Privacy Policy
This Privacy Policy explains how Brandario processes personal data in connection with the platform, connected social accounts, public media kits, and related creator services. It is drafted for an Italy-based operation and should be completed with final legal details before production launch.
1. Who we are
Brandario acts as the data controller for the personal data described in this Privacy Policy, unless a different role is expressly stated for a specific processing activity.
2. Categories of personal data
We may process account data, creator profile data, connected social account identifiers, imported platform metrics, public media kit information, consent records, support communications, and technical usage data.
- Account and identity data such as name, email, locale, and account identifiers.
- Profile data such as bio, niche, country, language, avatar references, and selected public-facing information.
- Connected social account data such as usernames, platform user IDs, token metadata, profile metrics, and selected content metadata.
- Security and operations data such as logs, IP-related metadata, session data, and anti-abuse signals.
3. Purposes and legal bases
We process personal data to provide the service, operate account onboarding, connect social accounts, import verified metrics, publish media kits when requested, maintain security, comply with legal obligations, and improve the platform.
- Performance of a contract or pre-contractual steps for account creation, login, connected features, and service delivery.
- Consent where required, including for optional future public indexing or other non-essential processing choices.
- Legitimate interests for service security, fraud prevention, diagnostics, internal administration, and product reliability, subject to applicable safeguards.
- Legal obligations where retention or disclosure is required by law, regulation, or competent authority.
4. Connected social platforms
If you connect Instagram, TikTok, or another supported platform, we receive the data made available through the permissions you grant in that platform OAuth flow.
Third-party platforms operate under their own privacy notices and terms. We encourage you to review those documents separately.
5. Public media kits and discoverability
If you choose to publish a media kit or enable discovery-related options, certain profile and metrics information may become visible to the public or accessible to business users of the platform, depending on the feature configuration.
You remain responsible for the accuracy of the information you choose to make public.
6. Data retention
We retain personal data only for as long as necessary for the purposes for which it was collected, for security and audit needs, and to satisfy legal or regulatory obligations.
Retention periods may vary depending on the category of data, whether the account remains active, and whether the data is required for dispute handling or compliance.
7. Data sharing
We may share personal data with hosting providers, infrastructure vendors, professional advisors, payment or communication providers if introduced later, and competent authorities where legally required.
We do not sell personal data.
8. International transfers
Where personal data is transferred outside the European Economic Area, we will rely on a valid transfer mechanism recognized under applicable data protection law, such as adequacy decisions or standard contractual clauses, where required.
9. Data subject rights
Subject to applicable law, you may request access, rectification, erasure, restriction, portability, or objection in relation to your personal data. Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.
You may also lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali) or another competent supervisory authority.
10. Security measures
We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. No system can be guaranteed absolutely secure, but we aim to apply safeguards proportionate to the processing risks.
11. Policy updates
We may update this Privacy Policy to reflect legal, technical, or product changes. The latest version will be published on this page together with the update date.
12. Contact
For privacy-related requests or questions, please use the contact details listed on this page.