Privacy Policy

This Privacy Policy describes how Brandstract.ai ("Brandstract", "we", "us", or "our") collects, uses, shares, and protects information about you when you visit our website (brandstract.ai) or use our services, including the Brandstract API and Brand Truth Score. Please read this policy carefully. By using our website or services, you agree to the practices described herein.

1. Information We Collect

Information you provide directly

We collect information you provide directly to us, including:

• Email address — when you register for early API access or contact us directly.
• Correspondence — the content of any messages you send to us via email or contact forms.

Information collected automatically

When you visit our website, we may automatically collect certain technical information, including:

• IP address and approximate geographic location (country or city level).
• Browser type and version, operating system, and device type.
• Referring URLs, pages visited, and time spent on each page.
• Date and time of your visit.

This information is collected in aggregate to understand how visitors use our site and to improve our services. It is not used to identify you personally except where necessary to maintain security.

API usage data

If you access the Brandstract API, we collect metadata about your API calls, including request timestamps, endpoint paths, response codes, and query volumes. This data is used to provide the service, enforce usage limits, detect abuse, and generate usage reports for your account.

2. How We Use Your Information

We use the information we collect to:

• Notify you when API access becomes available, if you have requested early access.
• Provide, operate, maintain, and improve the Brandstract website and services.
• Respond to your enquiries and provide customer support.
• Monitor and analyse usage patterns to improve performance and user experience.
• Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
• Comply with applicable legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties. We do not use your email address for unsolicited marketing communications beyond the single notification you consented to when registering for early access.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

• Consent — where you have given us your email address for early access notifications.
• Legitimate interests — to operate our website securely, prevent fraud, and improve our services, where these interests are not overridden by your rights.
• Legal obligation — where processing is necessary to comply with applicable law.

4. Data Retention

We retain your email address for as long as necessary to fulfil the purposes described in this policy, including for the duration of the early access programme and any subsequent service relationship, unless you request deletion sooner. API usage metadata is retained for up to 24 months to support billing, auditing, and security investigations. You may request removal from our early access list at any time by emailing hello@brandstract.ai.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as local storage and session tokens) to maintain session state, improve your experience, and analyse site usage. We use the following categories:

• Strictly necessary — local storage is used to remember your cookie preference (key: bst_cookie_consent). This is required for the consent banner to function and cannot be disabled.
• Analytics — we use Plausible Analytics, a privacy-first, cookieless analytics tool. Plausible does not use cookies, does not collect personal data, and does not track visitors across sites. Aggregate usage statistics (page views, referrer sources, country) are collected and stored on Plausible's EU-based infrastructure. This is loaded only when you accept cookies via the consent banner.

You can withdraw or change your cookie preference at any time using the "Cookie settings" link in the footer of every page.

6. Sharing Your Information

We do not sell or rent your personal information. We may share your information in the following limited circumstances:

• Service providers — we may share information with third-party service providers who assist us in operating our website and services (such as hosting, analytics, and email delivery providers). These providers are contractually required to process your data only on our instructions and to maintain appropriate security measures.
• Legal requirements — we may disclose your information if required to do so by law or in response to valid legal process (such as a court order or government request).
• Business transfers — in the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change by posting a notice on our website.

7. Data Security

We implement appropriate technical and organisational security measures to protect your information against unauthorised access, loss, alteration, or misuse. These measures include encrypted data transmission (TLS), access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have rights under applicable privacy laws, including:

• Access — the right to request a copy of the personal information we hold about you.
• Rectification — the right to request correction of inaccurate or incomplete information.
• Erasure — the right to request deletion of your personal information, subject to certain legal exceptions.
• Restriction — the right to request that we limit how we process your information in certain circumstances.
• Portability — the right to receive your information in a structured, machine-readable format.
• Objection — the right to object to processing based on our legitimate interests.
• Withdrawal of consent — where processing is based on consent, the right to withdraw that consent at any time.

To exercise any of these rights, please use our online data rights request form. We will respond to all valid requests within 30 days. We may need to verify your identity before processing your request.

9. International Transfers

Our services are operated from the United Kingdom. If you access our website or services from outside the UK, your information may be transferred to and processed in the UK or other countries where our service providers operate. We take steps to ensure appropriate safeguards are in place for any such transfers in accordance with applicable data protection law.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post any updated version on this page with a revised "Last updated" date. For material changes, we will make reasonable efforts to notify affected users. Your continued use of our services after any changes constitutes your acceptance of the revised policy.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at hello@brandstract.ai.