Privacy Policy

Account data. When you register, we collect your name, email address, and hashed password. If you sign up via OAuth (Google or GitHub), we receive your name and verified email from that provider.

Brand and scan data. We store the brand names, keywords, target URLs, and geographic locations you configure for monitoring. We retain the scan results — including search engine rank positions, SERP snapshots, and domain registry records — so you can track trends over time.

Usage analytics. We collect anonymous product-usage events (page visits, feature interactions, button clicks) to understand how the platform is used and to improve it. These events do not include your brand or scan data.

Cookies and local storage. We use first-party cookies to maintain your session and remember your preferences such as theme and dashboard layout. We also use analytics cookies from privacy-respecting providers to measure aggregate traffic patterns.

Provide the service. Your account data lets us authenticate you, and your scan configuration lets us run scheduled brand monitoring jobs across Google, Bing, Yelp, LinkedIn, and domain registries.

Send alerts and reports. We use your email address to deliver rank-change notifications, weekly digest emails, and AI-generated insight reports that you configure in your alert settings.

Improve the platform. Aggregated, anonymized usage data helps us identify friction points, prioritize new features, and benchmark platform performance.

Billing and support. We use your contact and billing information to process subscription payments, issue invoices, and respond to support requests.

We do not sell, rent, or trade your personal data or brand data to any third party, ever. We share data only in the following limited circumstances:

Infrastructure processors. We use Amazon Web Services (AWS) to host and process data. AWS operates under a Data Processing Agreement that restricts them from using your data for any purpose other than providing infrastructure services.

Payment processor. Stripe handles all payment card information. We never store or see raw card numbers — Stripe's tokenized payment system keeps that data isolated.

Legal compliance. We may disclose data if required by a valid court order or governmental authority, and only to the extent legally required. We will notify you of such requests where permitted by law.

We retain your account data, brand configurations, and scan history for as long as your account is active. Historical scan data older than 24 months may be compressed into summary form to optimize storage, though your full trend timeline remains visible in the dashboard.

When you delete your account, we permanently delete all associated personal data and brand scan data within 90 days. Billing records may be retained for up to 7 years where required by tax regulations. Anonymized, aggregate analytics derived from your usage are not deleted as they cannot be traced back to you.

All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256. Database backups are encrypted with separate key management and stored in geographically redundant locations.

We are pursuing SOC 2 Type II certification and maintain security practices consistent with that framework: role-based access controls, mandatory MFA for all internal engineers, annual penetration testing, and automated vulnerability scanning in our CI/CD pipeline.

If you discover a security vulnerability, please report it responsibly to security@brandwatch.app. We aim to acknowledge reports within 24 hours.

Depending on your jurisdiction, you may have rights under GDPR (EU/EEA), CCPA (California), or other applicable privacy laws. These include:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data.
• Portability — receive your data in a machine-readable format (JSON or CSV).
• Restriction — ask us to limit how we process your data while a dispute is resolved.
• Objection — opt out of processing based on legitimate interests.

To exercise any of these rights, email privacy@brandwatch.app. We will respond within 30 days.

We use three categories of cookies: