Privacy Policy

Last updated: March 2026. This policy describes how BrandPilot ("we", "us", "our") collects, uses, and protects your information.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (Google, GitHub), we receive basic profile information from that provider.

Project Data

When you create projects, we store the briefs, design tokens, generated components, pages, and visual assets you produce. This data is associated with your account and used to deliver the service.

Usage Data

We collect anonymized usage analytics to improve the service, including pages visited, features used, and error reports. We use PostHog for analytics, which respects Do Not Track headers.

How We Use Your Information

  • To provide and maintain the BrandPilot service
  • To generate design systems based on your project briefs
  • To improve our AI agents and generation quality
  • To communicate service updates and respond to support requests
  • To detect and prevent abuse or unauthorized access

Data Storage and Security

Your data is stored on servers in the Asia-Pacific region (Singapore). We use encryption in transit (TLS) and at rest. Database access is restricted to authenticated application connections only.

Third-Party Services

We use the following third-party services to operate BrandPilot:

  • Vercel — hosting and serverless functions
  • Neon — PostgreSQL database
  • Upstash — Redis caching and job queues
  • Anthropic (Claude) — AI design generation
  • OpenAI — image generation and embeddings
  • PostHog — anonymized analytics

Your Rights

You have the right to:

  • Access and download your project data at any time
  • Request deletion of your account and all associated data
  • Opt out of analytics tracking
  • Request a copy of your data in a portable format

Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated project data is permanently deleted within 30 days. Anonymized usage statistics may be retained indefinitely.

Contact

For privacy-related questions or requests, contact us at privacy@brandpilot.dev.