← Back to home

Privacy Policy

Last updated: May 2026

What we collect

  • Account info: email, name, WhatsApp phone (if you opt in to WhatsApp approvals)
  • Brand content: the posts you draft, publish, or train your voice on
  • LinkedIn session: if you connect LinkedIn, we store an encrypted copy of your browser session cookies. We never see or store your LinkedIn password.
  • Usage data: what features you use, when you use them, error logs (no message content)
  • Billing: Stripe handles payments — we store only your Stripe customer ID and subscription state, never card numbers

How we use it

To run the service: drafting posts in your voice, publishing them on your behalf, sending you WhatsApp approvals, generating reports. We do not sell your data, ever. We do not train AI models on your content beyond your own brand’s voice fingerprint.

Sub-processors

We rely on these services to operate. Each has its own privacy practices:

  • Supabase (hosting, database)
  • Vercel (web hosting)
  • Anthropic (AI drafting and review)
  • Stripe (payments)
  • Twilio (WhatsApp)
  • Replicate (image generation)
  • AssemblyAI (video transcription)
  • Resend (transactional email)
  • Sentry (error monitoring)

Your rights

  • Export: download all your data as JSON anytime from Settings → Account
  • Deletion: delete your account and all associated data anytime, no questions asked
  • Correction: edit any of your account info from settings
  • Portability: the export is in standard JSON format

For EU/UK residents: you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. Email privacy@brandaid.app.

Retention

We keep your data while your account is active and for 30 days after deletion to allow recovery. After that it’s permanently removed from production systems. Backups are deleted within 90 days.

Security

LinkedIn session cookies are AES-256 encrypted before storage. WhatsApp verification codes are hashed (SHA-256 with a per-user salt) before storage. Database access is gated by row-level security. All API routes that touch user data verify ownership before reads or writes.

Contact

privacy@brandaid.app