Privacy Policy

Brandeet is operated by STRATEGYMELODY - LDA, trading as Brandeet, a company based in Portugal with registered address at Rua Gandra, TecPark, Barco and VAT/tax/company registration number 519377281.

You can contact us about privacy or legal questions at support@brandeet.com.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use Brandeet, including our website builder, AI features, marketing strategy tools, audits, publishing features, contact forms, billing, and newsletter.

For most information described in this Privacy Policy, STRATEGYMELODY - LDA is the controller of your personal data.

Where we process personal data contained in customer content, uploaded content, or published websites solely to provide the service to that customer, we may act as a processor or service provider on the customer's behalf.

We collect the following categories of information depending on how you use Brandeet:

• Account information, such as name, email address, password credentials, Google sign-in details, email verification status, session information, two-factor authentication status, and account settings.
• Business and marketing profile information, such as business name, language, business type, description, target audience, competitors, brand voice, active platforms, team size, marketing goals, budget preferences, email marketing interest, reflections, and additional context you provide.
• Website and project content, such as prompts, page structure, copy, SEO metadata, custom CSS, uploaded images, favicons, asset metadata, subdomains, custom domains, and published website settings.
• AI, audit, and usage information, such as AI prompts, generated outputs, audit context, audit findings, marketing strategies, tasks, monthly summaries, credits, storage usage, and plan-limit usage.
• Contact and support information, such as name, email address, topic, message, hCaptcha token, and related anti-spam technical information submitted through the contact form.
• Billing information processed through Stripe, such as customer identifiers, subscription status, plan, invoice/payment metadata, tax information, and billing events. We do not store full payment card details.
• Technical and security information, such as IP address, user agent, device/browser details, authentication events, request metadata, logs, and similar operational information.

We use information to:

• Provide, maintain, secure, and improve Brandeet.
• Create accounts, authenticate users, verify email addresses, manage sessions, and support two-factor authentication.
• Create, edit, audit, publish, and host websites and related assets.
• Generate AI outputs, website content, SEO metadata, marketing strategies, summaries, and audit findings.
• Process uploads, optimize images, manage storage limits, and connect domains.
• Process subscriptions, payments, invoices, taxes, cancellations, and billing events.
• Respond to support, contact, legal, privacy, and deletion requests.
• Prevent spam, fraud, abuse, security incidents, and violations of our Terms.

When you use AI features, we may send prompts, business profile data, marketing preferences, existing website content, audit context, and related product data to third-party AI providers, including Anthropic, so they can generate outputs for you.

We do not use your content to train our own models. Anthropic states that API inputs and outputs are not used to train its models by default, except where feedback, bug reports, or other explicit permissions allow such use.

AI outputs may be inaccurate, incomplete, or unsuitable for your business. You are responsible for reviewing outputs before using, relying on, or publishing them.

When you publish a website, the website content, images, metadata, domain or subdomain, and other public assets become available on the internet.

Public content may be crawled, indexed, cached, copied, or archived by third parties outside our control. Deleting or unpublishing content may not remove copies already held by third parties.

We use a small set of first-party cookies and browser storage to operate the service. We do not use advertising cookies, analytics cookies, retargeting pixels, or session replay tools.

• Authentication session cookies, such as better-auth.session_token or secure-prefixed equivalents, keep you signed in. Strictly necessary. Up to 7 days by default.
• OAuth flow cookies, such as better-auth.state or better-auth.pkce_code_verifier, are set temporarily during Google sign-in to prevent CSRF. Strictly necessary.
• better-auth.last_used_login_method remembers whether you last used email or Google sign-in. Functional. 30 days.
• NEXT_LOCALE stores your language preference. Functional. 1 year.
• sidebar_state remembers whether the editor sidebar is open. Functional. 7 days.
• Theme preference is stored under the theme key in your browser's local storage to remember light or dark mode. Functional.
• hcaptcha-consent stores whether you accepted loading the contact form anti-spam check. Functional/consent preference. 180 days.
• hCaptcha is loaded only on the contact form after you opt in, to prevent spam. It is provided by Intuition Machines, Inc. and may process your IP address and set third-party cookies.

You can clear or block cookies in your browser settings. Disabling strictly necessary cookies will prevent you from signing in or using parts of the service.

You can withdraw hCaptcha consent using the revoke link below the contact form's anti-spam check. Revoking consent prevents the widget from loading again unless accepted, but existing third-party hCaptcha cookies may need to be managed through your browser settings or hCaptcha controls.

If you subscribe to our newsletter, we use MailerLite to manage subscriptions and send emails. Newsletter signup uses double opt-in, and every newsletter includes an unsubscribe link.

When you contact us, we use your contact details and message to respond. We use hCaptcha to prevent automated submissions and Resend to deliver contact emails to our team.

• Service, security, billing, account, and support messages may be sent as needed to provide Brandeet.
• Newsletters and promotional emails are sent only where you have explicitly opted in, and you can unsubscribe at any time.

We share information with service providers that help us operate Brandeet, including Convex and Better Auth for backend, database, and authentication; Vercel for frontend hosting; Cloudflare, Cloudflare R2, and Cloudflare Pages for infrastructure, storage, domains, and published sites; Stripe for payments; Anthropic for AI generation; Inngest for background jobs; Google OAuth and Google Fonts; Pexels for stock image suggestions; hCaptcha for anti-spam; Resend for email delivery; and MailerLite for opt-in newsletters.

We may also disclose information with your consent or direction, to comply with law, to protect rights and safety, to investigate abuse, or as part of a merger, acquisition, financing, reorganization, or sale of assets.

We and our providers may process information in countries outside Portugal and the European Economic Area, including the United States. Where required, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, data processing agreements, or equivalent transfer mechanisms.

We keep account data while your account is active. We keep project/site data, uploaded assets, business profile, marketing profile, audits, and AI outputs while your account is active or until deleted or requested. Contact and support messages are kept for up to 24 months. Newsletter records are kept until unsubscribe or deletion request, subject to suppression records needed to honor opt-outs. Security, authentication, and session logs are kept for up to 12 months. Billing, invoice, tax, and accounting records are kept as required by Portuguese and EU law. Backups may be retained for up to 90 days before rolling deletion.

Deletion requests are processed within 30 days where technically feasible, unless we need to retain information for legal, tax, security, fraud-prevention, dispute, backup, or legitimate business reasons. Some account deletion controls may be available in the product, but for a complete privacy deletion request please contact us at support@brandeet.com.

Depending on your location, you may have rights to access, correct, delete, export, object to, restrict processing of, or withdraw consent for certain personal data. You may also have the right to lodge a complaint with your local data protection authority.

To make a request, contact support@brandeet.com. We may ask for information to verify your identity and aim to respond within 30 days, unless the request is complex or law permits more time.

We use technical and organizational measures designed to protect personal information, including access controls, authentication, encrypted transport, provider security controls, and operational safeguards. No method of transmission or storage is completely secure.

Brandeet is not directed to children or anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact support@brandeet.com and we will take appropriate steps.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the service, by email, by updating the effective date, or by another reasonable method. Questions about this Privacy Policy can be sent to:

support@brandeet.com