Privacy Policy

We collect the following categories of information:

• Account information — name, email address, password (hashed), authentication identifiers from third-party providers such as Google.
• Business information — business name, industry, location, brand voice, target audience, services and other details you provide during onboarding or when creating businesses inside the app.
• Generated content — captions, post plans, images and other outputs created using the Service.
• Usage analytics — pages visited, features used, generation activity, device type, browser, IP address and approximate location, used to improve the Service.
• Cookies and similar technologies — see our Cookie Policy.
• Payment information — handled directly by Stripe. We receive limited metadata (such as the last four digits of your card, card brand, subscription status and invoice history) but not your full card number or CVV.
• Support communications — messages you send us by email or via the app.

• To provide, operate and improve the Service.
• To authenticate you, secure your account and prevent fraud or abuse.
• To generate content using AI models on your behalf.
• To process payments, manage subscriptions and issue invoices.
• To send transactional emails (account verification, billing, security, product changes).
• To send product updates and marketing where permitted, with an unsubscribe option.
• To comply with legal obligations and respond to lawful requests.

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to secure, improve and grow the Service.
• Consent — for non-essential cookies and direct marketing where required.
• Legal obligation — to comply with tax, accounting and law-enforcement requirements.

We share data only with vetted sub-processors who help us run the Service, including:

• Cloud hosting and database providers.
• Stripe — payment processing.
• AI model providers — to generate the content you request (Inputs and prompt context are sent on a per-request basis).
• Email delivery providers — for transactional and product emails.
• Analytics and error-reporting providers — to monitor performance and reliability.

We do not sell your personal data. We do not use your private business information to train third-party AI models.

We retain account, business and generated-content data while your account remains active and for a reasonable period afterwards to support reactivation, legal obligations and dispute resolution. Billing records are retained for up to seven (7) years for tax and accounting purposes.

You can request earlier deletion at any time (see "Your rights" below).

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data.
• Restrict or object to certain processing.
• Withdraw consent at any time (where processing is based on consent).
• Data portability — request your data in a machine-readable format.
• Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise any of these rights, email support@brandzilla.ai. We respond within 30 days.

BrandZilla is operated from the United Kingdom and may be accessed worldwide. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses with our processors.

We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive data, role-based access controls, audit logging and regular security reviews. No system is 100% secure; you are responsible for using a strong, unique password and notifying us of any suspected compromise.

The Service is not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. The "Last updated" date above always reflects the current version.

For privacy questions or data requests, contact support@brandzilla.ai.