Brandzy v0.9.1 is live.Request access here →
Brandzy Back
Last updated May 31, 2026

Privacy.

Brandzy finds qualified leads for online businesses. To do that, we process the account information you give us, the accounts you connect (starting with X), public activity tied to your offer, and the lead/context data created inside Brandzy.

Plain summary first: we use your data to run Brandzy for you. We don't sell your data, we don't train Brandzy-owned models on your content, and we don't send DMs or posts without your approval.

Who this applies to

This policy covers anyone who visits brandzy.io, requests access, joins the public beta, signs in to app.brandzy.io, or uses Brandzy. Brandzy is built for people running a business; it's not intended for children under 16.

What we collect

  • Access and account information. Email address, display name, login method, beta access status, timezone, and messages you send us.
  • Business context. What you sell, who your ideal customer is, brand profile details, competitors, keywords, proof, exclusions, and other context you add so Brandzy can judge fit.
  • Connected X account data. Your X profile, handle, posts, replies, followers, engagement, public metrics, OAuth scopes, and the tokens needed to keep the connection working.
  • Public X discovery data. Public posts, profiles, replies, mentions, engagement, and search results that Brandzy reviews to find buying signals tied to your offer.
  • Optional DM qualification data. If you enable DM qualification, Brandzy reads recent X DM events to classify buyer seriousness. We store the resulting summaries, verdicts, evidence, participant metadata, timestamps, and next actions. We do not store raw DM text as durable account content.
  • Brandzy content. Leads, Signal Scores, Coach verdicts, draft messages, Pipeline stages, notes, settings, billing entitlement, and support context created in your account.
  • Usage and operational data. Scans run, drafts generated, pages opened, errors, rate-limit events, scan budget/usage records, and performance logs.
  • Device and network data. Browser, operating system, approximate location (country-level from IP), and basic technical info required to deliver the app.
  • Billing data. Handled by Stripe. We never see or store your full card number.

How we use it

  • To run Brandzy. Connecting X, reading permitted X data, finding public buying signals, scoring fit and urgency, qualifying replies when enabled, and keeping your lead queue useful.
  • To help you decide what to do next. Producing Signal Scores, Coach verdicts, lead briefs, rejection filters, draft replies, and Pipeline updates.
  • To personalize output. Your offer, buyer language, profile, rejected patterns, and past activity shape suggestions only inside your own account.
  • To keep Brandzy working. Debugging errors, monitoring performance, preventing abuse, enforcing rate limits, and protecting unit economics.
  • To talk to you. Access requests, product updates you opt into, transactional emails, support, security notices, and billing messages.

Cookies and browser storage

We use a small number of cookies and local-storage items: one to keep you signed in, one for preferences, and limited product/diagnostic data so the app works reliably. We don't use tracking cookies that follow you across other sites.

How long we keep it

  • Access requests stay until you unsubscribe, ask us to delete them, or we no longer need them for beta/customer communication.
  • Account content stays while your account is active. If you close your account, we delete your Brandzy account data within 30 days unless we need to retain limited records for legal, tax, security, or abuse-prevention reasons.
  • X-derived lead data is refreshed and rolled forward according to your plan, product settings, and X API limits.
  • Raw DM text is used during DM qualification when you enable it, but is not stored as durable Brandzy account content. Stored DM qualification records contain summaries/signals instead.
  • OAuth tokens for X are cleared when you disconnect your X account.
  • Billing records are kept for seven years to meet tax and accounting requirements.
  • Aggregated, anonymized usage data may be kept indefinitely for product analytics.

Who else sees it

We use a small set of service providers to deliver Brandzy. Each gets only the data needed for its role:

  • X API — to connect your account, read permitted X data, and support user-approved publishing features.
  • xAI/Grok — to classify signals, generate Coach output, and draft review-first messages from your account context. The AI provider may temporarily retain API inputs and outputs for safety or abuse monitoring under its API terms; we don't authorize model training on your Brandzy content.
  • Stripe — to process subscriptions and payments.
  • Firebase and Google Cloud — to provide authentication, hosting, database, file storage, server logs, and infrastructure.
  • Kit/ConvertKit — to collect access requests and send product emails you asked to receive.
  • Transactional email — to send account, billing, and security emails.
  • Analytics — privacy-friendly, aggregated, anonymized.

We never sell your data to advertisers, brokers, or anyone else. We do not share account content between customers.

International transfers

Some of our sub-processors operate across different regions, which means your data may cross borders in the course of delivering Brandzy. Where required, we rely on standard contractual clauses and equivalent safeguards to protect those transfers.

Your rights

Wherever you're based, you can:

  • Export a copy of your account data.
  • Correct or delete any of your data.
  • Disconnect your X account at any time.
  • Disable DM qualification and delete stored DM qualification signals.
  • Opt out of product marketing emails (transactional emails continue).
  • Close your account.

Email hello@brandzy.io and we'll handle any of these within seven days. If you're in the EU, UK, or California, you also have local statutory rights (access, portability, objection); the same email covers those.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. We describe the broader security program on the Security page.

Changes to this policy

If we change this policy in a meaningful way, we'll email active customers at least 14 days before it takes effect. Minor edits (typos, clarifying wording) may happen without notice and are reflected in the "last updated" date at the top.

Contact

Privacy questions, requests, or complaints: hello@brandzy.io.