1. Introduction
BrandPulso is operated by MyClienta (“we”, “us”, “our”). We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, store, and protect your information.
2. Data Controller
MyClienta acts as the data controller for personal data processed through BrandPulso. For questions about data processing, contact our Data Protection contact at privacy@myclienta.com.
3. Information We Collect
We collect the following categories of personal data:
- Account information: Name, email address, and password hash when you create an account. If you sign in via Google OAuth, we receive your name and email from Google.
- Brand data: Website URLs you submit for analysis, brand profiles generated from that analysis.
- Content data: Posts you generate, schedule, or publish through the Service.
- Social media tokens: OAuth access tokens for connected social media accounts, encrypted at rest.
- Usage data: Pages visited, features used, timestamps, IP address, browser type, and device information for service improvement and analytics.
- Billing data: Payment processing is handled by Stripe. We do not store your credit card numbers. We store your Stripe customer ID and subscription status.
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to provide the Service you have signed up for (account management, content generation, publishing).
- Legitimate interest: Analytics and service improvement, fraud prevention, and security.
- Consent: Marketing communications (opt-in only). You may withdraw consent at any time.
- Legal obligation: Compliance with applicable laws and regulations.
5. How We Use Your Information
Your information is used to:
- Provide, maintain, and improve the Service
- Generate AI content based on your brand profile
- Publish content to your connected social media accounts
- Process payments and manage subscriptions
- Send transactional emails (account verification, password reset)
- Analyze usage patterns to improve the Service
- Respond to support requests
We do not sell your personal data to third parties.
6. Data Storage and Security
Your data is stored securely using industry-standard encryption. Authentication is managed by Supabase (hosted in the EU). Social media access tokens are encrypted at rest using AES-256 encryption. Our application servers are hosted on Hetzner (Germany, EU). All data transfers are encrypted via TLS/HTTPS.
7. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Usage analytics data is anonymized after 12 months.
8. Third-Party Services (Sub-processors)
We use the following third-party services to provide the Service:
- Supabase (EU) — Database, authentication, file storage
- Hetzner (Germany) — Application hosting
- OpenAI / Anthropic (US) — AI content generation. Content sent to AI providers is processed per their data processing agreements and is not used to train their models.
- Stripe (US/EU) — Payment processing
- Cloudflare (US/EU) — DNS and CDN
- Social media platform APIs — Publishing content to your connected accounts
Each sub-processor has its own privacy policy and data processing agreements. Where data is transferred outside the EU, appropriate safeguards (Standard Contractual Clauses) are in place.
9. Your Rights Under GDPR
As a data subject in the European Economic Area, you have the following rights:
- Right of access (Art. 15): You can request a copy of all personal data we hold about you.
- Right to rectification (Art. 16): You can request correction of inaccurate personal data.
- Right to erasure (Art. 17): You can request deletion of your personal data (“right to be forgotten”). You can delete your account and all associated data through the Settings page, or by contacting us.
- Right to restrict processing (Art. 18): You can request that we limit how we use your data.
- Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
- Right to object (Art. 21): You can object to processing based on legitimate interest, including profiling.
- Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@myclienta.com. We will respond within 30 days.
10. Cookies
We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and do not require consent under GDPR. We do not use advertising or tracking cookies. If we integrate analytics (e.g., Google Analytics), we will use anonymized data and provide opt-out mechanisms.
11. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33 and 34.
13. Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The “Last updated” date at the top reflects the most recent revision.
15. Contact
For privacy questions or data subject requests, contact us at: