Privacy Policy

Last updated: 17.10.2025

Information We Collect

We collect information you provide directly to us when using our competitive intelligence platform:

  • Account Information: Email address, name, display name, company details, and profile information
  • Organization Data: Company names, industries, business model canvas inputs, strategic analysis data
  • Competitive Intelligence: Competitor data, market analysis inputs, strategic recommendations, campaign information
  • Usage Analytics: Feature usage, search queries, analysis requests, and platform interactions
  • Payment Information: Billing details processed securely through Stripe (we do not store full payment details)
  • AI Interactions: Prompts, queries, and responses from our AI-powered features
  • Team Data: Member roles, permissions, and collaboration activities within organizations

2. How We Use Your Information

We use your information to provide, enhance, and secure our competitive intelligence services:

  • Service Delivery: Generate competitive intelligence, strategic analyses, and AI-powered recommendations
  • Platform Features: Enable multi-organization management, team collaboration, and campaign tracking
  • Payment Processing: Manage subscriptions, billing, and Enterprise plan add-ons through Stripe
  • Security & Safety: Detect fraud, prevent abuse, and maintain platform security
  • Communication: Send account updates, feature announcements, and subscription notifications
  • Support: Provide customer service and technical assistance

3. Information Sharing and Third Parties

We never sell your personal information. We share data only in these limited circumstances:

  • Analytics Partners: PostHog and Umami receive anonymous, aggregate usage data only (no personal information, no individual tracking). This helps us understand overall platform performance and feature adoption.
  • Request Processors: Supabase (data hosting), Stripe (payments), OpenAI (AI services), Anthropic Claude (AI services), Perplexity (AI search), Firecrawl (web scraping), and Google Maps (geocoding and mapping) process specific requests on your behalf but do not independently store or access your data outside of those transactions.
  • Team Members: Within your organization based on assigned roles and permissions
  • Legal Compliance: When required by law or to protect our legal rights
  • Business Transfers: In case of merger, acquisition, or sale of assets (with notice)
  • With Consent: When you explicitly authorize sharing

4. Data Security and Infrastructure

We implement comprehensive security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based permissions, Row-Level Security (RLS), and API authentication
  • Infrastructure: Secure cloud hosting with Supabase, regular security audits
  • API Safety: Rate limiting, input validation, and abuse detection systems
  • Monitoring: Real-time security monitoring and incident response protocols

5. Data Retention and Deletion

We retain your data based on subscription status and legal requirements:

  • Active Accounts: Data retained while your account is active and for legitimate business purposes
  • Cancelled Subscriptions: Data retained for 90 days after cancellation, then anonymized or deleted
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

6. Your Privacy Rights

You have comprehensive rights regarding your personal data:

  • Access: View and download your personal information and usage data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in machine-readable formats
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to certain data processing activities
  • Restrict: Request limitation of data processing

7. AI Services and Data Protection

Our platform uses AI to enhance competitive intelligence with strict data protection:

  • AI Partners: We use OpenAI, Anthropic Claude, Perplexity, and Firecrawl APIs for natural language processing, competitive research, and web data extraction
  • Data Processing: Your inputs are processed by these AI services solely to generate your requested insights and are immediately discarded after processing
  • No Training Data: Your data is not used to train third-party AI models. Your prompts, queries, and business information remain confidential and are never incorporated into AI training datasets
  • Quality Control: AI responses are monitored for safety and accuracy within our own systems
  • Provider Agreements: Our contracts with AI providers explicitly prohibit using customer data for model training or improvement

8. Analytics and Tracking

We use privacy-focused analytics to improve our platform:

  • Essential Cookies: Required for authentication, security, and core platform features
  • PostHog Analytics: We use PostHog for aggregate usage analytics to understand overall platform performance and feature adoption. PostHog is a privacy-first analytics platform that analyzes data at an aggregate level, not tracking individual user behavior
  • Umami Website Analytics: Privacy-friendly, GDPR-compliant website analytics to track page visits and navigation patterns without collecting personal information or using tracking cookies
  • No Advertising Trackers: We do not use advertising pixels (no META/Facebook, no Google Ads), third-party tracking cookies, or share data with advertising networks
  • Cookie Control: Essential cookie preferences can be managed through your browser settings

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place, including data processing agreements with our service providers and compliance with applicable data protection laws.

10. Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or platform notifications at least 30 days before taking effect.

11. Contact Information

For privacy-related questions, data requests, or concerns, contact us at:

  • Email: privacy@brandscout.io
  • Support: Through the platform's support system