Privacy Policy

We collect information you provide directly to us, such as:

• Account Information: Your name, email address, organization details, password (hashed), and account preferences
• Profile Information: Company name, job title, billing address, and contact information
• Payment Information: Billing details and payment method information (processed securely through third-party payment processors)
• Communication Data: Messages, support requests, and feedback you send to us

When you connect Google Merchant Center, we access account metadata and product feed data needed to sync, analyze, and publish updates. This includes:

• Merchant Center account identifiers and configuration
• Product feed data (titles, descriptions, prices, images, attributes)
• Feed status and error information
• Optimization history and results

We also automatically collect usage data such as:

• Log Data: IP address, device information, browser type, operating system, and access times
• Usage Analytics: Feature usage, session duration, pages visited, and interactions with the Service
• Technical Data: Error logs, performance metrics, and system diagnostics
• Location Data: General location information derived from IP address (country/region level)

We use your information for the following purposes:

• Service Delivery: To provide and maintain the Service, process transactions, and fulfill your requests
• Optimization Workflows: To run feed analysis, generate optimization suggestions, and publish approved changes
• Authentication and Security: To verify your identity, prevent fraud, and protect against unauthorized access
• Communication: To send operational emails related to authentication, billing, service updates, and support
• Improvement: To analyze usage patterns, troubleshoot issues, and enhance the Service
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights

We may send operational emails related to authentication, billing, or service updates. You can opt out of non-essential marketing emails at any time by clicking the unsubscribe link in our emails or contacting us directly.

We may also use aggregated, anonymized data for analytics, research, and business intelligence purposes. This data cannot be used to identify you personally.

When you authorize Google OAuth, we store OAuth tokens and account identifiers to access Merchant Center data on your behalf. We only request scopes required to perform selected operations, and you can revoke access at any time from your Google account settings or within the Service.

Google API Services User Data Policy Compliance: We comply with Google's API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google API data to provide features that are visible to and requested by you
• We do not use Google API data to develop, improve, or train generalized AI or machine learning models
• We do not transfer Google API data to others except as necessary to provide the Service or as required by law
• We do not use Google API data for serving ads
• We do not allow humans to read Google API data unless required for security, legal compliance, or with your explicit consent

Access to your Google data is limited to what is necessary to provide the Service. We do not access or store data beyond what is required for the optimization workflows you request.

You maintain full control over your Google account connections. You can disconnect accounts at any time, and we will immediately stop accessing your Google data upon disconnection.

We share information only in the following circumstances:

• Service Providers: We share information with trusted third-party service providers who help us operate the Service, including:
  • Cloud hosting and infrastructure providers
  • Payment processors for billing transactions
  • Email delivery services
  • Analytics and monitoring tools
  • Customer support platforms
  These providers are contractually obligated to protect your information and use it only for the purposes we specify.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation, or to respond to valid legal process
• Protection of Rights: We may share information to protect our rights, property, or safety, or that of our users or others, including to prevent fraud or abuse
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections
• With Your Consent: We may share information with your explicit consent or at your direction

We do not sell your personal information. We only share data as described in this policy and in accordance with applicable data protection laws.

We do not share your Google API data with third parties except as necessary to provide the Service (e.g., through our hosting infrastructure) or as required by law.

We retain your information for as long as necessary to:

• Provide the Service and fulfill our contractual obligations
• Comply with legal obligations, including tax, accounting, and regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes. Some information may be retained in backup systems for a limited period before being permanently deleted.

Google OAuth tokens and cached API data are deleted immediately upon account deletion or when you disconnect your Google account.

You may request deletion of your account data at any time by contacting us at support@brandlio.io. We will process your request in accordance with applicable data protection laws.

