Effective Date: April 25, 2026 Last Updated: April 25, 2026
This Privacy Policy describes how Belisto LLC ("Belisto," "we," "us," or "our") collects, uses, discloses, protects, and retains information in connection with our website at belisto.ai and the Belisto Local Growth Platform, including all related managed services (collectively, the "Services").
We have written this Policy to go beyond minimum regulatory requirements and to clearly explain our data practices in plain English, in recognition of the trust that restaurant operators place in us when granting access to their business-critical data.
Please read this Policy carefully. If you do not agree with our practices, please do not use the Services.
We have provided this summary for convenience. It does not replace the full Policy below.
We collect information you provide when you:
This may include your name, business name, job title, email address, phone number, mailing address, billing information, and any other information you choose to provide.
When you visit our website or use the Services, we automatically collect:
To provide the Services, we request your authorization to access data from third-party platforms on your behalf. This typically includes the following:
Google Business Profile (GBP) data, which may include: - Business profile information: name, address, phone number, website, hours, categories, attributes, service areas, and descriptions - Business media: photos, videos, logos, and cover images - Customer-facing content: posts, offers, events, questions and answers - Customer reviews and ratings, including reviewer display names where shown by Google - Performance insights: views, searches, calls, direction requests, website clicks, and other metrics Google makes available through its APIs - Account and location management data: ownership, manager assignments, and verification status - Messaging and booking data, where enabled by you
Google Search Console data, which may include: - Search queries that led users to your website - Click-through rates, impressions, and average position data - Indexing status, sitemap information, and technical issues - Core Web Vitals and page experience signals
Google Analytics data, which may include: - Website session, user, and pageview information - Traffic source and attribution data - Conversion events and goal completions you have configured - Audience demographics and behavior metrics, where enabled
Other third-party platforms, where applicable and authorized by you, which may include review platforms (such as Yelp, TripAdvisor, and Facebook), content management systems, point-of-sale systems, ordering platforms, reservation platforms, call tracking services, and listings aggregators. The specific data we receive depends on the platform and the scope of access you grant.
This section applies specifically to data we access through Google APIs and supplements Section 1.3.
We access your Google Business Profile and related Google account data only after you affirmatively authorize us to do so, through one or both of the following:
We never access, attempt to access, or use credentials to access any Google data without current, affirmative authorization.
Belisto's access to and use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In addition to the commitments in the rest of this Policy, this means we specifically commit to the following with respect to Google user data:
We request the minimum Google API scopes necessary to deliver the Services you have engaged us to perform. We will not request expanded scopes without notifying you and obtaining additional authorization.
You may revoke our access to your Google account data at any time by: - Visiting https://myaccount.google.com/permissions and removing Belisto's access - Removing Belisto as a manager from your Google Business Profile - Contacting us at privacy@belisto.ai and requesting revocation
Upon revocation, we will cease accessing your Google data and will delete or return it in accordance with Section 7.
We use the information we collect for the following purposes:
To provide the Services, including: - Auditing your restaurant's online presence and identifying optimization opportunities - Optimizing your Google Business Profile, including updating information, publishing posts, uploading media, and managing reviews at your direction - Generating, drafting, and publishing SEO content, including location pages, menu pages, and landing pages, subject to your approval - Monitoring search engine rankings, traffic, and performance - Generating reports and analytics for your review - Communicating with you about your account, the Services, and your results
To operate and improve our business, including: - Processing payments and managing billing - Providing customer support and responding to inquiries - Maintaining security, preventing fraud, and enforcing our terms - Conducting internal analytics to understand Service usage and improve features (on an aggregated, anonymized basis; we do not use Google user data for this purpose beyond what is necessary to provide the Services) - Complying with legal obligations
To communicate with you, including: - Sending transactional communications about your account and the Services - Sending service-related updates, including changes to this Policy - Sending marketing communications where permitted by law; you may opt out of marketing communications at any time
We do not sell personal information or restaurant client data, and we do not use Google user data for advertising purposes.
Where required by applicable law (for example, the EU General Data Protection Regulation and the UK Data Protection Act), we rely on the following legal bases to process personal information:
You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
We share information only in the limited circumstances described below.
We share information with third-party service providers who perform services on our behalf, such as:
These service providers are contractually bound to use information only to perform services on our behalf, to maintain its confidentiality, and to implement appropriate safeguards.
A current list of the material service providers that process Google user data or restaurant client data on our behalf is available upon request.
We publish, post, upload, transmit, or otherwise share information with third-party platforms (including Google Business Profile, your website, review platforms, and others) when you authorize us to do so as part of the Services — for example, publishing a GBP post you have approved, or uploading a photo you have provided.
