Privacy Policy

Information you provide directly

• Account Information: Your name, email address, organization details, password (stored hashed), and account preferences.
• Profile Information: Company name, job title, billing address, and contact information.
• Payment Information: Billing details and payment method information, processed securely through third-party payment processors.
• Communication Data: Messages, support requests, and feedback you send to us.

Connected platform data

When you connect a third-party account, we access only the data needed to provide the features you request. By platform, this may include:

• Google Merchant Center: Account identifiers and configuration, product feed data (titles, descriptions, prices, images, attributes), feed status and error information, and optimization history and results.
• Google Ads: Ad account identifiers, campaigns, ad groups, keywords, ads and assets, audiences, budgets, conversion actions, and performance metrics (impressions, clicks, cost, conversions, ROAS, and similar).
• Meta (Facebook & Instagram): Your Meta user ID and profile; the Pages, Instagram accounts, Business Manager and ad accounts you manage; campaigns, ad sets, ads, creatives, audiences, budgets, pixels and conversion events; posts, media, and engagement data; and content you create, schedule, or publish through Brandlio.
• Microsoft Advertising: Account and customer identifiers, campaigns, ad groups, keywords, ads, audiences, budgets, conversion goals, and performance metrics.
• Amazon Ads: Advertising profile and account identifiers, Sponsored Products/Brands/Display campaigns, ad groups, keywords and targets, search term and placement reports, budgets, and performance metrics (spend, sales, ACOS, ROAS, and similar). Where you connect Amazon selling data, this may also include order and traffic reporting needed for the features you use.
• Access tokens: OAuth access and refresh tokens and related identifiers issued by each platform, stored securely to perform the operations you authorize.

Information collected automatically

• Log Data: IP address, device information, browser type, operating system, and access times.
• Usage Analytics: Feature usage, session duration, pages visited, and interactions with the Service.
• Technical Data: Error logs, performance metrics, and system diagnostics.
• Location Data: General location (country/region level) derived from your IP address.

We use the information we collect, including connected platform data, to:

• Deliver the Service: Connect your accounts, display your assets, and maintain your session.
• Run optimization workflows: Analyze feeds and accounts, generate optimization suggestions, and publish approved changes.
• Create and manage advertising: Build, edit, launch, pause, and optimize campaigns, audiences, and creatives across Google, Meta, Microsoft, and Amazon at your direction.
• Publish and manage content: Create, schedule, and post content to the Pages and accounts you connect, and report on engagement.
• Reporting and analytics: Generate performance reports and insights from your advertising and listing data.
• Authentication and security: Verify your identity, prevent fraud, and protect against unauthorized access.
• Communication: Send operational emails related to authentication, billing, service updates, and support. You can opt out of non-essential marketing emails at any time.
• Improvement and legal compliance: Troubleshoot issues, enhance the Service, and comply with legal obligations.

We may use aggregated, anonymized data for analytics and research; such data cannot identify you personally. We do not sell your personal information or your connected platform data, and we do not use connected platform data to develop, improve, or train generalized AI/ML models, or for any purpose other than providing the features you request.

When you authorize Google OAuth, we store OAuth tokens and account identifiers to access Google Merchant Center and/or Google Ads data on your behalf. We request only the scopes required to perform the operations you select, and you can revoke access at any time from your Google account settings or within the Service.

Google API Services User Data Policy Compliance: Brandlio's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google API data to provide features that are visible to and requested by you.
• We do not use Google API data to develop, improve, or train generalized AI or machine learning models.
• We do not transfer Google API data to others except as necessary to provide the Service or as required by law.
• We do not use Google API data for serving ads.
• We do not allow humans to read Google API data unless required for security, legal compliance, or with your explicit consent.

Access to your Google data is limited to what is necessary to provide the Service. You can disconnect Google accounts at any time, and we will immediately stop accessing your Google data upon disconnection.

When you connect a Facebook and/or Instagram account, we use Facebook Login and the Meta Marketing and Graph APIs to provide ad management, ad creation, Page management, and content publishing. Our access to and use of Meta Platform data complies with Meta's Platform Terms and Developer Policies. Specifically:

• We request only the permissions and scopes required for the features you actively use.
• We use Meta Platform data only to provide and improve the features you have requested and that are visible to you.
• We do not transfer Meta Platform data to data brokers, advertising networks, or any party except service providers acting on our behalf or as required by law.
• We do not use Meta Platform data for serving advertising of our own or for cross-app tracking.
• We do not allow humans to access your Meta Platform data except where required for security, to comply with law, or with your explicit consent.

You can revoke Brandlio's access at any time from your Facebook settings under Settings & Privacy → Settings → Business Integrations, or by disconnecting the account within Brandlio. Upon revocation, we stop accessing your Meta data immediately. See Data Deletion below.

