Privacy Policy

Effective: May 20, 2026

Draft notice. This Privacy Policy is a working draft pending legal review. It is published here to satisfy Google's OAuth consent screen requirement that the URL be reachable. Specific clauses may be revised before general availability.

1. Who we are

Localist is a product of Konigle Pte Ltd ("Konigle", "we", "us", or "our"), a company incorporated in Singapore. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in connection with the Localist service available at localistko.konigle.app and directory pages on konigle.com served by Localist. We act in compliance with the Singapore Personal Data Protection Act 2012 (PDPA), the EU/UK General Data Protection Regulation (GDPR) where applicable, and the Google API Services User Data Policy.

2. What we collect

2.1 Information you provide

Owner account data: name, email address, Google account identifier (when you sign in with Google Business Profile to claim a listing).
Listing content: profile descriptions, "Best for" tags, services, photos, FAQs, and any other content you submit about your business.
Payment data: processed by our payment partner (koniglepay / Stripe). We store only references and status — never card details.
Communications: messages you send to support or via takedown / DMCA contact channels.

2.2 Information from Google

When you authorize Localist via Google Business Profile OAuth, we receive from Google: the list of Google Business Profile locations you manage, your Google account email, and access/refresh tokens used to confirm ownership of a specific Google Place ID. We request only the https://www.googleapis.com/auth/business.manage scope and use it solely to verify that you manage the place you are claiming.

2.3 Information from the Google Places API

Localist queries the Google Places (New) API to populate directory entries with publicly available business information: name, address, website, phone, rating, review count, business categories, opening hours where applicable, and AI-generated business summaries. Per Google's terms, we cache this data for no longer than 30 days unless refreshed.

2.4 Automatic data

Standard server logs (IP address, browser user agent, request paths, timestamps) for security, abuse prevention, and debugging.
First-party cookies strictly necessary for session management and CSRF protection. No advertising or cross-site tracking cookies.

3. How we use information

To operate the directory: render listing pages, rank entries, and serve search results.
To verify business ownership during the claim flow via Google Business Profile.
To process payments for paid features (claim subscription and Featured Partner placements) through our payment partner.
To detect and prevent abuse, fraud, and Terms of Service violations.
To send transactional emails (claim confirmations, billing receipts, takedown acknowledgments).
To comply with legal obligations and respond to lawful requests.

4. Google API Services User Data Policy — Limited Use

Localist's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google user data only to provide or improve the user-facing features explicitly stated in this Privacy Policy and surfaced in the Localist user interface.
We do not transfer Google user data to third parties except as necessary to provide or improve those features, or to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users.
We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
We do not allow humans to read Google user data unless we have obtained the user's affirmative agreement to view specific messages, are doing so for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations and only when the data has been aggregated and anonymized.

5. How we share information

Service providers: hosting (Google Cloud Platform), payments (koniglepay / Stripe), email delivery, and similar operational vendors under data processing agreements.
Public directory: business information from Google Places and owner-supplied claim content is displayed publicly on directory pages — that is the purpose of the service.
Legal requirements: when required by law, court order, or to protect the rights, safety, or property of Konigle, users, or the public.
We do not sell personal data.

6. Retention

Google Places data: cached at most 30 days, then refreshed or removed, per Google's terms.
Google place IDs: retained indefinitely as the canonical business identifier.
Owner accounts and claim content: retained while the account is active; deleted within 30 days of account closure request (longer if required by law, e.g., tax records).
Server logs: retained for 90 days for security and debugging.
Payment records: retained for 7 years per Singapore tax law.

7. Your rights

You have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your account and associated personal data (subject to legal retention exceptions).
Withdraw Google OAuth authorization at any time via your Google Account permissions page; revocation also stops Localist's ongoing access.
Request a copy of your data in a portable format.
Lodge a complaint with the Singapore PDPC or, if you are in the EU/UK, your local data protection authority.

To exercise any of these rights, contact us at privacy@konigle.com.

8. Takedown and DMCA

If you believe a Localist listing infringes your intellectual property or contains unlawful or inaccurate content, send a takedown notice to takedown@konigle.com. Include the URL of the page in question, a description of the issue, your contact details, and (for IP claims) a good-faith statement and signature. We target a response within 7 business days. Our designated DMCA agent is Konigle Pte Ltd's data protection officer at the same address.

9. Security

We use industry-standard safeguards: HTTPS for all traffic, encrypted secrets storage (Google Cloud Secret Manager), encrypted database storage, access controls, and audit logging. No system is perfectly secure; if you believe your account has been compromised, contact security@konigle.com.

10. International transfers

Localist is operated from Singapore. If you access the service from outside Singapore, your data may be transferred to and processed in Singapore and other jurisdictions where our service providers operate, under appropriate safeguards.

11. Children

Localist is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective" date above will be updated when changes are published. Material changes will be announced via the Localist site or by email to claimed owners.

13. Contact

Konigle Pte Ltd
Singapore
Data Protection Officer: privacy@konigle.com
General contact: hello@konigle.com