Overture Maps FoundationOpen license
Canonical source for business entities, location, and category substrate.
Trust · Updated April 2026
Where the data comes from.
Every number on Operator traces to a source class: public data, licensed data, or owner-consented data. Operator currently tracks 35,305,944 businesses across 774 cities.
Our five data principles
These rules shape every ingestion decision, even when growth pressure is high.
01
Public or consented. Never scraped in the gray.
Every data point is from a public source with clear terms, a paid API, or direct owner consent.
02
Sources cited, always.
Claims and scores are tied to source classes and published formulas.
03
Businesses can opt out.
Any business can request removal from public surfaces within 24 hours.
04
No third-party data sales.
Operator does not run advertiser data resale programs.
05
AI crawlers are first class.
We support open assistant interoperability instead of closed index silos.
Data sources, in full
Every source family feeding the Operator index.
Business identity and location
Google Places APIPaid API
Ratings, review counts, profile metadata, and owner response context.
US Census + SBA datasetsPublic domain
Market context and normalization baselines used in cross-market comparisons.
AI visibility signals
Assistant query samplingFirst-party
Nightly sampling across major AI surfaces to measure citation frequency.
Crawler accessibility checks
Robots and crawlability diagnostics with explicit owner-approved access.
Owner-submitted and integration data
Claim form inputs
Owner-provided corrections for service areas, specialties, and profile fields.
Autopilot integrations
Connected tools are used to operate that owner’s workflows, not to resell or expose private metrics.
What we do not use
- No Yelp/Angi/HomeAdvisor/Thumbtack ingestion.
- No social media scraping from Facebook, Instagram, or TikTok.
- No scraped personal emails or private household data.
- No consumer location SDK resale datasets.
Privacy for business owners
What is public by default
Public business directory fields, public reviews, and computed market-facing scores.
What remains private unless you opt in
Operational workflow telemetry, connected integration data, and owner-only internal performance views.
GDPR and CCPA
Access, correction, and deletion requests are honored through privacy@operator.fyi.
Request a takedown
Email privacy@operator.fyi from a domain or phone matching the listing and include:
- The listing URL to remove
- Ownership/operation confirmation
- Scope: full removal or specific surfaces
Takedowns are completed within 24 hours and scrubbed from API and assistant-facing surfaces on the same cycle.
Security
| Control | Status |
|---|---|
| Data in transit | TLS on all endpoints |
| Data at rest | Encrypted storage via managed Postgres |
| Authentication | OAuth or magic-link flows |
| API key control | Scoped keys with rotation support |
| Rate limiting | Per-key and per-IP policy tiers |
| Audit logging | Admin and write-path event logging |
| Backups | Point-in-time recovery enabled |
| Incident disclosure | User notification workflow on confirmed incidents |
Enterprise security requests can be sent to security@operator.fyi.
Contact
| Privacy, takedown, data access | privacy@operator.fyi |
| Methodology questions | methodology@operator.fyi |
| Security issues | security@operator.fyi |
| General press | press@operator.fyi |
| Everything else | hello@operator.fyi |