BrandAlerts.ai Privacy Policy

1) Scope & Third-Party Links

This Policy applies to personal information processed by BrandAlerts via https://brandalerts.ai and any site we own and operate that links to it. Our Service may link to third-party websites, tools, or platforms (e.g., social networks, maps, ad platforms). Their privacy practices are governed by their own policies.

2) What We Collect

We collect information in three ways: (a) you provide it to us, (b) we collect it automatically, and (c) we obtain it from third parties (including public and licensed sources).

A. Information You Provide (Voluntarily Provided)

• Account & Contact Data: name, email, password (hashed), company, role, preferences.
• Billing & Subscription Data: plan selection, invoices, billing address, last-4 digits/brand/expiration month & year via our payment processor (we do not store full card numbers).
• Monitoring & Workspace Inputs ("Customer Data"): brand profiles, social handles, search queries and filters, alert rules, lists, tags, notes, imported contacts (if used for notifications), team members, and configuration of monitoring and reporting workflows.
• Support & Comms: emails, chat messages, survey responses, feedback.
• Consent Records: marketing consent, SMS/phone consent (when used), and opt-out preferences.

B. Information We Collect Automatically

We automatically collect technical data such as device information, IP address, browser type, cookies, and usage analytics (for example, how often you log in, how you interact with dashboards, and which features you use).

C. Information From Third Parties

• Data Partners & Integrations: where enabled, we may receive business profile attributes, public brand or social signals, or metadata from data partners or platforms you connect (subject to their terms and your permissions).
• Public & Open Sources: business directories, public websites, and publicly available social/profile pages to help surface brand, reputation, and conversation signals.
• Marketing/Ad Partners & Analytics: interaction data with our ads and pages, campaign performance, and conversions.

We aim to collect only what is reasonably necessary for the purposes described below.

3) How We Use Information

We use personal information to:

1. Provide & Improve the Service – account creation, authentication, user settings, brand and keyword monitoring, discovery and alerting of brand mentions, sentiment analysis, competitor tracking, search functionality, saved views and lists, integrations, and debugging.
2. Customer Support & Communications – respond to requests; send service, security, and transactional notices.
3. Billing & Administration – process payments; detect fraud; manage subscriptions and renewals.
4. Personalization & Product Research – tailor content, features, and recommendations; measure usage and improve performance and reliability.
5. Marketing (Opt-Out Anytime) – send product updates, offers, and educational content (email/SMS subject to applicable law and your preferences).
6. Safety, Security & Compliance – monitor misuse, prevent spam/abuse, and comply with legal obligations and platform policies.
7. Aggregated/De-identified Insights – create statistics and benchmarks that do not identify you (for example, high-level trends in how brands are mentioned across channels).

AI/Model-Assisted Features. Some features may use AI/heuristics to categorize, assess sentiment, prioritize, rank, enrich, or summarize brand-related signals. Outputs can be probabilistic and may contain errors. We use Customer Data to operate and improve these features, and we may create aggregated/de-identified datasets for model tuning and quality—never to re-identify an individual or to sell personal information as a standalone data product. Where required by applicable law, you may opt out of certain improvement uses (see Section 11).

4) Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we process personal data under these legal bases:

• Contractual necessity (to provide the Service);
• Legitimate interests (product improvement, security, fraud prevention, basic marketing);
• Consent (cookies/analytics/ads where required; SMS marketing; certain data sharing);
• Legal obligation (tax, accounting, regulatory).

You may withdraw consent at any time without affecting prior lawful processing.

5) Cookies, Pixels & Similar Tech

We use first- and third-party cookies and similar technologies for:

• Essential operations (authentication, security);
• Analytics (usage metrics, product improvement);
• Advertising/retargeting (to measure and improve campaigns);
• Functional (remember preferences).

You can manage cookies in your browser and via our Cookie Preferences link (if implemented). Blocking some cookies may limit functionality. See our separate Cookie Policy for details.

Global Privacy Control (GPC). Where required by law, we treat a valid GPC signal as a request to opt out of sale/share for the device/browser sending the signal.

6) How We Share Information

We do not sell personal information as commonly understood. Under certain state privacy laws, some analytics/advertising disclosures can be considered a "sale" or "share." You can opt out (see Section 11).

We share personal information with:

• Service Providers / Processors – hosting, infrastructure, analytics, email/SMS, payment processing, customer support, logging/monitoring, security, QA. These parties are contractually bound to use personal information only to provide services to us.
• Integration & Platform Partners – where you connect accounts or direct us to act on your behalf (subject to your permissions).
• Professional Advisors – auditors, lawyers, and accountants under confidentiality.
• Business Transfers – in M&A, financing, or asset sale scenarios (successors bound by this Policy or a policy with materially similar protections).
• Legal & Safety – to comply with law, enforce terms, or protect rights, safety, and security.

We maintain a list of core sub-processors and will provide it on request (or via a posted list).

