Privacy Policy

Introduction

Welcome to BrandPulse ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI visibility intelligence platform at https://getbrandpulse.com (the "Service").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources.

1.1 Information You Provide to Us

Account Information

When you create an account, we collect:

• Name (first and last name)
• Email address
• Password (encrypted)
• Company/Organization name
• Job title (optional)
• Phone number (optional)
• Profile photo (optional)

Billing Information

When you subscribe to a paid plan, we collect:

• Credit card information (processed by our payment processor Stripe; we do not store full card numbers)
• Billing address
• Tax identification number (if applicable)
• Payment history

Brand and Business Information

To provide the Service, you may provide:

• Brand names you want to monitor
• Competitor names for comparison
• Industry/category information
• Website URLs
• Company description
• Key features of your product/service
• Target audience information

1.2 Information Collected Automatically

Usage Data

We automatically collect:

• Pages viewed and features used
• Time spent on different pages
• Click patterns and navigation paths
• Feature usage statistics
• Error logs and diagnostic data
• Performance metrics

Device Information

• Device type (desktop, mobile, tablet)
• Operating system and version
• Browser type and version
• Screen resolution
• Device identifiers

Location Data

• IP address
• General geographic location (city, region, country) derived from IP
• Time zone

We do NOT collect precise geolocation data unless you explicitly enable it.

Execution and Results Data

When you use the Service to test prompts:

• Execution timestamps
• AI models tested
• Prompts submitted
• AI responses received
• Brand mentions detected
• Sentiment analysis results
• Competitor mentions
• Citation sources
• Performance metrics (response time, token usage, costs)

2. How We Use Your Information

2.1 To Provide and Maintain the Service

• Create and manage your account
• Process your subscription and payments
• Execute prompts across AI models
• Track brand mentions and competitor data
• Generate analytics and insights
• Calculate AI Visibility Scores (AV Score)
• Provide citation analysis and recommendations
• Enable scheduled monitoring and alerts
• Store your data and execution history
• Provide customer support

2.2 To Improve and Develop the Service

• Analyze usage patterns to improve features
• Develop new features and functionality
• Conduct research and development
• Test and optimize performance
• Fix bugs and technical issues
• Train and improve our algorithms
• Generate industry benchmarks (using aggregated, anonymized data)

2.3 To Communicate with You

• Send service-related notifications
• Respond to your inquiries and support requests
• Send account updates and alerts
• Provide onboarding and educational content
• Send marketing communications (with your consent)
• Conduct surveys and request feedback
• Notify you of changes to our Service or policies

2.4 For Security and Fraud Prevention

• Detect and prevent fraud and abuse
• Monitor for suspicious activity
• Enforce our Terms of Service
• Protect against security threats
• Verify user identity
• Prevent unauthorized access

2.5 For Analytics and Aggregated Insights

• Create anonymized, aggregated statistics
• Generate industry reports and benchmarks
• Publish research and insights (no personal data)
• Improve industry understanding of AI visibility

Note: When we use aggregated data, it is anonymized and does not identify you or your organization.

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Infrastructure Providers

• Hosting: Vercel, Supabase (database hosting)
• Cloud Services: AWS, Google Cloud (infrastructure)

AI Model Providers

• OpenAI (GPT-4, GPT-4o)
• Anthropic (Claude)
• Google (Gemini)
• Perplexity AI (Sonar models)
• Meta (Llama models)
• xAI (Grok)

Note: We only share the prompts you submit and receive responses. We do not share your personal account information with AI providers.

Other Service Providers

• Stripe (payment processing)
• Google Analytics (usage analytics)
• Mixpanel or PostHog (product analytics)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service.

3.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations (court orders, subpoenas)
• Protect and defend our rights or property
• Prevent or investigate fraud or security issues
• Protect the safety of users or the public

4. Third-Party Services

4.1 AI Model Providers

Our Service integrates with third-party AI models. When you submit a prompt:

• The prompt is sent to the selected AI model(s)
• The AI provider processes the prompt and returns a response
• The AI provider may log the request for their own purposes

Important:

• Each AI provider has its own privacy policy
• We do not control how AI providers use your prompts
• Some AI providers may use prompts to improve their models (unless you opt-out through their settings)

4.2 Third-Party Analytics

We use third-party analytics services:

• Google Analytics: Tracks usage patterns (subject to Google's privacy policy)
• Product analytics tools: Track feature usage and user flows

You can opt-out of Google Analytics using: https://tools.google.com/dlpage/gaoptout

5. Data Retention

5.1 Active Accounts

While your account is active, we retain your data to provide the Service:

• Account data: Retained indefinitely while account is active
• Execution history: Retained based on your subscription tier:
  • Free: 90 days
  • Pro: 1 year
  • Business/Enterprise: Unlimited

5.2 Deleted Accounts

When you delete your account:

• Personal data: Deleted within 30 days
• Execution data: Deleted within 30 days
• Billing records: Retained for 7 years (legal requirement)
• Backups: May persist for up to 90 days

5.3 Aggregated Data

Anonymized, aggregated data may be retained indefinitely for industry benchmarks, research purposes, and service improvement. This data cannot be used to identify you.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards

• Encryption in transit: All data transmitted using TLS/SSL (HTTPS)
• Encryption at rest: Database encryption using AES-256
• Password hashing: Bcrypt with salt
• API key encryption: Secure storage of third-party API keys
• Regular backups: Encrypted and geographically distributed

Access Controls

• Role-based access control (RBAC): Limited employee access
• Two-factor authentication (2FA): Available for user accounts
• Audit logging: Track access to sensitive data
• Least privilege principle: Employees have minimal necessary access

