← Back to BrandPurl

Privacy Policy

Last updated: 2026-05-22

This Privacy Policy explains how BrandPurl ("we", "us", "our") collects, uses, and protects information when you use our website, application, and APIs (collectively, the "Service"). By using the Service you agree to this policy.

1. Information we collect

2. How we use information

We do not sell or rent your data. We do not use your private brand content to train public generative-AI models.

3. Third-party processors

4. How we protect OAuth tokens

Access tokens issued by connected platforms (e.g. Buffer) are encrypted at rest with AES-256-GCM using a dedicated server-side key. Tokens are never sent to the browser, never logged in plaintext, and are decrypted only inside the server process at the moment a publish API call is made.

5. Your rights

6. Data retention

Account and content data are retained as long as your account is active. Backups are purged within 30 days of permanent deletion. Request logs are retained for up to 90 days.

7. Children

The Service is not directed at children under 16, and we do not knowingly collect data from them.

8. Changes to this policy

We may update this policy from time to time. Significant changes will be announced via email and via a notice inside the app at least 14 days before they take effect.

9. Contact

Questions or requests: privacy@brandpurl.com.