Privacy Policy

Effective April 23, 2026

This Privacy Policy applies to the BrandTrackers application and service ("BrandTrackers", "the Service", "we", "our", "us") operated at www.brandtrackers.xyz.

1. Who we are

BrandTrackers is a creative-intelligence platform for advertising, operated by the BrandTrackers team. We can be reached at admin@brandtrackers.xyz. This policy applies to data collected through the brandtrackers.xyz website and any BrandTrackers product you use with your account.

2. What we collect

  • Account info: name, email, and profile picture from your sign-in provider. If you sign in with Google, this information is your Google Account's basic profile — see §3 below for the full disclosure.
  • Usage data: pages visited, features used, searches performed. Used to improve the product.
  • Content you create: boards, trackers, saved items, notes. Stored so you can access them when you return.
  • Cookies: session cookies for sign-in, preference cookies for UI state. No third-party advertising cookies.

3. Google user data (Google API Services User Data Policy)

BrandTrackers offers "Sign in with Google" as an authentication option. The authentication flow is handled by WorkOS (our identity provider) on our behalf. When you sign in with Google, BrandTrackers receives a limited set of profile information from your Google Account, which is governed by this section and by the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What Google user data we access

We request the minimum OAuth scopes necessary to identify you:

  • userinfo.email — your primary Google Account email address
  • userinfo.profile — your Google Account display name, profile picture URL, locale, and a stable Google user identifier

We do not request, access, or store data from any other Google service. We do not read your Gmail, Calendar, Drive, Contacts, Photos, YouTube, or any other Google-hosted content.

3.2 How we use Google user data

We use the Google profile data listed above exclusively to:

  • Create and authenticate your BrandTrackers account.
  • Display your name and profile picture within the BrandTrackers application interface.
  • Send you account-related emails (password resets, security alerts, product notices) to the email associated with your Google Account.
  • Respond to your support requests.

3.3 Limited Use compliance — what we will NOT do

BrandTrackers' use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We will never use Google user data for:

  • Serving or targeting advertising of any kind (including personalized, retargeted, or interest-based advertising).
  • Selling or transferring to data brokers or information resellers.
  • Determining credit-worthiness or lending decisions.
  • Training generative AI or machine-learning models, either our own or third parties'.
  • Building derivative databases or data products.
  • Any purpose other than providing or improving the user-facing features of BrandTrackers.

BrandTrackers does not sell, rent, or lease Google user data to third parties under any circumstances.

3.4 Who we share Google user data with

We share the Google profile data described in §3.1 only with the service providers that technically enable your BrandTrackers account:

  • WorkOS — our authentication provider. WorkOS receives your Google profile data to manage your sign-in session and issues the authentication token our backend verifies. Governed by the WorkOS Privacy Policy.
  • Supabase — our application database. Your account email and name are stored here along with the content you create in BrandTrackers.
  • Vercel — our web hosting provider. Sees request metadata as part of normal web traffic (IP address, user agent, request URL) but does not store Google profile content.
  • Sentry — error monitoring. Error reports may include your user ID for debugging correlation; we do not send profile pictures or raw Google tokens.
  • PostHog — product analytics. Captures usage events keyed to your user ID; not used for advertising.

We do not share Google user data with any other third party, including ad networks, data brokers, analytics platforms beyond those listed, or AI model providers.

3.5 Retention & deletion of Google user data

We retain Google profile data for as long as your BrandTrackers account is active. When you delete your account (by emailing admin@brandtrackers.xyz), we delete your Google profile data from our systems within 30 days; residual copies in backups are purged within an additional 60 days.

You can revoke BrandTrackers' access to your Google Account at any time, immediately, from your Google Account permissions page. Revoking access prevents future sign-ins but does not delete your existing BrandTrackers account or content — email us to close the account.

3.6 Security of Google user data

Google profile data is transmitted over TLS 1.2+ and stored encrypted at rest in our managed database. OAuth tokens are handled by WorkOS and are not persisted in our application database. Access to production systems is restricted to authorized engineers and audit-logged.

4. How we use your other data

  • Provide and operate the BrandTrackers service.
  • Authenticate you and secure your account.
  • Send product updates and respond to support requests.
  • Analyze usage to improve features (aggregated, anonymized where possible).

We do not sell your personal data. We do not run third-party advertising networks on this site.

5. Your rights

You can:

  • Request a copy of the personal data we hold about you.
  • Request correction or deletion of that data.
  • Revoke Google OAuth access at any time via your Google Account permissions page (see §3.5).
  • Delete your BrandTrackers account by emailing admin@brandtrackers.xyz.

We respond to verified requests within 30 days. If you are in the EU/UK, you also have the right to lodge a complaint with your local data-protection authority.

6. Data retention

We keep account data (including Google profile data per §3.5) while your account is active and for up to 90 days after deletion (30 days for primary systems + up to 60 days for backups). Usage analytics are retained for up to 12 months in identifiable form, then aggregated.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted and audit-logged. We use a managed Postgres instance with network-level IP restrictions and rotate service credentials on a regular cadence. We take commercially reasonable measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

8. Children

BrandTrackers is not intended for individuals under 13. We do not knowingly collect data from children.

9. International users

BrandTrackers is operated from the United States. If you use the Service from outside the US, your data will be transferred to, stored, and processed in the US (and in the US-based regions of our service providers). By using the Service, you consent to this transfer.

10. Changes to this policy

When we update this policy, we will change the effective date at the top and — for material changes affecting Google user data, how we share data, or your rights — notify active users via email to the address on your account. Continued use of the Service after an update constitutes acceptance.

11. Contact

Questions, concerns, or data requests (including requests to delete your Google user data): admin@brandtrackers.xyz.

See also: Terms of Service.