When you connect a Microsoft Advertising account, we use Microsoft OAuth and the Microsoft Advertising API to manage campaigns, build and edit ads, and report on performance at your direction. We request only the scopes required for the features you use, and we use Microsoft Advertising data solely to provide those features. We do not sell this data, use it to train generalized AI/ML models, or transfer it to third parties except to service providers acting on our behalf or as required by law. You can revoke access at any time from your Microsoft account security settings or by disconnecting the account within Brandlio, after which we stop accessing your Microsoft data immediately.

When you connect an Amazon Advertising (or, where applicable, Selling Partner) account, we use Login with Amazon and the Amazon Advertising API to manage campaigns, optimize bids and targeting, build ads, and generate reports at your direction. Our use of Amazon Information complies with the Amazon Ads API and Data Protection Policies. Specifically, we access only the data required for the features you use; we use Amazon Information solely to provide those features to you; we do not sell Amazon Information, use it for our own advertising, or use it to train generalized AI/ML models; and we do not transfer it to third parties except to service providers acting on our behalf or as required by law. You can revoke access at any time from your Amazon account settings or by disconnecting the account within Brandlio, after which we stop accessing your Amazon data immediately and delete cached Amazon Information in accordance with applicable Amazon policies.

We share information only as follows:

• Service Providers: Trusted vendors who help us operate the Service (cloud hosting and infrastructure, payment processors, email delivery, analytics and monitoring, and customer support). They are contractually obligated to protect your information and use it only for the purposes we specify.
• Connected Platforms: To carry out the actions you request (for example, publishing a post, updating a feed, or launching a campaign), we transmit the necessary data to the relevant platform's APIs (Google, Meta, Microsoft, or Amazon).
• Legal Requirements: When required by law, court order, or valid legal process.
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others, including to prevent fraud or abuse.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the same privacy protections.
• With Your Consent: At your direction or with your explicit consent.

We do not sell your personal information. We do not share connected platform data (including Google API data) with third parties except as necessary to provide the Service (e.g., through our hosting infrastructure) or as required by law.

We retain your information for as long as necessary to provide the Service, comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is legally required. OAuth tokens and cached API data for any connected platform are deleted immediately upon account deletion or disconnection. Some information may persist in secure backups for a limited period before permanent deletion. You may request deletion at any time by contacting support@brandlio.io.

• Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest, including OAuth tokens, is encrypted using industry-standard methods.
• Access Controls: Access is limited to authorized employees, contractors, and service providers who need it to perform their duties.
• Authentication: We use secure authentication, including password hashing and multi-factor authentication where available.
• Monitoring & Updates: We monitor for threats, apply security patches, and conduct regular security assessments.
• Compliance: We comply with applicable data protection laws, including GDPR and CCPA.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law, typically within 72 hours. Report any suspected unauthorized access to support@brandlio.io.

We use cookies and similar technologies (such as web beacons, pixel tags, and local storage) for authentication, remembering preferences, analytics, security, and core functionality. You can control cookies through your browser settings, though some features may not work without them. We may use third-party analytics services (such as Google Analytics) that use cookies to collect information such as your IP address, browser type, and pages visited. We do not use cookies for advertising purposes or to track you across third-party websites.

Depending on your location, you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent. You may access, update, or delete your account information through your account settings, and disconnect any connected platform within the Service or revoke OAuth access directly from that platform's settings. To exercise these rights, contact support@brandlio.io. We respond within 30 days or as required by law and may need to verify your identity first. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

The Service is not intended for children under 13 (or under 16 in the EEA), and we do not knowingly collect their personal information. If you believe a child has provided us information, contact support@brandlio.io and we will delete it promptly.

We may process and store information in countries other than your own, including Israel, the United States, and other regions where we or our service providers operate. These countries may have different data protection laws than your country of residence. Where required, we use appropriate safeguards such as standard contractual clauses or rely on adequacy decisions. By using the Service, you consent to such transfers. For more information about the safeguards we use, contact support@brandlio.io.

California residents have the right to know what personal information we collect, use, and share; to delete it (subject to exceptions); to correct it; to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising); to limit use of sensitive personal information; and to non-discrimination for exercising these rights. To exercise them, contact support@brandlio.io. We do not have actual knowledge that we sell the personal information of consumers under 16 years of age.

If you are in the EEA, UK, or Switzerland, you have rights of access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making and profiling. Our legal bases for processing are contractual necessity, legitimate interests, consent, and legal obligations. You may lodge a complaint with your local data protection authority. Contact support@brandlio.io to exercise your rights.

We may update this Policy to reflect changes in our practices, legal requirements, or the Service. If changes are material, we will provide notice through the Service, by email, or by other reasonable means at least 30 days before they take effect. The "Last updated" date reflects the latest revision. Continued use after changes take effect constitutes acceptance. If you do not agree to the updated Policy, you must stop using the Service and may delete your account.

The Service may contain links to third-party websites, services, or applications we do not operate. This Privacy Policy does not apply to those services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

Questions about this Privacy Policy or our data practices? Contact us at:

We aim to respond within 2–3 business days, and will process data access or deletion requests within the timeframes required by applicable law.