Privacy Policy

This Privacy Policy describes how Yo Scraper, operated by YO Dijital ("we", "us", or "our"), collects, uses, and protects information when you use our application at scraper.yodijital.com. Yo Scraper is a business lead collection and marketing workflow tool that scans Google Maps for business listings, extracts publicly available contact information, exports results to Google Sheets, and supports outreach campaigns.

1. Information We Collect

When you use Yo Scraper, we may collect the following types of information:

• Google Account Data: When you connect your Google account via OAuth 2.0, we receive a short-lived access token to read the specific Google Sheets file you select. We do not store your Google credentials, passwords, or refresh tokens.
• Usage Data: We may collect basic usage information such as pages visited and features used, solely for improving the application.
• Imported Data: Any data you import (Excel, CSV, or Google Sheets) is processed in memory and written to the Google Sheet you have configured. We do not retain copies of your imported data on our servers.

2. How We Use Google User Data

We use Google OAuth 2.0 exclusively to allow you to select your own Google Sheets files for import via the Google Picker. Specifically:

• We request only the drive.file scope, which grants access solely to files you explicitly select through the Google Picker widget — not your entire Drive. This scope also covers reading the contents of the selected spreadsheet via the Google Sheets API.
• Your Google user data is used solely for the Sheets import feature and for no other purpose.
• We do not use your Google data for advertising, remarketing, profiling, resale, or AI/ML model training.
• We do not share, sell, or transfer your Google account data to any third party.
• We do not access any Google Drive files other than the single spreadsheet you explicitly choose via the Picker.

3. Data Protection and Security Mechanisms

We take the following measures to protect your data in transit and at rest:

• Transport Security: All communication between your browser and our application is encrypted using TLS/HTTPS. OAuth callbacks and API calls to Google are also made exclusively over HTTPS.
• Access Token Lifecycle: The Google OAuth access token is short-lived and expires within 1 hour (as specified by Google's token endpoint). It is never stored in our database.
• Token Storage: The access token is stored in an httpOnly, SameSite=Lax browser cookie. It is also transiently passed to the Google Picker widget (a first-party Google UI component running in your browser) via a server endpoint, solely to authenticate the file-selection dialog. The token is never written to localStorage, sessionStorage, or any third-party service. The cookie is marked Secure in production (HTTPS-only transmission).
• No Refresh Tokens: We request only an online-mode access token and do not request or store refresh tokens. When your session expires, you must re-authorize to reconnect.
• CSRF Protection: The OAuth authorization flow uses a cryptographically random state parameter (stored in the server-side session) that is validated on callback to prevent cross-site request forgery attacks.
• Minimal Scope: We request only drive.file — the narrowest scope that allows Picker-based file selection and reading the selected file's contents. No write access, no full Drive access, no access to files you did not explicitly choose.
• No Persistent Google Data: Google user data (file contents, file names, spreadsheet values) is processed in memory during import and is not persisted to our servers after the import completes.
• Unauthorized Access Prevention: Application credentials (Client ID, Client Secret, API Key) are stored as environment variables and are never exposed in source code or client-side responses.

4. Data Storage

Yo Scraper maintains an internal database to store business leads collected through Google Maps scanning and data imported by the user. This database stores business contact information (company name, phone, email, city) as entered or collected by you. You may delete your data at any time from within the application. Google OAuth access tokens are stored only in short-lived, httpOnly browser cookies and are never persisted in the database.

5. Data Retention and Deletion

• Google OAuth tokens expire within 1 hour and are automatically cleared when the cookie expires or when you disconnect your Google account from within the application.
• Imported business lead data is stored in the application database until you delete it. You can delete individual records or all records from the Database page at any time.
• No personal data derived from Google APIs is retained on our servers after your import session ends.
• To request deletion of all data associated with your account, contact us at info@yodijital.com.

6. Third-Party Services

We use the following third-party services:

• Google APIs – Google Drive API and Google Sheets API (drive.file scope via Picker) via OAuth 2.0
• Railway – for application hosting

Google's use of data collected through Google APIs is governed by Google's Privacy Policy and the Google API Services User Data Policy, including the Limited Use requirements.

7. Your Rights and Revoking Access

• You may revoke Google account access at any time via Google Account Permissions. Revoking access immediately invalidates the access token our application holds.
• You can disconnect your Google account directly from the application's External Import page at any time.
• You may request deletion of all personal data we hold by contacting info@yodijital.com.

8. Limited Use Disclosure

Yo Scraper's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Google user data is used only to provide the Sheets import feature described above.
• We do not transfer Google user data to third parties except as necessary to provide the feature (e.g., requests to Google's own APIs).
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless we have your affirmative agreement, doing so is necessary for security purposes, or it is required by law.

9. Contact

If you have any questions about this Privacy Policy, please contact us at info@yodijital.com.