BrandTrack

Privacy Policy

Last updated: April 2026

1. Who we are

BrandTrack is a sponsorship management tool for content creators. When this policy says “we” or “us” it means the team behind BrandTrack. Our contact address for privacy matters is privacy@brandtrack.online.

2. Data we collect

We collect only the data you provide directly. This includes your email address, creator handle, niche, timezone, currency preference, and the deal, deliverable, payment, and brand information you enter into BrandTrack. We also collect basic usage metadata: timestamps of when you sign in and which pages you visit within the app. We do not track you across other websites. We do not use advertising pixels or third-party analytics scripts.

If you upload files (contracts, invoices), those files are stored in a private bucket accessible only through time-limited signed URLs scoped to your account. We do not read, index, or analyze the contents of your uploads.

3. How we use your data

Your data is used to provide the BrandTrack service: displaying your deals, sending the email digests you opted into, processing payments through Razorpay, and generating the reports visible on your dashboard. We do not sell, rent, or share your data with third parties for marketing purposes. We do not use your data to train machine learning models. We do not display advertising inside the app.

4. Third-party services

We share the minimum data necessary with the following services to operate BrandTrack:

  • Supabase (database and authentication). Stores your account and deal data. Hosted in the US.
  • Razorpay (payment processing). Receives your email and payment details when you subscribe. We do not store card numbers on our servers.
  • Resend (transactional email). Receives your email address to deliver confirmation emails, password resets, and daily digests.
  • Vercel (hosting). Serves the BrandTrack web application. Logs IP addresses in standard server logs retained for 30 days.
  • Upstash (rate limiting). Receives hashed identifiers to enforce rate limits. No personal data is stored.
  • Sentry (error monitoring). Receives error reports with PII scrubbing enabled. Email addresses, IP addresses, and deal content are stripped before transmission.

We do not share data with any other third party. If this ever changes we will update this policy and notify you by email at least 30 days in advance.

5. Cookies

We use essential cookies for authentication (session tokens stored as HttpOnly, Secure, SameSite=Lax cookies). No advertising or tracking cookies are used. We do not set optional marketing cookies.

6. Data storage and security

All data is stored in Supabase (PostgreSQL) with row-level security enabled on every table. This means your data is inaccessible to other users at the database level, not just the application level. All connections are encrypted via TLS. File uploads are stored in private buckets accessible only via time-limited signed URLs. Automated backups run daily with point-in-time recovery enabled. Security headers including Content-Security-Policy, HSTS, and X-Content-Type-Options are set on every response.

7. Data retention

Active account data is retained for as long as your account exists. When you delete your account, it is soft-deleted immediately (your data becomes inaccessible) and permanently removed from all systems after 30 days. Audit logs are retained for 90 days and then automatically purged. Server logs are retained by Vercel for 30 days.

8. Your rights

Regardless of where you live, you have the right to:

  • Access your data. Everything you entered is visible in the app at all times.
  • Export your data. Use the export feature in settings to download all deals, deliverables, and payments as CSV files.
  • Delete your data. Use the delete account feature in settings. Deletion is permanent after 30 days.
  • Correct your data. Edit any record directly in the app.
  • Object to processing. Contact us to discuss. We will comply unless we have a legitimate legal obligation to retain specific data.

If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority. Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (security monitoring, fraud prevention).

9. Children

BrandTrack is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The “last updated” date at the top reflects the most recent revision.

11. Contact

For any privacy questions or requests, email privacy@brandtrack.online. We aim to respond within five business days.