BrandFoundry
Sign inGet started
Back to home

Privacy Policy

Last updated: February 16, 2026

1. Introduction

BrandFoundry ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.

2. Information We Collect

Account Information

When you create an account, we collect your full name, email address, and password. Passwords are securely hashed and never stored in plain text.

Product Data

When you create projects, we collect product descriptions, images, target audience information, pricing details, category selections, and competitor URLs that you provide. This data is used to generate market research and ad creatives.

Meta Ads Credentials

If you choose to connect your Meta Ads account, we store your Meta App ID, encrypted App Secret, and OAuth access tokens. These are used solely to manage ad campaigns on your behalf. We never store your Meta/Facebook password.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and timestamps. This helps us improve the product experience.

Ad Performance Data

When campaigns are active, we collect and store performance metrics from Meta Ads including impressions, clicks, spend, conversions, and click-through rates.

3. How We Use Your Information

  • To provide and maintain the Service, including AI-powered market research, creative generation, and ad campaign management
  • To process your product data through our AI models (Google Gemini) for market analysis and creative generation
  • To create, manage, and optimize ad campaigns on Meta platforms on your behalf
  • To communicate with you about your account, projects, and campaign performance
  • To improve and develop new features for the Service
  • To detect and prevent fraud, abuse, or security incidents

4. Third-Party Services

Supabase

We use Supabase for authentication, database storage, and file storage. Your data is stored in Supabase's infrastructure. See Supabase's privacy policy for details.

Google AI (Gemini)

Product descriptions, images, and market data are sent to Google's Gemini AI models to generate market research reports and ad copy. Google's data processing terms apply.

Meta Platforms

When you connect your Meta Ads account, campaign data and creatives are shared with Meta for ad delivery. Meta's data policy governs how they process this information.

Vercel

The Service is hosted on Vercel. Standard server logs including IP addresses and request metadata may be collected by Vercel's infrastructure.

5. Data Retention

We retain your account data and project data for as long as your account is active. You can delete your projects at any time. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for analytics purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encrypted storage for sensitive credentials, secure authentication via Supabase, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise any of these rights, please contact us at the email address below.

8. Cookies

The Service uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Authentication tokens are stored securely in your browser to maintain your logged-in session.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@brandfoundry.app.