Krenly
Get early access →

Legal

Privacy Policy

Last updated: 2026-05-26 · Effective: 2026-05-26

Krenly is a mobile-first Google Business Profile optimizer for small businesses. This policy explains what we collect, how we use it, and the choices you have. Plain language; no surprises.

1. What we collect

Account. When you sign in with Google, we receive your email address, Google account identifier, and basic profile (name, profile photo). We do not receive your Google password.

Google Business Profile data. When you connect your Google Business Profile, and only with your explicit consent, we access the business information, posts, reviews, questions, photos, and performance insights for the locations you choose to manage — so we can display them, draft content, and (only after your approval) publish on your behalf.

Connected social accounts. If you connect Instagram or Facebook, we access the pages and accounts you select, to publish content you have approved.

Content & business data. Information you enter or generate in the app — business details, customer contacts you add for review requests, posts, and replies.

Operational data. Aggregate, non-identifying usage metrics to run and improve the service. Billing is handled by our payment processor; we do not store full card numbers.

2. How we use it

We use your data solely to provide Krenly to you: to show your profile, rank, reviews, and insights; to draft posts, replies, and captions with AI; and — only after you approve each item — to publish to Google, Instagram, or Facebook on your behalf.

You approve everything. Krenly does not post, reply to a review, or change your business profile without your explicit approval.

OAuth tokens that let us act for you are encrypted at rest, never logged in plaintext, and never used for any purpose other than the features you use. Email is used only for transactional notices; we do not send marketing email without opt-in.

3. Google user data & Limited Use

Krenly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve the user-facing features you have asked Krenly to perform.
  • We do not transfer or sell Google user data for advertising, marketing, or any other purpose.
  • We do not use Google user data for serving ads, and we do not allow humans to read it unless you give explicit consent for specific items, it is necessary for security or to comply with law, or the data is aggregated and anonymized.
  • We access only the scopes you grant, and only to run the features you use.

4. Categories of service providers

We share the minimum data necessary with vetted providers who help us operate. By category:

  • Google — Business Profile API, sign-in, and push messaging, to deliver the core product.
  • Meta — only if you connect Instagram or Facebook, to publish content you approve.
  • AI content providers — your prompts and the content to be drafted are processed by specialized providers to generate posts, replies, and captions. We send only what is needed for that task.
  • Search-data provider — to compute your local rank for the keywords you track.
  • Email & SMS providers — transactional messages and, where you enable it, review requests to your customers.
  • Payment processor (merchant of record) — billing and tax compliance.
  • Infrastructure, hosting, and security providers — to operate and protect the service.

We do not sell your data. We do not use it for advertising. A current list of sub-processors is available on request.

5. Where it lives

Application data is stored on infrastructure we control, with encrypted backups and EU-region hosting for our production database and media. Access is restricted to authorized personnel under confidentiality obligations. Some processing is performed by the providers described in §4, which operate globally.

6. International data transfers

Because the service operates globally, personal data may be processed across multiple jurisdictions. Where data originates in the European Union or United Kingdom, we rely on appropriate transfer mechanisms (Standard Contractual Clauses or equivalent) with our processors.

7. Retention

Active accounts: data is retained while the account is active. Deleted accounts: data is soft-deleted immediately and permanently purged after a 30-day grace window, after which it cannot be recovered. Aggregate, anonymized metrics may be retained longer for service-quality analysis.

8. Your rights (GDPR / UK GDPR / CCPA / DPDP)

You can access, correct, export, restrict processing of, or delete your personal data, and lodge a complaint with your data-protection authority. Data export and account deletion are built into Krenly. You can also email privacy@krenly.app to exercise these rights; we respond within 30 days. Disconnecting your Google account (in Krenly or via your Google account permissions) revokes our access at any time.

9. Cookies

This marketing site uses no tracking or advertising cookies. The app uses strictly necessary storage for authentication. We do not use third-party advertising or cross-site tracking.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be communicated to active customers by email at least 30 days before they take effect.

11. Contact

For privacy questions, email privacy@krenly.app.