GHLThemer

Legal

Privacy Policy

Last updated: June 14, 2026

This policy explains how GHLThemer ("we", "our", "us") collects, uses, and protects information when you use our service at ghlthemer.com.

1. Overview

GHLThemer is a B2B SaaS platform that allows marketing professionals to apply custom CSS themes to GoHighLevel pages. We take your privacy seriously and collect only the data necessary to provide and improve our service.

By using GHLThemer, you agree to the collection and use of information as described in this policy. Our Terms of Service are a separate document and also apply to your use of the service.

2. Data We Collect

We collect the following categories of information:

DataWhy
Name & email addressAccount creation and communication
CountryRouting to the correct payment gateway
Account type & planEnforcing feature access limits
Theme settings (colors, fonts, CSS)Delivering your custom themes to GHL pages
Client and site namesOrganising your workspace
Support ticket contentResolving your support requests
Billing informationProcessed by LemonSqueezy or Safepay — we never store card data
Usage analytics (page views, clicks)Product improvement — only with your consent
Lead Finder data (business names, addresses, phones, websites, public emails)Powering search results and your saved leads — see Section 3 for details

3. Lead Finder Data

Lead Finder lets you search for businesses by type and location, save them as leads, and export them. We want to be clear about how this works because it involves data about third-party businesses in addition to your own account.

Where the data comes from

  • Google Places API (a Google Maps Platform service) returns business names, addresses, phone numbers, websites, and ratings for your search query.
  • We then fetch the business’s public website — specifically the homepage and up to three common contact pages (/contact, /contact-us, /about) — to detect the platform it runs on, to score the site (e.g. SSL, mobile-friendliness, contact form), and to find a publicly-posted business email (mailto: links or visible text on those pages).
  • To measure performance we submit the business’s public website URL to the Google PageSpeed Insights API, which returns speed, SEO, and accessibility scores for that public page. No information about you is sent.
  • We only extract emails that are already publicly published on the site. We do not bypass paywalls, log-in walls, or any technical access control.

What we do not do

  • We do not send any messages on your behalf. The optional Contact feature uses AI to draft an email or a short text message and opens it in your ownapp — your email client (Gmail, Outlook, or your default mail app), your messaging app (SMS or WhatsApp), or your phone’s dialer to place a call — or copies it to your clipboard. You review and send it yourself. We never transmit messages to leads.
  • For the Contact feature we store only whether, when, and how you contacted a lead (a timestamp + the method) — never the email content you write or send.
  • We do not sell, share, or rentlead data to any third party. Each user’s saved leads are visible only to that user (and their agency teammates, if any).
  • We do not enrich leads with personal-life data (no background checks, no social profiles, no scraping of personal accounts).

Shared domain cache

To avoid repeatedly fetching the same website for multiple users, we keep a small shared cache of domain → platform detection result for up to 30 days. The cache stores only the public business email (if any), the detected platform (e.g. “wordpress”), and the timestamp. It contains no customer-specific information.

Your responsibility when using lead data

Cold email, SMS, WhatsApp, calls, and other unsolicited outreach are regulated — for example GDPR and PECR in the EU/UK, and CAN-SPAM and the TCPA in the US — and third-party messaging platforms (such as WhatsApp) impose their own policies on top of the law. Rules are stricter for individuals than for incorporated businesses. You are solely responsible for ensuring your outreach complies with the laws of the regions you contact and the terms of any platform you use.

For business owners: removal requests

If you are a business owner and want your domain’s data removed from our shared cache, email support@ghlthemer.com with your domain. We will purge the entry within 30 days. Note that removing our cache does not remove any leads that individual GHLThemer users have already saved to their personal accounts — for that, contact those users directly, or contact us if you believe there is a specific legal basis.

4. Cookies & Tracking

We use two categories of cookies:

Strictly necessary cookies

These are required for authentication and session management. They are set by Supabase and cannot be disabled without breaking the application. No consent is required for these cookies.

Analytics cookies (optional — consent required)

With your consent, we load Google Analytics 4 and Microsoft Clarity to understand how visitors use our marketing site. These trackers are only activated after you click "Accept" on our cookie banner. If you click "Decline", no analytics cookies are set.

You can withdraw consent at any time by clearing your browser's localStorage for ghlthemer.com and re-visiting the site. Alternatively, use your browser's cookie settings or a browser extension like uBlock Origin.

5. How We Use Your Data

  • Provide and operate the GHLThemer service
  • Deliver your CSS theme to your GoHighLevel pages via our embed script
  • Send transactional emails (account verification, billing, support replies)
  • Send trial reminder emails (3 emails in the last 3 days of your trial)
  • Enforce plan limits and feature access
  • Respond to support tickets
  • Execute Lead Finder searches against Google Places on your behalf
  • Fetch public business websites to detect platform and surface publicly-posted emails
  • Cache domain detection results (max 30 days) to reduce repeat lookups
  • Detect and prevent abuse or fraud
  • Improve our product (only with analytics consent)

We do not sell your data. We do not use your data to serve third-party advertising. We do not share your client data with any party outside the service providers listed below.

6. Third-Party Services

We share limited data with the following providers to operate the service:

ProviderPurposeData shared
SupabaseDatabase & authenticationAll account and theme data
VercelHosting & edge deliveryRequest logs (IP, user agent)
ResendTransactional emailName, email, ticket content
LemonSqueezyPayments (non-PK users)Name, email, plan selection
SafepayPayments (Pakistan users)Name, email, plan selection
OpenAIAI color suggestions + outreach email/text draftsColor: industry + vibe. Outreach drafts: the business name, type, and location of a lead — never the email address or phone number
Google Places API (Maps Platform)Lead Finder business searchYour search query (e.g. "plumbers in Austin") — no PII about you sent with it
Google PageSpeed Insights APIWebsite opportunity scoringA lead business's public website URL — no PII about you sent with it
Google AnalyticsUsage analytics (consent-only)Anonymised page views
Microsoft ClarityHeatmaps (consent-only)Anonymised session data
Cloudflare R2Video hostingNone — public CDN reads only

Each provider has their own privacy policy. For links, search "[provider name] privacy policy".

7. Data Retention

  • Account data is retained while your account is active
  • Theme history snapshots are kept for the last 10 saves per theme
  • Analytics events are automatically deleted after 90 days
  • Support tickets and replies are retained for 2 years
  • After account deletion, all personal data is removed within 30 days

To request account deletion, email support@ghlthemer.com.

8. Your Rights (GDPR / CCPA)

If you are in the European Economic Area (EEA), UK, or California, you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing of your data for analytics
  • Restrict processing — request limited processing of your data
  • Withdraw consent — for analytics cookies, at any time (see Section 3)

To exercise any of these rights, email support@ghlthemer.com with your request. We will respond within 30 days.

For CCPA: we do not sell personal information. You have the right to know what data we collect and to request deletion.

9. Security

We take reasonable technical and organisational measures to protect your data:

  • All data transmitted over HTTPS (TLS)
  • Database rows protected by Supabase Row Level Security (RLS) policies
  • Authentication handled by Supabase Auth (bcrypt-hashed passwords)
  • Payment card data never touches our servers — handled entirely by LemonSqueezy/Safepay
  • API keys and secrets stored as environment variables, never in source code

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to support@ghlthemer.com.

10. Children's Privacy

GHLThemer is a business tool intended for adults (18+). We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify active users by email.

Continued use of GHLThemer after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions, requests, or concerns:

GHLThemer

Email: support@ghlthemer.com

Website: ghlthemer.com