AI data policy

Your controls

You stay in control of the connection at all times. Disconnect whenever you like, and request full deletion of your account and data whenever you want.

  • Disconnect in-app, or from your Google Account permissions page.
  • Revoking access immediately stops any further API calls.
  • Request full deletion by emailing admin@profiledesk.in.

Compliance

Google API Services User Data Policy

ProfileDesk’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

India DPDP Act, 2023

We handle personal data in line with India’s Digital Personal Data Protection Act, 2023 — including consent-based processing, deletion on request, and a grievance contact at admin@profiledesk.in.

We only state what we actually do. ProfileDesk is an early-access product from an independent studio, and we don’t display security certifications or audit badges we haven’t earned. As we formalise further certifications, we’ll show them here.

Questions about security?

Read our full privacy policy, or reach out — we’re happy to talk specifics.