Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last Updated: January 29, 2026

BrandOps ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-brand content planning and governance platform (the "Service").

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Email address
  • Password (stored using secure hashing)
  • Account preferences and settings

1.2 Social Media Integration Data

When you connect social media accounts through OAuth:

  • Access Tokens: Encrypted and stored securely using AES-256-GCM encryption
  • Account Information: Page names, account handles, profile pictures, account IDs
  • Permission Scopes: Types of access you've granted (e.g., posting, reading engagement data)
  • Page/Account Selections: Which Facebook Pages, Instagram accounts, and Threads accounts you've selected for use

1.3 Content Data

We store content you create through our platform:

  • Brand configurations and settings
  • Content ideas, posts, and variants
  • Scheduling information
  • Hashtags, CTAs, and content templates
  • Post metrics and engagement data

1.4 Usage Data

We automatically collect information about your use of the Service:

  • Session information (stored in secure, signed cookies)
  • IP address and browser type
  • Pages visited and features used
  • Connection timestamps and verification status

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Authenticate your identity and manage your account
  • Connect to your social media accounts via OAuth 2.0
  • Post content to your connected social media platforms (with your explicit permission)
  • Sync engagement metrics from your social media accounts
  • Generate content calendars and weekly blueprints
  • Send you service-related communications
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3. Data Storage and Security

3.1 Encryption

We use industry-standard encryption to protect sensitive data:

  • OAuth Tokens: All access tokens are encrypted using AES-256-GCM encryption before storage in our database
  • Passwords: Passwords are hashed using bcrypt before storage
  • Session Data: Session cookies are signed and encrypted

3.2 Data Location

Your data is stored in secure databases hosted on reputable cloud providers. By using our Service, you consent to the transfer of your information to our servers.

3.3 Data Retention

We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time.

4. Third-Party Services

4.1 Social Media Platforms

Our Service integrates with third-party social media platforms including:

  • Meta Platforms: Facebook, Instagram, Threads (via Meta Graph API)
  • LinkedIn: LinkedIn API
  • X (Twitter): X API

When you connect these accounts, you authorize us to access your data according to the permissions you grant. Each platform's privacy policy governs how they handle your data. We only access data necessary to provide our Service.

4.2 Service Providers

We may use third-party service providers to:

  • Host our infrastructure and databases
  • Send emails and notifications
  • Analyze service usage and performance

These providers are contractually obligated to protect your information and use it only as necessary to provide their services. For a complete list of our third-party service providers (subprocessors), please see ourSubprocessor List.

5. Your Rights and Choices

5.1 Access and Correction

You can access and update your account information at any time through your account settings.

5.2 Data Deletion

You can request deletion of your account and associated data by contacting us at the email address below. Note that some information may be retained for legal or legitimate business purposes.

5.3 Disconnect Social Media Accounts

You can disconnect your social media accounts at any time through the Integrations page. When you disconnect, we will delete stored access tokens and related data.

5.4 Opt-Out

You can opt out of non-essential communications by adjusting your account preferences.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authenticate your identity
  • Remember your preferences
  • Analyze service usage

You can control cookies through your browser settings, though disabling cookies may limit functionality.

7. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information.

8. International Users

Our Service may be accessed from outside your country. By using our Service, you consent to the transfer of your information to our facilities and those third parties with whom we share it as described in this Privacy Policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through your account settings or via the contact form in the application.

11. Compliance

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) - for users in the European Union
  • California Consumer Privacy Act (CCPA) - for users in California
  • Other applicable privacy laws