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption: Data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using industry-standard encryption
• Access Controls: We limit access to your information to authorized employees, contractors, and service providers who need it to perform their duties
• Authentication: We use secure authentication methods, including password hashing and multi-factor authentication where available
• Monitoring: We monitor our systems for security threats and vulnerabilities and respond to incidents promptly
• Regular Updates: We keep our systems and software up to date with security patches
• Security Audits: We conduct regular security assessments and reviews
• Data Protection Compliance: We comply with applicable data protection laws and regulations, including GDPR, CCPA, and other relevant privacy frameworks

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

In the event of a data breach that may affect your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

If you become aware of any security breach or unauthorized access to your account, please notify us immediately at support@brandlio.io.

We use cookies and similar technologies (such as web beacons, pixel tags, and local storage) for the following purposes:

• Authentication: To keep you signed in and maintain your session
• Preferences: To remember your settings and preferences
• Analytics: To measure usage, understand how you interact with the Service, and improve performance
• Security: To detect and prevent fraud and abuse
• Functionality: To enable features and ensure the Service works properly

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly without cookies.

We may use third-party analytics services (such as Google Analytics) that use cookies to collect information about your use of the Service. These services may collect information such as your IP address, browser type, and pages visited. You can opt out of certain analytics tracking by adjusting your browser settings or using browser extensions.

We do not use cookies for advertising purposes or to track you across third-party websites.

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: You may request access to the personal information we hold about you
• Correction: You may update or correct inaccurate information through your account settings or by contacting us
• Deletion: You may request deletion of your account and personal information, subject to legal and operational requirements
• Portability: You may request a copy of your data in a structured, machine-readable format
• Objection: You may object to certain processing of your information, such as direct marketing
• Restriction: You may request that we restrict processing of your information in certain circumstances
• Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time

You may access, update, or delete your account information at any time through your account settings. You can also disconnect Google accounts within the Service or revoke OAuth access directly from your Google account settings.

To exercise any of these rights, contact us at support@brandlio.io. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.

If you are located in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

The Service is not intended for children under 13 years of age (or under 16 in the EEA), and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@brandlio.io, and we will delete such information.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

We may process and store your information in countries other than your own, including Israel, the United States, and other regions where we or our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer your information internationally, we take steps to ensure it is protected in accordance with this Privacy Policy and applicable data protection laws. This may include:

• Using standard contractual clauses approved by data protection authorities
• Relying on adequacy decisions by relevant authorities
• Implementing appropriate safeguards to protect your information

If you are located in the EEA, UK, or other regions with data protection laws, you acknowledge that your information may be transferred to and processed in countries outside your jurisdiction. By using the Service, you consent to such transfers.

If you have questions about international data transfers or wish to request more information about the safeguards we use, please contact us at support@brandlio.io.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, and share
• The right to delete your personal information (subject to certain exceptions)
• The right to opt out of the sale or sharing of personal information (we do not sell your information)
• The right to non-discrimination for exercising your privacy rights
• The right to correct inaccurate personal information
• The right to limit the use of sensitive personal information

To exercise your California privacy rights, contact us at support@brandlio.io. We will verify your identity before processing your request and respond within the timeframes required by law.

We do not sell personal information, and we do not have actual knowledge that we sell personal information of consumers under 16 years of age.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and similar laws, including:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• Rights related to automated decision-making and profiling

Our legal basis for processing your personal information includes:

• Contractual Necessity: To provide the Service and fulfill our Terms of Service
• Legitimate Interests: To improve the Service, ensure security, and prevent fraud
• Consent: Where you have provided explicit consent for specific processing activities
• Legal Obligations: To comply with applicable laws and regulations

To exercise your GDPR rights, contact us at support@brandlio.io. You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. If changes are material, we will provide notice through the Service, by email, or by other reasonable means at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top of this page indicates when this Policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

If you do not agree to the updated Policy, you must stop using the Service and may delete your account.

The Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access.

We are not responsible for the privacy practices or content of third-party services. Your interactions with third-party services are subject to their own terms and privacy policies.

Questions about this Privacy Policy or our data practices? Contact us at:

We aim to respond to all privacy inquiries within 2-3 business days. For requests related to data access, deletion, or other privacy rights, we will process your request within the timeframes required by applicable law.