GDPR policy and data protection

Last updated : May 24, 2026
Article 1

Data Controller

The data controller is Localnord LLC, a U.S. company (Limited Liability Company) registered in the State of Delaware, represented by Robin Gastout. As an entity established outside the European Union, Localnord has appointed, in accordance with Article 27 of the GDPR, a representative within the European Union: Robin Gastout, reachable at sav@localnord.io.

Registered office131 Continental Dr, Suite 305, Newark, DE 19713, USA
Contact emailsav@localnord.io
Data hostingServers in Ireland (EU) — Supabase
ComplianceGDPR (EU) 2016/679
EU representative (Art. 27)Robin Gastout
Article 2

Our roles: controller and processor

Localnord as data controller

For the following processing activities, Localnord determines the purposes and means and acts as the data controller: account and client-relationship management, billing, support, service improvement, commercial prospecting and website audience measurement. This policy mainly describes these activities.

Localnord as processor

For the data the Agency processes through the platform on behalf of its own clients — Google Business Profile data, reviews, content and End Client data — the Agency is the data controller; Localnord acts as a processor within the meaning of Article 28 of the GDPR. These activities are governed by the data processing agreement (DPA) and the Terms of Sale.

Article 3

Data Collected

Identification data

  • First and last name
  • Email address
  • Phone number (optional)
  • Company / agency name

Billing data

  • Billing address
  • Payment information (processed by Stripe - never stored by Localnord)

Usage data

  • Connection logs (IP address, browser, date and time)
  • Actions performed on the platform
  • Google Business Profile and End Client data, processed as a processor on behalf of the Agency (see Article 2)

Cookies and trackers

  • Essential cookies: session, authentication
  • Analytics cookies: Google Analytics
  • Marketing cookies: Meta Pixel (Facebook), only with your consent
Article 4

Processing Purposes

  • Service delivery - legal basis: contract performance
  • Billing and accounting - legal basis: legal obligation
  • Customer support and guidance - legal basis: legitimate interest
  • Service improvement and statistics - legal basis: legitimate interest
  • Commercial prospecting and advertising - legal basis: consent
Article 5

Cookies - Details and Management

Non-essential cookies (analytics and marketing) are only placed after your consent, collected via the cookie consent banner. Cookies strictly necessary for the site to function are exempt.

Google Analytics

Traffic analysis and visitor behavior. Anonymized data. You can install the opt-out module.

Meta Pixel (Facebook)

Advertising campaign effectiveness measurement. Only placed after consent. Manage your preferences on Facebook Ad Preferences.

Retention period

13 months maximum, in accordance with CNIL recommendations.

Article 6

Data Retention Periods

Account dataSubscription duration + 3 years
Billing data10 years (accounting obligation)
Connection logs12 months
Cookies13 months maximum
Google Business Profile dataExportable for 30 days after termination, then deleted
Article 7

Sub-processors and data sharing

StripePayments (Data Privacy Framework)
SupabaseDatabase hosting — Ireland, EU (GDPR-compliant DPA)
VercelWebsite and application hosting (GDPR-compliant DPA)
ResendTransactional email delivery
GoogleGoogle Business Profile API + Analytics (SCC)
MetaAdvertising (with consent only)
AI providersContent generation (text, images)

The up-to-date list of sub-processors is kept available and the Client is informed of any change, in accordance with Article 28 of the GDPR.

Localnord never sells your personal data to third parties.

Article 8

Data Transfers Outside the EU

Platform data is hosted within the European Union (Ireland), via Supabase. Some sub-processors (Stripe, Vercel, Resend, Google, Meta, AI providers) may process data in the United States. These transfers are governed by standard contractual clauses (SCCs) approved by the European Commission and/or by the EU-U.S. Data Privacy Framework.

Article 9

Lead marketplace

The marketplace allows agencies to access data on businesses that have a Google listing, for business-to-business (B2B) commercial prospecting. This data comes from publicly accessible sources (Google Business Profiles, professional websites). For building this database, Localnord acts as a data controller on the basis of legitimate interest (B2B prospecting) and ensures respect for the rights of the data subjects, in particular their information (Article 14 of the GDPR) and their right to object. When an agency uses this data, it acts as an independent data controller and assumes its own obligations. Any person listed in the marketplace may request the rectification or deletion of their data at sav@localnord.io.

Article 10

Your Rights

In accordance with the GDPR, you have the following rights:

  • Access - obtain a copy of your data
  • Rectification - correct inaccurate data
  • Erasure - request the deletion of your data
  • Restriction - restrict processing
  • Portability - receive your data in a structured format
  • Objection - object to processing
  • Withdrawal of consent - at any time

To exercise these rights: sav@localnord.io. Response within 30 days maximum.

Article 11

Data Security

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest
  • Secure authentication with password hashing
  • Restricted access (principle of least privilege)
  • Regular backups and disaster recovery plan
  • Periodic security monitoring and audits
Article 12

Data Breach

In the event of a breach likely to pose a risk to your rights and freedoms, Localnord commits to notifying the competent authority within 72 hours and informing you as soon as possible.

Article 13

Complaint

You may file a complaint with the data protection authority in your country. For France: CNIL.

Article 14

Changes

Localnord reserves the right to modify this policy at any time. In the event of a substantial change, you will be informed by email or through the platform.