Last updated: March 2026
1. Our Commitment to GDPR
LimeLocal is committed to protecting the privacy and data rights of all users, including those in the European Economic Area (EEA) and the United Kingdom. We comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") in how we collect, process, store, and manage personal data.
2. Data Controller
LimeLocal acts as the data controller for personal data collected through the platform at limelocal.site and app.limelocal.site. For data processing inquiries, contact us at hello@limelocal.site.
3. Data We Process
| Data Category | Examples | Legal Basis |
|---|---|---|
| Account data | Name, email, Google profile | Contract performance |
| Business content | Business name, address, phone, services, hours | Contract performance |
| Payment data | Billing details (processed by Stripe) | Contract performance |
| Usage analytics | Page views, clicks, editor actions | Legitimate interest |
| Website visitor data | IP (anonymized), browser, referrer | Legitimate interest / Consent |
| Technical logs | Error logs, API access logs | Legitimate interest |
4. Legal Basis for Processing
We process personal data under the following legal bases as defined by GDPR Article 6:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service, including creating your account, building your website, and managing your subscription.
- Legitimate interest (Art. 6(1)(f)): Processing necessary for analytics, platform improvement, fraud prevention, and security. We have conducted balancing tests to ensure our interests do not override your rights.
- Consent (Art. 6(1)(a)): Processing based on your explicit consent, such as non-essential cookies on published websites. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): Processing required to comply with tax, accounting, and regulatory requirements.
5. Your Rights Under GDPR
As a data subject, you have the following rights. You can exercise any of these by emailing hello@limelocal.site.
Right of Access (Art. 15)
Request a copy of all personal data we hold about you, including how it is processed and who it is shared with.
Right to Rectification (Art. 16)
Request correction of inaccurate data. You can also update most of your information directly through the platform.
Right to Erasure (Art. 17)
Request deletion of your personal data. We will erase your data within 30 days, subject to legal retention obligations.
Right to Restriction (Art. 18)
Request that we limit the processing of your data while a dispute is being resolved or while we verify accuracy.
Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format (JSON) and transfer it to another service.
Right to Object (Art. 21)
Object to processing based on legitimate interest, including profiling. We will stop processing unless we have compelling grounds.
6. How to Exercise Your Rights
To exercise any of your data rights:
- Send an email to hello@limelocal.site with the subject line "GDPR Request"
- Include your account email address and specify which right(s) you wish to exercise
- We will verify your identity using the email associated with your account
- We will respond to your request within 30 days
- If we need more time (up to 60 additional days for complex requests), we will notify you and explain the reason
There is no fee for exercising your rights. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.
7. Data Protection Officer
For data protection concerns, you can reach our designated data protection contact at:
Email: hello@limelocal.site (Subject: "DPO Inquiry")
8. International Data Transfers
Your data may be processed in countries outside the EEA, including the United States (AWS infrastructure). We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) with our sub-processors
- Reliance on adequacy decisions where applicable
- Encryption of data in transit and at rest
9. Sub-Processors
We use the following sub-processors who may process personal data on our behalf:
- Amazon Web Services (AWS) — Infrastructure hosting, database storage
- Cloudflare — CDN, DNS management, DDoS protection
- Stripe — Payment processing
- Google — Authentication (SSO)
10. Cookie Policy
We use cookies as described in our Privacy Policy. On published websites, we display a GDPR-compliant cookie consent banner that:
- Clearly informs visitors about cookie usage
- Allows visitors to accept or decline non-essential cookies
- Does not set non-essential cookies before consent is given
- Stores consent preferences and respects them on return visits
Essential cookies required for platform functionality (authentication, session management) do not require consent.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach is likely to result in a high risk
- Document the breach, its effects, and the remedial action taken
12. Right to Lodge a Complaint
If you believe your data rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your residence, place of work, or where the alleged infringement took place.
13. Changes to This Policy
We will notify you of material changes to this GDPR compliance page via email or through the platform. The "Last updated" date at the top of this page reflects the most recent revision.