Privacy Policy

This Privacy Policy describes how Brand-Check AI("we", "us") processes information when you use Brand-Check AI(this website).

Operator: Brand-Check AI. For product support, use the contact or receipt channel provided by Lemon Squeezy on your order confirmation, unless we list an address elsewhere on this site.

Depending on how you use the Service, we may process:

• Audit inputs: images you upload or captures resolved from URLs you submit.
• Technical data: IP address, user agent, coarse timestamps, and security logs from hosting.
• Preference and session data: browser local storage used to resume PDF generation after an audit.
• Payment data: we do not receive full card numbers; Lemon Squeezy (or another processor) handles payment credentials.
• Support communications: messages you send if you contact us.

• Provide the Service and perform our contract with you (audit, PDF, checkout).
• Legitimate interests in security, abuse prevention, analytics, and product improvement (balanced against your rights).
• Legal obligations where applicable.
• Consent where we rely on it (e.g. certain non-essential cookies or analytics, if offered in your jurisdiction).

Audits and extended reports are produced using Google Gemini or similar models. Inputs may be transmitted to Google's infrastructure for inference. Do not submit special-category or highly sensitive personal data in screenshots unless you accept associated risk.

We use service providers including:

• Vercel (hosting, edge) and related infrastructure.
• Google (Generative AI / Gemini API) for model inference.
• Lemon Squeezy for payments and receipts.
• Upstash (optional) for rate/metadata storage if enabled in deployment.
• Vercel Analytics (optional) for usage metrics.

Their own privacy terms apply in addition to this Policy.

We keep operational logs and backups only as long as needed for security, law, and service reliability. Browser-side storage persists until you clear site data or we ship logic that clears it. Aggregated analytics may be retained in non-identifying form.

Providers may process data in the United Kingdom, European Economic Area, United States, or other regions. Where transfers require safeguards (e.g. UK IDTA / EU SCCs), we rely on vendor mechanisms as appropriate.

Subject to local law, you may have rights to access, rectify, erase, restrict, port, or object to processing, and to lodge a complaint with a supervisory authority. To exercise rights, contact us using the details above. You may need to verify your identity.

The Service is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect their personal data.

We may update this Policy by posting a revised version. Material changes will be reflected in the "Last updated" date.

See our Cookie Notice and Terms of Service.