7) Data Retention

We retain personal information for as long as necessary to: provide the Service; comply with legal obligations; resolve disputes; enforce agreements; and maintain business records. We may retain backups for limited periods. When no longer needed, data is deleted or de-identified per our schedules.

8) Security

We implement reasonable technical and organizational measures appropriate to the nature of the data and our role as a SaaS provider (e.g., encryption in transit, access controls, logging). No system is 100% secure. You're responsible for keeping credentials confidential and using strong passwords.

9) Children's Privacy

The Service is not directed to children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can delete it.

10) Messaging Compliance (Email/SMS/Calls)

If you use any messaging, notification, or outreach features through the Service or integrations (for example, sending emails or SMS to contacts you upload or sync):

• Email: comply with CAN-SPAM (truthful headers/subjects, physical address, and opt-out).
• SMS/Calls: comply with TCPA/FCC (obtain prior express consent where required, honor STOP/revocation).

11) Your Privacy Choices & State/Regional Rights

A. Your Choices (All Users)

• Marketing Opt-Out: unsubscribe links in emails; reply STOP to SMS; or email us.
• Cookie Preferences: manage in browser and via our cookie controls.
• Do Not Sell/Share (Ad/Analytics): use our "Do Not Sell or Share My Personal Information" link (site footer) or contact us. We will also honor valid GPC signals.
• AI/Improvement Opt-Out (where required): contact us to limit certain de-identified/aggregated improvement uses tied to your workspace/account.

B. California (CCPA/CPRA)

California residents have the right to:

• Know/Access categories and specific pieces of personal information we have collected about you;
• Delete personal information (subject to exceptions);
• Correct inaccurate personal information;
• Opt-out of sale/share of personal information for cross-context behavioral advertising;
• Limit use/disclosure of sensitive personal information (we do not collect SPI for the purpose of inferring characteristics);
• Non-discrimination for exercising rights.

We disclose the following categories of personal information (as defined by CPRA) for business purposes: identifiers (e.g., email, IP), commercial information (subscriptions), internet/network activity, geolocation (coarse), and inferences (basic preference segments). We do not sell personal information in the traditional sense; we may share identifiers and internet activity with analytics/advertising partners (opt-out available).

Submit requests via info@brandalerts.ai. We will verify and respond within statutory timeframes.

C. Virginia / Colorado / Connecticut (and similar state laws)

Residents may have rights to access, correct, delete, and opt out of targeted advertising, sale, and profiling with legal or similarly significant effects. Exercise rights via info@brandalerts.ai. You may appeal our decision by replying "Appeal" to our response.

D. Nevada

Nevada residents may opt out of the sale of covered information by emailing info@brandalerts.ai with "Nevada Opt-Out" in the subject.

E. EEA/UK (GDPR/UK GDPR)

You have rights to access, rectify, erase, restrict, object (including to direct marketing), and data portability. You may also lodge a complaint with a supervisory authority. Where we rely on consent, you may withdraw it at any time.

12) International Data Transfers

We are U.S.-based. If we transfer personal data from the EEA/UK/Switzerland to countries without an adequacy decision, we rely on Standard Contractual Clauses (and the UK Addendum, as applicable), plus supplementary measures where appropriate.

13) Data Processing Addendum (DPA)

For customers subject to GDPR/UK GDPR or similar laws, we offer a DPA governing our processor obligations when we process Customer Data on your behalf. Contact info@brandalerts.ai to request our DPA and current sub-processor list.

14) Do Not Track

Some browsers offer "Do Not Track" (DNT). We currently do not respond to DNT signals. We do honor Global Privacy Control (GPC) as described above.

15) Changes to This Policy

We may update this Policy to reflect changes in our practices, technologies, or legal requirements. We will post updates with a new "Last Updated" date and, where required by law, provide notice and/or seek consent.

16) Contact Us

Kendall Labs LLC

Attn: Privacy Team

Email: info@brandalerts.ai

Address: 125 Church Street Unit 90-127 Pembroke, MA, 02359

EU/UK DPO/Representative (if applicable): Not applicable

17) California Notice of Collection (Summary)

Over the past 12 months, we collected (see Sections 2 & 3) and disclosed for business purposes the following categories: identifiers; commercial information; internet/network activity; approximate geolocation; and inferences. Sources include you, your devices, public sources, data partners, and ad/analytics partners. Purposes include Service delivery, security, analytics, personalization, and marketing. We may share identifiers and internet activity with ad/analytics partners in ways that can be considered "share" or "sale" under CPRA; you can opt out via our site footer link or GPC.

18) Additional Disclosures ("Shine the Light")

California residents may request information about our disclosures of certain personal information to third parties for their direct marketing purposes (once per year). Send requests to info@brandalerts.ai with "Shine the Light" in the subject, and include your name and postal address.

19) Your Responsibilities

If you upload or sync third-party contacts or trigger messaging through the Service, you are responsible for ensuring you have lawful basis/consent and for honoring opt-out requests, applicable spam/TCPA rules, and any platform terms for services you connect.