BrandCrank

Legal

Privacy policy

We respect your data. We collect what we need to run the product, store it securely, never sell it, and give you a clean way to delete it whenever you ask.

Effective May 6, 2026

What we collect

Account information. When you create an account we collect your name, email, password (hashed), and workspace identifiers.

Site content you submit. URLs you ask us to audit, copy you ask us to generate, brand assets you upload, and anything else you push into the product.

Connected provider data. When you connect Google Ads, Meta Ads, Search Console, or your CMS, we read account metrics, ad creative, and content via the official APIs. We never read more than the OAuth scopes you approved.

Usage telemetry. Pages visited, features used, errors encountered, and aggregate performance metrics. Used exclusively to improve the product.

How we use it

  • To run the product (audits, proposals, CMS application, verification).
  • To send you transactional email (security alerts, billing receipts, audit completion notifications).
  • To monitor errors and improve reliability.
  • To answer your support requests.
  • To comply with legal obligations.

What we don't do

  • We don't sell your data. Ever.
  • We don't train AI models on your private data.
  • We don't share your data across customer workspaces.
  • We don't use your data for marketing without your explicit opt-in.

Where it lives

Provider tokens and CMS credentials are encrypted with AES-256-GCM using the application KMS secret. Customer data is stored in managed databases and object storage provided by our infrastructure vendors. We use industry-standard cloud infrastructure including Vercel, Postgres, Redis, and object storage.

Subprocessors

  • Hosting & functions — Vercel
  • Database — managed Postgres
  • AI inference — Anthropic, OpenAI, Google (Gemini)
  • Email — your transactional email provider
  • Error monitoring — Sentry
  • Payments — Stripe

Your rights

You can access, correct, export, or delete your data at any time. Email privacy@brandcrank.com or use the in-product controls. EU and UK residents have all rights under GDPR and UK GDPR. California residents have all rights under CCPA/CPRA. We respond to verified requests within 30 days.

Changes to this policy

We'll email you and post a notice at the top of this page if we make material changes. Minor edits (typos, clarifications) get an updated effective date and no notification.

Questions about this policy? privacy@brandcrank.com