Google Business Profile API Compliance

Our commitment to maintaining full compliance with Google Business Profile API policies and standards

Last updated: June 2025

Contents

Our Commitment to Google's Standards

TrueStars is fully committed to maintaining compliance with Google Business Profile API policies. We've built our platform to work with Google's systems, not against them, ensuring authentic customer experiences and protecting business integrity.

How We Ensure Compliance

1. User Consent First

Google Requirement:

All automated actions require prior, specific, and express user consent.

Our Implementation:

  • 🔒No automatic redirects — customers must actively consent before accessing Google Reviews
  • 📱Clear consent interface — customers see exactly what they're agreeing to
  • Timestamped consent — we log when consent was given (without storing personal data)
  • 🚫Withdrawal option — customers can change their mind at any time

2. Authentic Reviews Only

Google Requirement:

Prohibit fake content creation and manipulation.

Our Implementation:

  • 👥Real customers only — NFC cards are given only to genuine visitors
  • 🚫No automated posting — we never write reviews for customers
  • 🔍Staff verification — restaurant staff confirm customer authenticity
  • 📊No rating incentives — we don't encourage specific star ratings

3. Independent Business Authentication

Google Requirement:

Each business must use their own Google credentials.

Our Implementation:

  • 🔑Individual Google accounts — each restaurant connects their own Google Business Profile
  • 🚫No shared API keys — we don't use our credentials for client businesses
  • 🔐Secure OAuth integration — proper authentication through Google's official channels
  • 📋Account verification — we verify ownership before service activation

4. Transparent Data Handling

Google Requirement:

No interference with Google's monitoring and maintain cache limits.

Our Implementation:

  • 📤Direct redirects — customers go straight to Google's platform
  • 🚫No content caching — we don't store or cache review content
  • 👀Full transparency — Google can monitor all our API interactions
  • 📊Audit trail — complete logs available for compliance verification

What We DON'T Do

Prohibited Activities We Actively Prevent:

  • Create fake reviews or automated content
  • Cache review data beyond Google's 30-day limit
  • Share API credentials between different businesses
  • Modify or hide Google branding and attribution
  • Interfere with Google's monitoring systems
  • Automatically revert changes made by Google
  • Encourage specific ratings or incentivize reviews

Transparency Report

Monthly Compliance Metrics:

  • Consent Rate: 94.2% of NFC interactions include explicit user consent
  • Authentication: 100% of partner restaurants use independent Google accounts
  • Response Time: Average 2.3 seconds from consent to Google Reviews page
  • Audit Compliance: Zero violations in last 12 months

Our Process:

  1. 1. Customer visits restaurant → genuine service experience
  2. 2. Staff offers NFC card → only to satisfied customers
  3. 3. Customer taps card → redirected to consent page
  4. 4. Customer gives consent → directed to Google Reviews
  5. 5. Customer writes review → authentic feedback on Google's platform

Third-Party Responsibilities

For Restaurant Partners:

  • Verify customer authenticity before offering NFC cards
  • Maintain Google Business Profile ownership
  • Inform customers about the review process
  • Report any suspicious activity to TrueStars immediately

For Customers:

  • Provide honest feedback based on genuine experience
  • Understand consent before proceeding to Google Reviews
  • Report inappropriate usage if you encounter it

Technical Compliance

API Integration Standards:

  • OAuth 2.0 Authentication: Each business maintains independent access
  • Rate Limiting: We respect Google's API quotas and limitations
  • Error Handling: Proper handling of API responses and failures
  • Security: Encrypted communications and secure credential storage

Data Minimization:

  • No personal data storage beyond necessary service delivery
  • Consent timestamps only — no customer personal information
  • Automatic data purging after service completion
  • GDPR compliance for EU customers

Compliance Support

Report Compliance Issues:

Response Time: Within 24 hours
Escalation: Direct to Google if necessary

For Businesses:

  • • Pre-integration compliance review
  • • Ongoing monitoring and reporting
  • • Staff training on Google policies
  • • Regular compliance updates

For Customers:

  • • Easy consent withdrawal process
  • • Direct contact for concerns
  • • Transparent complaint resolution
  • • Integration with Google's own support

Regular Updates

Policy Review Schedule:

  • Monthly: Technical compliance verification
  • Quarterly: Policy alignment with Google updates
  • Annually: Comprehensive audit and documentation update

Change Notification:

  • Partners receive 48-hour advance notice of policy changes
  • Material changes require re-consent from affected users
  • All updates logged and documented for audit purposes

Compliance Statement

TrueStars.ai operates in full compliance with Google Business Profile API policies as of June 2025. We are committed to maintaining these standards and continuously improving our compliance measures. Any concerns about our compliance can be reported directly to our compliance team or to Google through their official channels.

Last Updated:June 26, 2025
Next Review:September 26, 2025
Compliance Officer:sa@truestars.ai

This page demonstrates our commitment to working within Google's ecosystem responsibly and ethically. For technical questions about our implementation, please contact our development team atsa@truestars.ai