Brand Generator

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy describes how Brand Generator collects, uses, stores, and protects personal data. By using the platform, you acknowledge understanding this policy. For users in Brazil, this policy complies with the General Data Protection Law — LGPD (Law No. 13,709/2018).

1. Data Collection

1.1 Visitors (Non-registered Users)

  • Navigation data: IP address, browser type, operating system, accessed pages, and time spent (via analytics)
  • Functional and analytical cookies

1.2 Registered Users

  • Name and email address (provided via Google OAuth or magic link)
  • Brand kit generation history and preferences
  • Credit balance and transaction history

1.3 Paying Users

  • All registered user data
  • Payment data is processed exclusively by Stripe — credit card data is never stored on our servers
  • Purchase history and Stripe customer ID

2. Data Usage

Data is used for:

  • Service provision (generating brand kits, managing credits, processing reshuffles and exports)
  • Payment processing for credit purchases
  • Transactional notifications (generation status, purchase confirmations)
  • Aggregated and anonymous analysis for service improvements
  • AI usage tracking for cost management and service optimization
  • Legal compliance

Legal basis: User consent, contract execution, legitimate interest for service analysis, and legal obligation compliance.

3. AI Processing

When you generate a brand kit, your input data (product description, industry, target audience, personality traits, and color preferences) is sent to third-party AI providers for content generation. This data is used solely to generate your brand kit and is not used to train AI models.

Generated brand assets (logos, images) are stored securely and associated with your account.

4. Data Sharing

Data may be shared with trusted third-party service providers strictly for the purposes of operating the platform. These providers fall into the following categories:

  • Infrastructure, hosting, and database services
  • Payment processing (PCI DSS compliant)
  • AI content generation
  • Background job orchestration
  • Email delivery

All third-party providers are bound by data processing agreements and are prohibited from using your data for purposes other than providing their service to Brand Generator.

Brand Generator does not sell, rent, or commercialize personal data for marketing purposes.

5. Cookies

  • Essential cookies: Session authentication and user preferences
  • Analytical cookies: Aggregated usage patterns for service improvement

Users can configure browsers to refuse cookies, though this may impact functionality (e.g., authentication will not work without essential cookies).

6. Storage and Retention

  • Account data: Retained while your account is active. You may request account deletion by contacting us — we will process it within 30 days.
  • Brand kit assets: Retained while your account is active and deleted together with your account.
  • Transaction records: Credit purchases, usage, and refund records may be retained for up to 5 years after the transaction to comply with tax and accounting obligations, even after account deletion.
  • Payment data: Credit card and billing details are stored and managed entirely by our payment processor. We do not store payment credentials on our systems.

7. User Rights

You have the right to:

  • Confirmation and access to your data
  • Correction of incomplete or inaccurate information
  • Anonymization, blocking, or deletion of unnecessary data
  • Data portability
  • Deletion of data (for consent-based processing)
  • Consent revocation

To exercise any of these rights, contact us at matheus@brand-generator.com. We respond within 15 business days.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure token-based authentication
  • Granular database access controls and privilege separation
  • Payment data handled exclusively by a PCI DSS compliant processor
  • Regular security assessments

Users will be notified of security incidents as required by applicable law.

9. International Data Transfers

Your data may be processed in servers located outside your country of residence. When this occurs, we ensure appropriate safeguards are in place through standard contractual clauses and provider certifications in compliance with applicable data protection laws.

10. Minors

Brand Generator is not directed to users under 18 years of age. If we become aware that data from a minor has been collected, it will be deleted promptly.

11. Policy Updates

Changes to this policy will be communicated via email or platform notices. Continued use of the platform after changes constitutes acceptance.

12. Applicable Law

This policy is governed by applicable law in the user's jurisdiction. For users in Brazil, the LGPD (Law 13,709/2018) applies, and disputes are resolved in the user's home jurisdiction.

13. Contact

For questions about this privacy policy or to exercise your data rights, contact us at matheus@brand-generator.com