VisiReach Logo

Privacy Policy – VisiReach

Effective: May 2026 - v2

1. Controller

The controller responsible for data processing on this website and within the VisiReach platform is:

Hassan Systems GmbH
Brand: VisiReach
Website: https://visireach.com
Email: contact@visireach.com

2. General Information

The protection of your personal data is important to us.
We process personal data exclusively in accordance with applicable legal regulations, in particular the General Data Protection Regulation (GDPR).

Personal data includes all information that can be used to personally identify you.

3. Hosting and Server Log Files

Our website and platform are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

When accessing our website, server log files are automatically processed. This may include in particular:

  • IP address
  • Date and time of access
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Accessed pages and files

This processing is carried out to ensure secure and stable platform operation.

Legal basis: Art. 6 para. 1 lit. f GDPR

4. Registration and Login with Google (OAuth)

You may register and log in to VisiReach using your Google account.

For this purpose, we use the authentication service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The following data may be processed during login:

  • Name
  • Email address
  • Google account ID
  • Profile picture (if shared)

This data is used exclusively for the creation and management of your user account.

Legal basis: Art. 6 para. 1 lit. b GDPR

Further information: https://policies.google.com/privacy

4.1 Use of Google API Data

VisiReach uses and processes data received through Google APIs exclusively to provide the platform features authorized by the user.

The use and transfer of this data complies with the Google API Services User Data Policy, including the Limited Use Requirements.

VisiReach does not sell Google user data to third parties and does not use such data for personalized advertising, profiling, or independent advertising purposes.

5. Connection of Your Google Business Profile

After registration, you may connect your Google Business Profile with VisiReach.

For this purpose, we use Google OAuth 2.0 authorization to access authorized data and management functions of your business profile following your explicit consent.

This may include permissions for:

  • Managing business information
  • Publishing posts, offers, and events
  • Editing opening hours and profile details
  • Managing and responding to reviews
  • Retrieving reach, visibility, and interaction data

Retrieved performance and interaction data may be used in particular for:

  • Creating visibility and performance reports
  • Analyzing local reach and customer interactions
  • Calculating KPI and trend analyses
  • Generating monthly reporting
  • Optimizing publishing strategies
  • Improving local discoverability within Google services

Access is granted exclusively following your active authorization.

5.1 Extended Administrative Permissions

For certain features within VisiReach, it may be necessary for you to add VisiReach or a designated VisiReach employee as an Administrator or Owner of your Google Business Profile.

This may be required in particular for:

  • Multi-location management
  • Publishing and managing posts
  • Review management
  • Synchronization of business data
  • Retrieval of advanced performance and interaction data
  • Reporting and analytics functions
  • Automated optimization functions

Access is granted exclusively to provide the platform functions actively used by you.

VisiReach does not use granted permissions for independent or unauthorized modifications outside the agreed scope of services.

You may revoke granted permissions at any time within your Google Business Profile or your Google account settings.

Legal basis:
Art. 6 para. 1 lit. a GDPR
Art. 6 para. 1 lit. b GDPR

6. Automated Posts and Review Responses

As part of the booked services, VisiReach may automatically publish content and respond to reviews on your behalf.

This may include in particular:

  • Google Business posts
  • Offers and promotions
  • Event posts
  • Automated or AI-assisted review responses
  • Response templates and individualized review responses

These functions are carried out exclusively based on your explicit authorization and active platform configuration.

You may deactivate these functions or revoke the connection at any time.

Legal basis:
Art. 6 para. 1 lit. a GDPR
Art. 6 para. 1 lit. b GDPR

7. AI-Based Processing of Review and Profile Data

To create posts, responses, and optimization suggestions, VisiReach automatically processes data from your Google Business Profile.

This may include in particular:

  • Review texts
  • Star ratings
  • Location data
  • Profile information
  • Visibility metrics
  • Interaction data

Processing is carried out exclusively for the provision of the contracted services.

8. Storage of Access Tokens

To maintain platform connections, we store technical access tokens and, where applicable, refresh tokens in encrypted form.

These tokens are used exclusively to perform authorized functions on your behalf.

Storage is maintained only while an active and authorized platform connection exists.

9. Storage and Deletion of Data

Personal data is stored only for as long as necessary to provide the contractually agreed services or as required by statutory retention obligations.

OAuth access tokens and refresh tokens are deleted or technically deactivated once:

  • the platform connection is disconnected
  • access is revoked
  • the user account is deleted
  • the business relationship ends

Analytics, reporting, and performance data may remain stored for a limited period for technical or billing-related reasons, unless statutory deletion obligations apply.

10. No Transfer of Google User Data

VisiReach does not sell, rent, or transfer Google user data obtained through Google APIs to third parties.

Processing is carried out exclusively to provide the platform features authorized by the user.

Such data is not used for independent advertising purposes or personalized advertising.

11. Technical and Organizational Security Measures

VisiReach implements technical and organizational security measures to protect personal data against loss, manipulation, unauthorized access, or unauthorized disclosure.

This includes in particular:

  • Encrypted storage of sensitive access data
  • Role-based access controls
  • Secured API communication
  • Restricted internal access rights
  • Regular security and system updates
  • Encrypted transmission of sensitive data via HTTPS/TLS

12. Service Providers and Subprocessors

External technical service providers may be used to provide our services.

This may include in particular:

  • Hosting providers
  • Cloud infrastructure providers
  • Analytics and monitoring services
  • Email and communication services

These providers are engaged exclusively in compliance with applicable data protection regulations.

Where personal data is processed outside the European Union, such processing is carried out exclusively on the basis of appropriate legal safeguards in accordance with Art. 44 et seq. GDPR.

13. Contact Requests

If you contact us by email or contact form, we process the data you provide to handle your request.

Legal basis:
Art. 6 para. 1 lit. b GDPR
Art. 6 para. 1 lit. f GDPR

14. Your Rights

You have the right at any time to:

  • Access
  • Rectification
  • Deletion
  • Restriction of processing
  • Data portability
  • Objection

You also have the right to lodge a complaint with a supervisory authority.

15. Revocation

You may revoke granted permissions at any time:

  • within your VisiReach account
  • within your Google security settings
  • by disconnecting the OAuth connection

After revocation, no further publications or review responses will be carried out on your behalf.

16. Changes

We reserve the right to modify this Privacy Policy to ensure continued compliance with current legal requirements and actual platform functionality.