Privacy Policy.

Last updated: May 29, 2026. Effective: May 29, 2026.

Short version: Hosted Proof helps you post your own job-site photos to your own Google Business Profile, Facebook, and Instagram. We access only what’s required to do that, only on your behalf, and only with your explicit consent via OAuth. We never sell your data, never use it for advertising, and never use Google or Meta user data to train AI models. The long version below covers exactly what we access, why, how we store it, and how to revoke it.

1. Who we are

Hosted Brands LLC (“Hosted Brands,” “we,” “us”) operates Hosted Proof at hostedproof.com (this marketing site) and at app.hostedproof.com (the product application).

Contact: [email protected]

2. Scope of this policy

This Privacy Policy covers both the marketing site (hostedproof.com) and the Hosted Proof application (app.hostedproof.com). The product application is what handles your photos, social-account connections, and post content; the marketing site collects only newsletter emails and server logs. Sections 5 and 6 below — covering Google and Meta user data — apply to the application.

3. What we collect on the marketing site

4. What we collect in the Hosted Proof application

5. Google User Data — Limited Use disclosure

Hosted Proof’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Which Google APIs and OAuth scopes we request

When you connect a Google account to Hosted Proof, we request the following OAuth scope:

We do not request any other Google OAuth scope. We do not request access to your Gmail, Google Drive, Google Contacts, Google Calendar, YouTube, or any other Google service.

5.2 What Google user data we access

Using the scope above, we access:

We never request, fetch, or store: your Google account password; reviews on your listings; insights / analytics data beyond what’s required to confirm a post succeeded; data from any Google service other than Business Profile.

5.3 How we use Google user data

Google user data is used only for the following purposes, all of which are user-facing features of Hosted Proof:

We do not use Google user data for any other purpose. Specifically, we do not use it for advertising, profiling, lead generation, content recommendations to third parties, or any purpose unrelated to the user-facing publishing feature you signed up for.

5.4 How we store Google user data

5.5 How we share Google user data

We do not sell, rent, trade, or otherwise transfer Google user data to any third party. The only sub-processors that touch any Google-derived data are infrastructure providers strictly necessary to operate the service:

None of these sub-processors are permitted to use Google user data for any purpose other than providing infrastructure to Hosted Proof.

5.6 What we never do with Google user data

5.7 How to revoke Hosted Proof’s access to your Google account

You can revoke Hosted Proof’s access to your Google data at any time, two ways:

Revoking access does not delete any Hosted Proof posts that have already been published to your GBP locations; you can delete those individually from your Google Business Profile dashboard.

6. Meta User Data (Facebook + Instagram)

The same Limited Use principles apply to data received via Meta’s APIs. This section mirrors §5 for clarity.

6.1 Which Meta APIs and OAuth scopes we request

When you connect a Facebook account to Hosted Proof, we request the following permissions via Facebook Login:

We do not request any other Facebook or Instagram permission. We do not access your personal Facebook profile, your friends list, your private messages, your photos outside the Pages/Instagram accounts you have explicitly connected, or any other Meta service.

6.2 What Meta user data we access, use, store, and never do

Everything in §5.2–5.6 applies equally to Meta user data, with the substitutions: “Google Business Profile location” → “Facebook Page / Instagram Business account”; “Google API Services User Data Policy” → Facebook Platform Terms and Developer Policies. Specifically, we:

6.3 How to revoke Hosted Proof’s access to your Meta accounts

7. Third-party processors (full list)

We use the minimum vendors needed to run the service:

8. Your rights

9. Data retention

10. Security

OAuth tokens encrypted at rest (AES-256). TLS for all traffic. Passwords hashed with bcrypt. Database access restricted to application servers. Regular dependency security audits. We are not SOC 2 certified at this stage; we are a small, dogfooded product, and we are transparent about that.

11. Children

Hosted Proof is for business owners and their authorized employees. We do not knowingly collect data from anyone under 18.

12. International users

Hosted Proof is operated from the United States. By using the service you consent to the transfer of your data to the US. We do not currently offer EU/UK data residency.

13. Changes to this policy

Material changes will be announced via email to active users at least 14 days before they take effect. The “last updated” date at the top of this page is always current.

14. Contact & data protection inquiries

For any privacy, data, Google API, or Meta API related question: