Skip to main content
Last Updated: January 14, 2026 Effective Date: January 14, 2026 Version: 1.0

1. Introduction

Brand DNA (“we,” “us,” or “our”), operated at https://www.branddna.app, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Brand DNA, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, password (encrypted)
  • Profile Information: Optional business name, industry, company size
  • Payment Information: Billing details processed securely by Stripe (we do not store credit card numbers)
  • Brand Analysis Inputs: Website URLs, social media links, contextual notes you provide
  • User Content: Tasks, notes, workspace content, chat messages

2.2 Automatically Collected Information

  • Usage Data: Features accessed, analysis frequency, time spent, interactions with Helix AI
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, pages viewed, referring URLs
  • Cookies and Tracking: Session cookies, authentication tokens, preference settings

2.3 Information from Third Parties

  • AI Analysis Data: Publicly available web content analyzed by Google Gemini AI
  • Payment Processors: Transaction status and payment verification from Stripe
  • Authentication Services: OAuth provider data if you sign in through third-party services

3. How We Use Your Information

We use your information to:
  • Provide, operate, and maintain the Service
  • Process your transactions and manage subscriptions
  • Generate brand analyses using AI technology
  • Improve and personalize your experience
  • Communicate with you about updates, support, and marketing (with consent)
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Develop new features and services

4. Third-Party Service Providers

We share your information with trusted third-party processors who assist in operating our Service:

Google Gemini AI

Purpose: AI-powered brand analysis, content generation, and Helix AI chatbotData Shared: Website URLs, social links, user-provided context, analysis prompts, chat messagesPrivacy Policy: Google Privacy Policy

Stripe

Purpose: Payment processing and subscription managementData Shared: Billing information, transaction detailsPrivacy Policy: Stripe Privacy Policy

DigitalOcean Spaces

Purpose: Cloud storage for analysis reports and generated contentData Shared: Analysis results, exported PDFs, uploaded filesPrivacy Policy: DigitalOcean Privacy Policy

PostgreSQL Database

Purpose: Data storage and managementData Shared: User accounts, subscriptions, usage data, analysis historyPrivacy Policy: DigitalOcean Privacy Policy
All third-party processors are required to maintain appropriate security measures and use your data only for the purposes specified.

5. Data Security

We implement industry-standard security measures to protect your information:
  • Encryption in transit (TLS/SSL) and at rest
  • Secure password hashing using bcrypt
  • HTTP-only cookies for session management
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure cloud infrastructure with enterprise-grade providers
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:
  • Account Data: Retained while your account is active
  • Analysis History: Retained according to your subscription tier (24 hours to 1 year)
  • Transaction Records: Retained for 7 years for tax and accounting purposes
  • Deleted Accounts: Data permanently deleted within 30 days of account deletion request

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

If you are located in the European Union, you have the following rights:
  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:
  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your CCPA rights

7.3 How to Exercise Your Rights

To exercise any of these rights:
  • Use the “Export My Data” feature in your account settings
  • Use the “Delete My Account” option in settings
  • Contact us at privacy@branddna.app
We will respond to your request within 30 days (or 45 days for CCPA requests).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies. See our Cookie Policy for detailed information about:
  • Types of cookies we use
  • How to manage cookie preferences
  • Third-party cookies and analytics

10. Children’s Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

11. Marketing Communications

With your consent, we may send you marketing emails about new features, promotions, and updates. You can opt-out of marketing communications at any time by:
  • Clicking the “unsubscribe” link in any marketing email
  • Updating your preferences in account settings
  • Contacting us at privacy@branddna.app
You will still receive transactional emails related to your account and Service usage.

12. Do Not Track Signals

We respect Do Not Track (DNT) signals. When DNT is enabled in your browser, we will not set non-essential cookies and will limit data collection to what is necessary to provide the Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:
  • Posting the updated policy on this page
  • Updating the “Last Updated” date
  • Sending an email notification to registered users
  • Displaying a prominent notice in the Service
Your continued use of the Service after changes indicates acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Privacy Contact Information

Privacy Contact: privacy@branddna.appData Protection Officer: dpo@branddna.appWebsite: https://www.branddna.appGDPR Representative (EU): To be designated if required
Effective Date: January 14, 2026 Version: 1.0