6.2 Limitations

No system is 100% secure. While we implement reasonable security measures, we cannot guarantee absolute security. You acknowledge:

• Internet transmission is never completely secure
• Unauthorized access may occur despite our efforts
• You are responsible for maintaining your password security

6.3 Data Breach Notification

In the event of a data breach affecting your personal information:

• We will notify you within 72 hours (or as required by law)
• Notification will be sent via email
• We will describe the nature of the breach and steps we're taking
• We will provide guidance on protective measures you can take

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Access your personal data we hold
• Download your data in a portable format (JSON, CSV)
• Request a copy of your execution history

How to exercise: Visit your account settings or contact support@getbrandpulse.com

7.2 Correction and Update

You have the right to:

• Correct inaccurate personal data
• Update outdated information
• Modify your account details

How to exercise: Update directly in your account settings

7.3 Deletion ("Right to Be Forgotten")

You have the right to:

• Delete your account and associated data
• Request deletion of specific data
• Erase your personal information (subject to legal exceptions)

How to exercise:

1. Go to Account Settings → Delete Account
2. Or email support@getbrandpulse.com with subject "Data Deletion Request"

Exceptions: We may retain data if required by law or for legitimate business purposes (e.g., fraud prevention, legal disputes).

7.4 Object to Processing

You have the right to:

• Object to processing of your data for marketing purposes
• Opt-out of marketing emails (unsubscribe link in emails)
• Disable non-essential cookies

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Service. We use cookies and similar technologies (local storage, session storage, web beacons) to enhance your experience.

8.2 Types of Cookies We Use

Essential Cookies (Always Active)

Required for the Service to function:

• Authentication cookies: Keep you logged in
• Security cookies: Prevent fraud and abuse
• Session cookies: Maintain your session state
• CSRF tokens: Protect against cross-site attacks

You cannot disable these cookies.

Analytics Cookies (Optional)

Help us understand usage:

• Google Analytics: Track page views, sessions
• Product analytics: Track feature usage
• Heatmap tools: Understand user interactions

8.3 Cookie Management

How to Control Cookies:

1. Browser Settings: Most browsers allow you to block all cookies, block third-party cookies only, or delete cookies when you close the browser
2. Our Cookie Banner: When you first visit, you can accept all cookies, reject non-essential cookies, or customize your preferences
3. Account Settings: You can disable analytics cookies, marketing cookies, and heatmap tracking

Note: Disabling essential cookies may prevent you from using the Service.

9. International Data Transfers

9.1 Where We Store Data

We store and process data in:

• United States (primary servers)
• Europe (EU data residency option for Enterprise customers)

9.2 Cross-Border Transfers

If you access the Service from outside the United States, your data may be transferred internationally. We ensure adequate protection through:

For EU/EEA Users:

• Standard Contractual Clauses (SCCs): EU-approved data transfer mechanism
• EU-US Data Privacy Framework: Certified frameworks
• Adequacy decisions: Transfers to countries with adequate protection

9.3 Data Localization

Enterprise customers can request:

• Data residency: Store data in specific regions
• Local processing: Process data in specific jurisdictions

Contact support@getbrandpulse.com for options.

10. Children's Privacy

10.1 Age Restriction

Our Service is not intended for children under 18 years of age.

We do not knowingly collect personal information from children under 18. If you are under 18, do not:

• Create an account
• Use the Service
• Provide any personal information

10.2 Parental Notice

If we learn we have collected personal information from a child under 18:

• We will delete that information promptly
• We will terminate the account

If you believe we have information from a child under 18, contact us immediately at support@getbrandpulse.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).

11.1 Your CCPA Rights

Right to Know

You can request:

• Categories of personal information we collect
• Specific pieces of personal information we hold
• Sources of information
• Purposes for collecting/sharing
• Categories of third parties we share with

Right to Delete

You can request deletion of your personal information (subject to exceptions).

Right to Opt-Out of Sale

We do not sell personal information, so there is nothing to opt-out of.

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights:

• We will not deny service
• We will not charge different prices
• We will not provide different quality of service

11.2 Exercising Your Rights

How to Submit a Request:

1. Email: support@getbrandpulse.com
2. Subject: "CCPA Request - [Right to Know/Delete]"
3. Include: Your name, email, account information

Response Time: We will respond within 45 days (extension of up to 45 additional days if needed, with notice).

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR).

12.1 Your GDPR Rights

Right of Access (Article 15)

You can request:

• Confirmation of whether we process your data
• Copy of your personal data
• Information about processing

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your data when:

• Data is no longer necessary
• You withdraw consent
• You object to processing
• Data was unlawfully processed

Exceptions: We may retain data if required by law or for legitimate purposes.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

You can object to:

• Processing based on legitimate interests
• Direct marketing (including profiling)
• Processing for research/statistics

12.2 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

Email: support@getbrandpulse.com

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes to our practices
• Legal or regulatory changes
• New features or services
• User feedback

13.2 Notification

When we make material changes:

• Email notification to registered users
• Prominent notice on the Service
• At least 30 days' notice before changes take effect

13.3 Your Acceptance

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

If you do not agree to changes:

• Stop using the Service
• Delete your account
• Contact us with concerns

14. Contact Us

14.1 General Privacy Inquiries

14.2 Data Protection Officer (GDPR)

14.3 Data Deletion Requests

Email: support@getbrandpulse.com
Subject: Data Deletion Request

Include:

• Your name
• Email address
• Account details
• Specific request

14.4 Security Concerns

If you discover a security vulnerability:

Email: support@getbrandpulse.com
Subject: Security Vulnerability Report

We take security seriously and will respond promptly.

14.5 Customer Support

For general support (not privacy-related):

Acknowledgment

By using BrandPulse, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.