Privacy Policy

BrandGuard operates this service under the BrandGuard name. We are the data controller for the personal data described in this notice unless we say otherwise.

Registered office

Registered office details will be confirmed before public launch

Company number

Company registration details will be confirmed before public launch

VAT number

VAT status will be confirmed on customer invoices

Privacy contact

[email protected]

DPO or privacy lead

Privacy requests can be sent to [email protected]

ICO registration

ICO registration details will be published where required

We collect information that we need to run BrandGuard, manage customer accounts, provide support, improve the product, keep the service secure, and meet legal obligations.

• Identity and contact details, such as name, email address, login method, profile information, and workspace role.
• Account and organisation information, such as workspace names, invited users, permissions, billing owner details, plan information, and subscription status.
• Integration data, including Google Ads account identifiers, account names, hierarchy information, campaign selections, monitoring configuration, OAuth token status, and related reporting data where you connect Google Ads.
• Product usage data, such as pages viewed, features used, settings changed, reports opened, errors, diagnostics, session information, and audit logs.
• Payment and billing records, such as Stripe customer IDs, subscription IDs, invoice status, plan changes, and billing support messages.
• Website and device data, such as IP address, browser, device type, approximate location, cookie identifiers, consent choices, and analytics events.
• Support and communication data, including messages you send us, attachments, feedback, and records of our replies.

If you connect Google Ads, BrandGuard will use Google user data only to provide and improve user-facing features you request, such as account linking, account discovery, monitoring, reporting, token health checks, and approved campaign actions.

• We do not sell Google user data.
• We do not use Google user data for advertising, data broker services, credit decisions, or training general AI models.
• We share Google user data only with service providers that help us operate, secure, support, or legally protect BrandGuard.
• You can revoke Google access through your Google account and should be able to disconnect integrations in BrandGuard where supported.

These disclosures are intended to support the Google API Services User Data Policy and Google OAuth requirements.

We use essential cookies and similar technologies to provide the website and application, keep users signed in, protect accounts, remember preferences, and support OAuth and security features.

We may also use Google Analytics 4 and PostHog for analytics, product usage measurement, feature flags, experiments, error tracking, and session replay. These tools may use cookies, local storage, sessionStorage, or similar browser storage. In the UK, non-essential analytics and similar technologies should be used only after consent where required.

GA4 setting

Configured per deployment through the approved analytics measurement ID

PostHog project

Configured per deployment through the PostHog project token and server-side project API key.

PostHog hosting

PostHog Cloud EU preferred, hosted in Frankfurt where configured

Cookie preferences

/cookie-preferences

We do not sell personal data. We share it only where needed to run, secure, support, bill for, improve, or legally protect BrandGuard.

• Cloud hosting, database, email, logging, monitoring, security, and support providers.
• Google, where you use Google sign-in or connect Google Ads.
• Stripe or other payment providers, where you subscribe or make payments.
• GA4 and PostHog, where analytics or product diagnostics are enabled.
• Workspace owners, organisation administrators, agency managers, and invited users according to configured roles and permissions.
• Professional advisers, insurers, regulators, courts, law enforcement, or other parties where required by law or necessary to protect rights.

Some providers may process personal data outside the UK. Where this happens, we use appropriate safeguards where required, such as adequacy regulations, UK international data transfer agreements, UK addenda to EU standard contractual clauses, vendor data processing terms, and security controls.

We keep personal data only for as long as we need it for the purposes described in this notice, then delete, anonymise, or aggregate it unless we need to keep it longer for legal, accounting, security, or dispute reasons.

Under UK data protection law, you may have rights to access, correct, delete, restrict, object to processing, receive a portable copy of your data, and withdraw consent where we rely on consent.

• To make a request, contact [email protected].
• You can change analytics preferences through the cookie preference route when available.
• You can revoke Google OAuth access through your Google account.
• You can complain to the UK Information Commissioner's Office if you are unhappy with how we handle your data.

We use technical and organisational measures designed to protect personal data, including access controls, authentication safeguards, encrypted connections, audit logs, vendor controls, and secure handling of integration credentials. No online service can be guaranteed to be completely secure.

BrandGuard is not directed at children. Users must be at least 18 or otherwise authorised to use the service on behalf of a customer.

We may update this notice from time to time. If we make material changes, we will take reasonable steps to notify users through the website, application, email, or another appropriate method.