Legal
Privacy Policy
Last updated: 1 May 2025 · Effective: 1 May 2025
BrandViper AI Ltd ("BrandViper AI", "we", "us", or "our") is committed to protecting your
personal data. This Privacy Policy explains what data we collect, why we collect it, how we use
it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018.
1. Who We Are
BrandViper AI Ltd is a company registered in England and Wales. We operate an AI-powered social
media management platform. For data protection enquiries, contact us at
privacy@brandviper.ai.
2. Data We Collect
- Account data: name, email address, company name, job title.
- Billing data: subscription plan, payment method tokens (processed by Stripe — we never store raw card numbers).
- Connected social accounts: OAuth access tokens, platform usernames, follower counts, and post performance metrics provided by social platforms you connect.
- Content data: posts, captions, images, and videos you create or schedule through the platform.
- Usage data: pages visited, features used, clickstream data, session duration, and browser / device information.
- Communications: support tickets, in-app messages, and emails you send to us.
- AI interaction data: prompts and generated content processed by our AI providers (OpenAI, Anthropic) subject to their respective data policies.
3. How We Use Your Data
- Providing, operating, and improving the BrandViper AI platform.
- Processing payments and managing your subscription.
- Publishing and scheduling social media content on your behalf.
- Generating AI-powered content, analytics, and recommendations.
- Sending transactional emails (account confirmations, invoices, alerts).
- Detecting fraud, abuse, and security incidents.
- Complying with legal obligations.
4. We Do Not Sell Your Data
We do not sell, rent, or trade your personal data to any third party for
marketing or advertising purposes. We do not use your data to train AI models.
5. Legal Bases for Processing (UK GDPR)
- Contract: processing necessary to deliver the services you have subscribed to.
- Legitimate interests: fraud prevention, platform security, and service analytics.
- Legal obligation: compliance with UK law, tax, and financial regulations.
- Consent: marketing communications (where you have opted in).
6. Data Sharing
We share data only with trusted sub-processors required to deliver the service, including:
- Supabase — database and authentication infrastructure.
- Stripe — payment processing.
- OpenAI / Anthropic — AI content generation.
- Cloudflare — media storage and CDN.
- Resend — transactional email delivery.
We will never share your data with third parties for their own marketing purposes.
7. Data Retention
We retain your personal data for as long as your account is active and for up to 7 years
after account closure to comply with UK financial regulations. You may request earlier deletion
(see Your Rights below).
8. International Transfers
Some sub-processors may process data outside the UK. Where transfers occur, we ensure
appropriate safeguards are in place (UK adequacy decisions or UK International Data Transfer
Agreements).
9. Your Rights Under UK GDPR
- Access: request a copy of your personal data.
- Rectification: correct inaccurate data.
- Erasure: request deletion of your data ("right to be forgotten").
- Restriction: ask us to limit how we process your data.
- Portability: receive your data in a machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: at any time where processing is based on consent.
To exercise any right, email privacy@brandviper.ai.
We will respond within 30 days. You also have the right to lodge a complaint with the
Information Commissioner's Office (ICO).
10. Cookies
We use strictly necessary cookies for authentication sessions and security. No advertising
or tracking cookies are set without your explicit consent.
11. Changes to This Policy
We may update this policy periodically. Material changes will be notified by email or
in-app notification at least 30 days before taking effect.
12. Contact
For any privacy-related questions, contact our Data Protection team at
privacy@brandviper.ai.