Skip to content
Brandmundo

Privacy Policy

Last updated: June 12, 2026

1. Scope

This policy explains how Brandmundo (“we”, “us”) collects, uses, and protects personal data when you use the Brandmundo web application, the Brandmundo iOS and Android apps, and the brandmundo.com website (together, the “Service”). Brandmundo is the controller of this data. For questions or requests, reach us through our contact page.

2. Data we collect

  • Account data. Your email address and sign-in method. If you sign in with Google or Apple, we receive the identifier and email associated with that account; we never see your password for those services.
  • Brand and business data. Information you provide about your business so the Service can generate relevant content: business name, industry, products, audience descriptions, tone and style preferences, business location, social-media handles, website and reference URLs, competitor details, products & services, events, brand colors and logo, and any custom instructions you write.
  • Content you create and upload. Photos, videos, and other media you add to your library; post ideas, captions, and edits you make; and content generated for you by the AI features.
  • Usage data. How you interact with generated ideas (likes, dismissals, edits, scheduling, marking as posted), onboarding progress, and preference signals — used to personalize what the Service suggests to you. We also keep technical generation logs (model used, token counts, timing, errors) to operate and debug the Service.
  • Billing data. Your plan, subscription status, credit balances, and transaction history. Payments are handled by our payment provider (web) or the app stores (mobile apps); we never see or store your full card number.
  • Device data (mobile apps). A push-notification token for your device if you enable notifications. The mobile apps request camera and photo-library access only when you choose to add media, and do not track you across other apps or websites.
  • Connected social accounts. If you connect a social account to schedule posts for automatic publishing, we receive and store the access credentials the platform issues (encrypted), basic account identifiers (such as your platform user ID, page ID, and username), and the delivery status of posts published on your instruction. We use this data only to provide the publishing features you enabled — never for advertising or profiling. You can disconnect an account at any time in settings, which deletes the stored credentials.
  • Support communications. Messages you send us via the contact form or email.

3. How we use your data

We use your data to:

  • provide the Service: generate ideas and images tailored to your brand;
  • personalize suggestions based on what you like and dismiss;
  • publish or schedule posts to social accounts you have connected, on your instruction;
  • manage your subscription, credits, and purchases;
  • send transactional and service emails (welcome, reminders, optional weekly brief) — each non-essential email has a one-click unsubscribe, and you can manage email and push preferences in settings;
  • send push notifications you have opted into;
  • secure the Service, prevent abuse and fraud, and enforce usage limits;
  • debug, maintain, and improve the Service;
  • comply with legal obligations (e.g. tax and accounting records).

We do not sell your personal data, and we do not use third-party advertising trackers inside the product.

4. AI processing

To generate content, we send relevant parts of your brand data (and, where you use those features, your custom instructions, reference material, and uploaded media) to the AI providers that power text and image generation. Under our agreements with these providers, data submitted through their business APIs is not used to train their models. Generated content and generation logs are stored with your account so you can access your ideas and we can operate the Service.

5. Service providers

We share data only with service providers that help us run the Service, only to the extent necessary, and under data-processing agreements. These include providers for:

  • hosting, database, authentication, and file storage;
  • AI text and image generation (see Section 4);
  • payment processing and in-app purchases;
  • transactional email and push-notification delivery;
  • location search when you set your business location;
  • looking up public web and social content (e.g. competitor suggestions and content signals) based on the brand details you provide;
  • error monitoring (Sentry, EU-hosted) so we can detect and fix failures in the app, the mobile app, and this website;
  • product analytics and session replay (PostHog, EU-hosted) to understand how the product is used and improve it (see Section 6);
  • visitor statistics on the marketing website, only after you accept cookies (see Section 6).
  • bot and abuse protection on our contact form and free marketing-site tools (Cloudflare Turnstile), which runs a lightweight, mostly invisible check to tell real visitors from bots. To do this, Turnstile processes limited technical data such as your IP address and browser signals. Cloudflare acts as our processor for this and does not use the data to train models or for advertising; for details see Cloudflare’s Turnstile Privacy Addendum.

A current list of our service providers is available on request via our contact page.

Separately, when you publish or schedule a post to a connected social account, the content of that post is transmitted to the relevant platform on your instruction. From that point it is processed by the platform under its own terms and privacy policy, as part of your own account there.

We may also disclose data if required by law, to protect our rights or users’ safety, or as part of a merger, acquisition, or sale of assets (in which case this policy continues to apply to your data).

6. Cookies and analytics

The app uses strictly necessary cookies to keep you signed in. The marketing website uses analytics cookies only after you accept the cookie banner; if you decline, or if your browser sends a “Do Not Track” signal, no analytics cookies are set. You can change or withdraw consent at any time via your browser settings.

Inside the product (the web app and mobile app), we use PostHog (EU-hosted) for product analytics — which screens are used, which ideas are generated, liked, or skipped — and session replay on the web app, with all text you type masked before it leaves your browser. We also use Sentry (EU-hosted) to collect error reports when something breaks. We use this data on the basis of our legitimate interest in operating and improving the Service; it is never used for advertising, and we do not use third-party ad trackers anywhere in the product.

7. Legal bases (EEA/UK)

Where the GDPR applies, we process your data on these bases: performance of a contract (providing the Service you signed up for, billing), legitimate interests (securing the Service, preventing abuse, improving the product via in-product analytics and error monitoring, service communications), consent (marketing-site analytics cookies, push notifications, optional emails), and legal obligation (tax and accounting records).

8. Retention and deletion

We keep your data for as long as your account exists. You can delete your account in your profile settings: the account is locked immediately and permanently deleted after a 30-day grace period, during which you can restore it by signing back in. After permanent deletion, your brands, ideas, media, and settings are erased.

We retain a small amount of data beyond deletion where we have a legitimate or legal reason to: billing records required for tax and accounting purposes, and a one-way hashed identifier used solely to prevent abuse of free-tier sign-up credits. Media you move to trash inside the app is kept for 30 days and then permanently removed. Credentials for a connected social account are deleted as soon as you disconnect the account in settings, and in any case when your account is permanently deleted; content already published to a platform remains on that platform under your own account there.

9. Your rights

Depending on your location, you may have the right to access, correct, export, delete, or restrict the processing of your personal data, to object to processing based on legitimate interests, and to withdraw consent at any time. You can edit most data directly in settings and delete your account yourself; for an export of your data or any other request, reach us through our contact page. If you are in the EEA or UK, you also have the right to lodge a complaint with your data-protection authority.

10. International transfers

Some of our service providers process data outside the European Economic Area, including in the United States. Where they do, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision (e.g. the EU–US Data Privacy Framework, where the provider is certified).

11. Security

We protect your data with industry-standard measures, including encryption in transit, encrypted storage of sensitive credentials, and row-level access controls that ensure your data is only accessible to your account. No system is perfectly secure; if a breach affecting your personal data occurs, we will notify you and the relevant authorities as required by law.

12. Children

The Service is a business tool and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. We will post the revised policy on this page and update the “last updated” date above; for material changes we will notify you by email or in the app.

14. Contact

Questions about this policy or your data? Reach us through our contact page.