Privacy Policy

Last updated: May 4, 2026

1. Who we are

Brandon Digital (“Brandon Digital,” “we,” “us”) operates the Unified Marketing OS available at app.brandondigital.co (the “Service”). This policy explains what information we collect, how we use it, and the choices you have. Questions: hello@brandondigital.co.

2. Information we collect

We collect only what we need to deliver the Service:

  • Account information: your name, email address, and profile photo from your Google account when you sign in.
  • Marketing platform data: when you connect Google Ads, Meta Ads, Google Analytics 4, Google Search Console, or a CRM, we read campaign metadata, spend, performance metrics, and deal records via the platform’s official API. We request the minimum scopes required.
  • OAuth tokens: refresh and access tokens issued by connected platforms. Tokens are encrypted at rest and used only to fetch your data on your behalf.
  • Usage data: basic logs (IP address, user agent, timestamps, error traces) for security, debugging, and abuse prevention.

3. How we use information

  • Provide, maintain, and improve the Service.
  • Display your marketing performance, generate reports, and power AI recommendations inside your workspace.
  • Authenticate users, enforce access controls, and detect abuse.
  • Communicate service-related notices (security alerts, billing, product updates you opted into).

We do not sell your data, advertise to you, or share it with third parties for marketing.

4. Google API Services User Data Policy

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide or improve user-facing features prominent in the Service, do not transfer it except as needed for those features or as required by law, do not use it for advertising, and do not allow humans to read it unless we have your consent, it is required for security, or it is aggregated and anonymized for internal operations.

5. Meta Platform Terms

When you connect a Meta (Facebook / Instagram) ad account, our use of data received via Meta APIs complies with the Meta Platform Terms and Developer Policies. We use this data only to show your ad performance inside your workspace and to power features you have explicitly opted into.

6. Data sharing

We share data only with infrastructure subprocessors necessary to run the Service:

  • Supabase (database, authentication)
  • Vercel (frontend hosting)
  • Render (backend hosting)
  • Anthropic (AI Report Writer; only data you choose to summarize)
  • Sentry (error monitoring)
  • Resend (transactional email)

We may also disclose information when required by law, to enforce our terms, or to protect the rights and safety of users.

7. Data retention

We keep your account and connected-platform data while your workspace is active. If you disconnect a platform, we delete the associated tokens within 30 days. If you delete your workspace or email us, we delete your personal data within 30 days, except where retention is required by law.

8. Security

Connections use TLS in transit. OAuth tokens and other secrets are encrypted at rest. Access to production data is limited to authorized personnel. No system is perfectly secure; you can help by keeping your Google account credentials safe.

9. Your choices

  • Disconnect any platform from inside the workspace at any time.
  • Revoke our OAuth access via your Google or Meta account settings.
  • Request access, correction, or deletion of your data by emailing hello@brandondigital.co.

10. Children

The Service is for business use and not directed to anyone under 16. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy as the Service evolves. We will revise the “Last updated” date and, for material changes, notify workspace admins by email.

12. Contact

Brandon Digital · hello@brandondigital.co