Legal

Privacy Policy

Last updated: May 2025

1. Who We Are

Brand Audit ("we", "us", "our") operates the brand intelligence platform at brandaudit.online. We are committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, why we collect it, and how we use and protect it.

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, company name, and billing details provided during registration
  • Brand data: Website URLs and competitor URLs you submit for analysis
  • Usage data: Feature usage, audit history, session activity, and page interactions
  • Technical data: IP address, browser type, device type, and operating system
  • Communications: Messages sent via our contact form or to our support email
  • Payment data: Billing is handled by third-party processors (Razorpay / Stripe). We do not store card details.

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Generate brand intelligence reports based on your submitted URLs
  • Send transactional emails (account confirmation, billing receipts, audit completion)
  • Respond to support requests and contact form submissions
  • Analyse aggregate usage patterns to improve our AI models and user experience
  • Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase: Database and authentication infrastructure
  • Anthropic: AI analysis (brand data is processed but not retained for model training without consent)
  • Apify: Website content scraping and marketplace data collection for brand signal analysis
  • Payment processors: Razorpay or Stripe for subscription billing
  • Analytics providers: Aggregated, anonymised usage data only

All sub-processors are contractually bound to protect your data and may only use it to provide services to us.

5. Cookies & Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and session management. Cannot be disabled.
  • Analytics cookies: Help us understand how the Service is used. You may opt out via your browser settings.
  • Marketing cookies: Only set if you consent via our cookie banner.

6. Data Retention

We retain your account data for as long as your account is active, plus 90 days after deletion to allow account recovery. Audit reports and brand data are retained for 24 months from creation. Billing records are retained for 7 years to comply with financial regulations. You may request earlier deletion by contacting us.

7. Your Rights

Depending on your jurisdiction, you have the following rights:

All users:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Opt out of marketing communications at any time

Indian users (DPDP Act 2023 & IT Act 2000):

  • Right to obtain a summary of personal data processed and identities of all Data Fiduciaries with whom data is shared
  • Right to correct, complete, or update your personal data
  • Right to erasure of personal data that is no longer necessary for the purpose it was collected
  • Right to nominate a person to exercise rights on your behalf in the event of death or incapacity
  • Right to grieve — you may file a complaint with our Grievance Officer (see Section 12)

EU/EEA users (GDPR):

  • All rights listed above, plus the right to restriction of processing
  • Right to lodge a complaint with your local Data Protection Authority
  • Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing

California users (CCPA/CPRA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@brandaudit.online. We will respond within 30 days (or within the period required by applicable law).

8. Data Security

We implement industry-standard security measures including encrypted data in transit (TLS 1.2+), encrypted storage, row-level security on our database, and access controls restricting data access to authorised personnel only. No system is 100% secure — please use a strong, unique password for your account.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance.

11. India: DPDP Act 2023 Compliance

We process personal data of Indian users in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Information Technology Act, 2000. As a Data Fiduciary, we:

  • Collect only the personal data necessary for the stated purposes
  • Obtain free, specific, informed, and unambiguous consent before processing
  • Implement reasonable security safeguards to prevent personal data breaches
  • Notify affected Data Principals and the Data Protection Board of India in the event of a personal data breach, as required
  • Retain personal data only for as long as necessary and delete it thereafter
  • Do not transfer personal data outside India except as permitted under the DPDP Act and applicable rules

12. Grievance Officer (India)

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act 2023, we have appointed a Grievance Officer to address privacy complaints from users in India:

Grievance Officer: Brand Audit Support Team

Email: support@brandaudit.online

Response time: Acknowledgement within 24 hours; resolution within 15 business days

If you are not satisfied with our response, you may approach the Data Protection Board of India once constituted, or the appropriate Consumer Disputes Redressal Forum under the Consumer Protection Act, 2019.

13. International Data Transfers

Your data may be processed and stored on servers located outside your country, including in the United States and the European Union. When we transfer personal data internationally, we apply appropriate safeguards including standard contractual clauses and data processing agreements with all sub-processors, consistent with applicable law. EU/EEA users’ data is handled in compliance with GDPR requirements for cross-border transfers.

14. Contact

For privacy-related questions or to exercise your rights, contact our data team at support@brandaudit.online.

Terms of Service →Cancellation & RefundContact us