We may disclose information if we believe in good faith that disclosure is necessary to: - Comply with applicable law, regulation, legal process, or governmental request - Enforce our terms of service or investigate suspected violations - Detect, prevent, or address fraud, security, or technical issues - Protect the rights, property, or safety of Belisto, our clients, our users, or the public
Where legally permitted, we will notify you before disclosing your information in response to a legal request and will object to overbroad or inappropriate requests.
If Belisto is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify you (including by updating this Policy) before your information becomes subject to a different privacy policy and, where required, provide you with options regarding your information.
We may share information for other purposes with your explicit consent.
We do not: - Sell your personal information or your restaurant's data - Share your information with advertisers or ad networks for their own advertising purposes - Use your Google user data to train generalized or generative AI models - Provide your information to data brokers
We implement technical, administrative, and physical safeguards designed to protect the confidentiality, integrity, and availability of information. These include:
No method of electronic storage or transmission is 100% secure. In the event of a security incident affecting your information, we will notify you in accordance with applicable law.
We retain information only as long as necessary for the purposes described in this Policy, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements.
Active clients: We retain your information for the duration of your engagement with Belisto.
Inactive clients and prospects: If you have not engaged Belisto as a client (or have ended your engagement), we retain your information only as long as reasonably necessary for the purposes for which it was collected, typically no longer than 24 months, unless a longer retention period is required by law or is necessary for legal claims.
Google user data: We delete Google user data within 30 days after one of the following events, whichever occurs first: - You revoke Belisto's access to your Google account - You terminate your engagement with Belisto - The data is no longer necessary for the specific purpose for which it was collected - You request deletion of the data
Aggregated and anonymized data: We may retain aggregated or anonymized data that cannot reasonably be used to identify you, indefinitely, for analytics and business purposes.
Backups: Information in backups may persist for an additional limited period (typically up to 90 days) before being overwritten in the ordinary course of backup rotation. Backup data is not accessed for ongoing operational purposes.
You may request deletion of your information at any time by emailing privacy@belisto.ai. We will respond within the timeframes required by applicable law.
Depending on your location and applicable law, you may have the following rights regarding your personal information:
To exercise these rights, contact us at privacy@belisto.ai. We will verify your identity before responding and will respond within the timeframes required by applicable law (typically 30 to 45 days). We will not discriminate against you for exercising any of these rights.
Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have specific rights under their state laws. Belisto treats all U.S. residents consistently with the most protective applicable state law. You may exercise the rights described in this Section 8 regardless of your state of residence.
California residents additionally have the right to know the categories of personal information collected, the purposes for collection, the categories of sources, and the categories of third parties with whom personal information is shared. This Policy provides that information. California residents may also designate an authorized agent to make requests on their behalf.
Residents of the European Union, United Kingdom, and European Economic Area have rights under the GDPR (or UK GDPR). Where we transfer personal information outside the EU/EEA or UK, we rely on approved transfer mechanisms, including Standard Contractual Clauses and adequacy decisions where applicable. You may contact us for more information or to obtain a copy of applicable safeguards.
Our website uses cookies and similar technologies for the following purposes:
We do not use cookies for advertising or cross-site tracking.
You can control cookies through your browser settings. If you disable cookies, some features of the website may not function properly. Where required by law, we display a cookie notice and allow you to manage your preferences.
Belisto is headquartered in the United States, and we process information in the United States and in other jurisdictions where our service providers operate. If you access the Services from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions that may have different data protection laws than your home jurisdiction.
Where applicable law requires, we implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by the European Commission or UK equivalent.
The Services are intended for use by businesses and are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us at privacy@belisto.ai and we will delete it.
The Services may contain links to third-party websites, applications, and services. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third parties whose services you use.
Of particular note, your use of Google services is subject to Google's Privacy Policy (available at https://policies.google.com/privacy) and Google's Terms of Service. Nothing in this Policy limits or overrides your rights or Google's obligations under those documents.
We are committed to making this Policy accessible. If you have difficulty accessing any part of this Policy, please contact us at privacy@belisto.ai and we will provide the information in an alternative format.
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this Policy periodically.
If you have questions, concerns, or requests regarding this Policy or our data practices, please contact us at:
Belisto LLC Attn: Privacy 2138 Statute Lane, Vienna, VA 22180 Email: privacy@belisto.ai Phone:
For privacy inquiries specifically related to your Google Business Profile data or our use of Google APIs, please reference "Google API Privacy Inquiry" in the subject line.
If you are not satisfied with our response, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.
This Privacy Policy is drafted in accordance with the Google API Services User Data Policy (including Limited Use requirements), the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, and — where applicable — the EU General Data Protection Regulation and UK Data Protection Act 2018. Nothing in this Policy is intended to limit your rights under applicable law.