Privacy Policy
1. Who we are
Local SEO Works (“we”, “us”, “our”) operates the review collection platform at reviews.localseo.works (the “Service”). The Service helps local businesses collect customer feedback and make it easier for customers to reach their Google review page, using NFC cards, QR codes, and short links.
We are an Australian business. Subscription prices are quoted in US dollars (USD) and are tax-inclusive as displayed at checkout.
2. What this policy covers
This Privacy Policy explains how we collect, use, store, and share personal information when you:
- visit our website or create a client account;
- use the client dashboard to manage locations, cards, links, and subscriptions; or
- interact with a public review page operated on behalf of one of our business clients (for example by tapping an NFC card or scanning a QR code).
3. Information we collect
3.1 Client account holders
When you sign up for the Service, we collect:
- business name, contact name, and email address;
- a password (stored only as a secure hash — we never store your plain-text password);
- location details you provide (name, shipping address, optional logo, brand colour, and Google review URL);
- billing and subscription data processed through Stripe (including Stripe customer and subscription identifiers — we do not store full card numbers on our servers); and
- usage of the dashboard (for example when you activate cards, read feedback, or change your subscription).
3.2 End customers using a review page
When someone visits a public review link (/nfc/… or /r/…), we may collect:
- Funnel analytics events — page views, star ratings selected, Google redirects, and feedback submissions. Each event is linked to the review link and location, and includes a hashed IP address (
ip_hash) and a truncated user-agent string for basic deduplication and analytics. We do not store raw IP addresses in the events table. - Private feedback — if the visitor submits the optional feedback form (typically after selecting a low rating), we store their comments (required), and optionally their name, phone, email, and whether they agree to be contacted. This information is shown to the business client in their feedback inbox.
We do not require end customers to create an account to use a review page.
3.3 NFC card usage
Physical NFC cards contain a unique link token. When a card is tapped, the same funnel analytics described above apply. Cards may optionally be labelled with a staff name in the client dashboard for internal KPI reporting — staff labels are text only and do not identify individual employees as users of the Service.
3.4 Technical data
Our servers and hosting provider may process standard web server logs (such as request timestamps and URLs). When live, the Service is hosted on SiteGround. We also use:
- Session cookies — to protect forms with CSRF tokens and to keep you logged in to the dashboard or signup wizard;
- Browser local storage — only for your optional light/dark theme preference on public pages; and
- Stripe — for payment processing and the Customer Portal (Stripe may set its own cookies when you are redirected to their checkout or portal pages).
4. How we use information
We use personal information to:
- provide, operate, and improve the Service;
- process subscriptions and one-time card orders;
- display branded review pages and dashboard statistics to clients;
- deliver transactional emails (see Section 5);
- fulfil NFC card orders (shipping address shared with our fulfilment process);
- prevent abuse (for example login rate limiting and feedback form rate limiting); and
- comply with legal obligations.
We do not sell personal information. We do not use end-customer funnel data to build advertising profiles.
5. Email
Transactional emails (welcome messages, feedback alerts, payment-failed notices, password resets, and admin fulfilment alerts) are sent through EmailJS using server-side API calls. Email content is defined in our EmailJS templates; the application passes only the variables needed for each message (for example business name, feedback details, or a password-reset link). If an email fails to send, the failure is logged internally and the user-facing action still completes where possible.
6. How we share information
We share information only as needed to run the Service:
- Stripe — payment processing, tax calculation, subscriptions, and the Customer Portal;
- EmailJS — delivering transactional email;
- SiteGround (when live) — website and database hosting;
- Business clients — feedback form submissions are visible to the client who owns the relevant location; and
- Legal and safety — where required by law or to protect rights, safety, and security.
7. Google review funnel and compliance
Our review pages are designed so the path to Google is never blocked. We log funnel events for analytics but do not use ratings to prevent anyone from reaching Google. We do not offer incentives for reviews anywhere on the platform.
8. Data retention
Client account data, locations, subscription records, funnel events, and feedback are retained while your account is active. If you cancel, your data is not automatically deleted — you may reactivate later. You may contact us to request deletion, subject to any legal or accounting records we must keep (for example Stripe billing history).
9. Security
We use industry-standard measures including HTTPS (in production), hashed passwords (Argon2id), CSRF protection on forms, prepared database statements, and hashed IP storage for funnel analytics. No security measure is perfect; please use a strong, unique password for your account.
10. Your rights
Depending on where you live, you may have rights to access, correct, or delete personal information we hold about you, or to object to certain processing. Australian Privacy Act rights may apply to our handling of your information. To make a request, contact us using the details on our website. End customers who submitted feedback should contact the business they dealt with in the first instance; we can assist where we are the data handler.
11. International transfers
Some service providers (including Stripe and EmailJS) may process data in the United States or other countries. By using the Service, you acknowledge that information may be transferred to jurisdictions with different privacy laws.
12. Children
The Service is intended for businesses and their customers in a commercial context. It is not directed at children under 16.
13. Changes
We may update this policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact
Questions about this Privacy Policy: contact Local SEO Works via the contact details published on localseo.works or through your account dashboard where support contact is listed.