1. Scope
This policy applies to the BrandLabAI website, our client-facing products and the operational services delivered by AI Brandcraft LLC. It covers business clients, their authorized users and platform data accessed under explicit consent through standard OAuth 2.0 flows.
2. Data controller
AI Brandcraft LLC, a Florida limited liability company operating commercially as BrandLabAI, with operational teams in Quito, Ecuador. Contact: hello@brandlab-ai.com — +1 954 554 6781.
3. Information we process
Account and contact information for authorized users; OAuth access tokens issued by integrated platforms for the explicit scopes the client authorizes; advertising metadata such as ad accounts, Pages, campaigns, ad sets, ads and aggregated performance metrics where applicable; product usage telemetry strictly required to operate the service.
4. Purposes of processing
We process information to deliver authorized services, generate analytics, support clients, secure the platform, comply with applicable law and improve the service strictly inside each client's environment. Third-party platform data is not sold, rented or used for unrelated third-party advertising.
5. Legal basis
Processing is performed to fulfill contractual obligations to business clients, to comply with legal duties applicable to AI Brandcraft LLC and on the basis of the explicit consent provided through any integration's authorization dialog.
6. Security controls
Sensitive credentials are encrypted at rest using AES-256-CBC with versioned key rotation. Network communications are restricted to HTTPS and TLS. Primary infrastructure is hosted in the AWS US-East region. Database and credential access is limited through server and network controls. Client data is not used to train generalized models outside the client's secure environment.
7. Retention
OAuth tokens are retained for a maximum of 60 days. Authorized campaign data is retained for 90 days. Manual deletion requests are formally confirmed within 72 hours and associated data is scheduled for deletion within a maximum of 30 days.
8. International transfers
Transfers between United States infrastructure and Ecuadorian operational teams are governed by applicable safeguards and contractual mechanisms designed to maintain the confidentiality and integrity of personal data.
9. Your rights
Authorized users may request access, correction, deletion, restriction or portability of personal data, subject to applicable law and any contractual constraints between BrandLabAI and the client. Requests can be submitted by email to hello@brandlab-ai.com.
10. Data deletion
Users may remove integrations from the source platform's settings panel, which triggers our deletion workflow, or submit a manual request to hello@brandlab-ai.com with the subject 'User Data Deletion Request', including the relevant platform user identifier and business account identifier. See the Data Deletion page for the step-by-step process.
11. Changes to this policy
We may update this policy to reflect changes in legal, technical or operational practices. Material updates will be communicated through this page and the last-updated date at the top.
12. Contact
For any privacy inquiry, contact hello@brandlab-ai.com or +1 954 554 6781.