Brandfine
Join waitlist

Legal

Privacy Policy

Last updated:

This Privacy Policy describes how Brandfine collects, uses, stores, and shares information when you use our content management service. Read it alongside our Terms of Service — both apply when you sign up.

Who we are

"Brandfine" (referred to as "we", "us", or "the service" in this document) is operated as a sole proprietorship registered in Turkey. Brandfine is a multi-tenant content management system used by businesses to publish marketing sites, manage content, capture submissions from their visitors, and analyze how their content performs.

The legal data controller for personal data processed by Brandfine is the sole proprietor of the business, contactable at hello@brandfine.co.

What data we collect

Account information you give us directly

  • Email address, name, and password (stored as a one-way hash — we never have access to your plaintext password) when you create an account.
  • Team and workspace metadata you create: team names, workspace slugs, custom domains, brand settings, locales.
  • Content you publish through the CMS: posts, categories, navigation menus, post types, uploaded images and assets.
  • Contact form submissions sent to your workspaces by visitors of your consumer site (we store these on your behalf so they appear in your Submissions inbox).
  • Routing rule configurations, including any recipient email addresses or webhook URLs you choose to forward submissions to.

Data we receive through third-party integrations you connect

When you opt in to a third-party integration by clicking "Connect" in the CMS, we receive data from that service through a credential or OAuth flow you explicitly authorize.

  • Google Search Console: when you connect your Google account and pick a property, we receive an OAuth refresh token, your Google account email address (for display only), and — through scheduled background syncs — search performance data (clicks, impressions, queries, average position per URL and per day) and per-URL index coverage results for the property you selected. See "Google API services" below for the full disclosure.
  • Wyrote: an inbound webhook integration for AI content generation. We hold a signing secret we issue to Wyrote and store the article payloads they POST to us as draft posts in your workspace.

Data we generate from operating the service

  • SEO audit results when you run an audit: URLs discovered from your /sitemap.xml, fetched HTML for audit-time analysis, Lighthouse / PageSpeed Insights scores from Google's PSI API, and our own per-check evaluations.
  • Server logs: HTTP request metadata (IP, user agent, timestamps, path) kept for up to 30 days for security monitoring and abuse prevention.
  • Analytics: aggregate, privacy-friendly usage data via our self-hosted Umami instance. No third-party trackers, no cookies set for analytics, no cross-site identifiers.

How we use your data

  • To provide the CMS service to you and your team.
  • To sync data from third-party services you connect (e.g. nightly pulls from Google Search Console).
  • To send transactional notifications (account verification, team invitations, contact-form alerts, integration connection failures).
  • To run SEO audits you request and store the results so you can review them later.
  • To debug and improve the service, including reading aggregate usage trends.
  • To enforce our Terms of Service and detect abuse.

We do not use your content, your visitors' contact submissions, or any data we receive through your integrations to train machine learning models, build advertising profiles, or sell to third parties.

Google API services

This section covers Brandfine's use of Google APIs specifically. It fulfills the disclosure requirements Google requires for OAuth applications that access Google user data.

Scopes we request

  • https://www.googleapis.com/auth/webmasters.readonly — read-only access to Google Search Console data for the property you select. Used to pull clicks, impressions, queries, average position, and per-URL index coverage.
  • https://www.googleapis.com/auth/userinfo.email — your Google account's email address, displayed in the CMS so you can confirm which Google account the connection belongs to. Not used for any other purpose.
  • https://www.googleapis.com/auth/indexing — requested optionally, only if you click "Enable indexing actions" in your workspace's Search Console tab. Used solely to call the Indexing API's urlNotifications:publish endpoint when you press "Request indexing" on a specific post in the editor.

How we use Google API data

Google Search Console data we sync is stored in our database and surfaced in your workspace's Search Console tab, on the per-post detail page, and in your posts list as performance overlay columns. The data is used only to display your search performance back to you and to power features inside Brandfine like the SEO Audit cross-reference. We do not aggregate it with other customers' data, sell it, share it with advertisers, or use it for any purpose unrelated to providing the Search Console features to your workspace.

Brandfine's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google API data only to provide and improve the features visible in Brandfine's Search Console tab and related views.
  • We do not transfer Google API data to third parties except as necessary to provide the user-facing features (see "Sub-processors" below).
  • We do not use Google API data for advertising purposes.
  • We do not allow humans to read Google API data unless required by law, with your explicit consent for debugging a specific reported issue, or when the data has been aggregated and anonymized.

Revoking access

You can disconnect Brandfine from your Google account at any time by:

  • Clicking "Change property" → reconnecting with a different account or removing the integration in the Search Console tab of your workspace; or
  • Visiting Google Account → Connected apps and revoking Brandfine's access there.

Once revoked, we stop calling Google APIs immediately and delete the stored OAuth tokens. Historical Search Console data we already synced into your workspace remains in your account until you delete the workspace; see "Data retention" below.

Sub-processors

We use the following third-party providers to operate the service. Each receives only the data necessary to perform their function.

  • DigitalOcean — hosts the Brandfine application and database (droplet + managed Spaces object storage for uploaded assets).
  • Resend — sends transactional emails (account verification, team invitations, routing rule notifications).
  • Google — supplies Search Console data, Indexing API endpoints, and PageSpeed Insights data, used as described above.
  • Cloudflare — handles DNS and (optionally) CDN caching for our public domains.

We do not sell or rent your personal data to anyone, and we do not share it for cross-context behavioral advertising.

Where your data is stored

Brandfine's primary database, application servers, and uploaded asset storage are hosted in data centers operated by DigitalOcean. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred to and processed in countries outside your home jurisdiction. We rely on standard contractual clauses or equivalent safeguards offered by our sub-processors for such transfers.

How we protect your data

  • Connections between your browser and Brandfine are encrypted via HTTPS (TLS 1.2 or higher).
  • Integration credentials, including OAuth refresh tokens for Google Search Console, are encrypted at rest using AES-256-GCM with per-row random IVs. Decryption happens only inside the server process at the moment of use; raw credentials are never logged.
  • Passwords are hashed using bcrypt (via Better Auth) and never stored or transmitted in plaintext.
  • Database access is restricted to the application server only. Outbound traffic to third-party APIs uses scoped credentials with the minimum permissions needed.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your data, we will notify you without undue delay.

Data retention

  • Account data: retained for the lifetime of your account. Deleted within 30 days of you requesting account deletion.
  • Workspace content (posts, navigations, contact submissions): retained for the lifetime of the workspace. Deleted when you delete the workspace.
  • Google Search Console data: we retain up to 16 months of metric history per workspace, matching Google's own retention window. Older rows are automatically pruned by a nightly job.
  • OAuth tokens: deleted immediately when you disconnect the integration or delete the workspace.
  • Server logs: retained for 30 days.
  • Backups: may persist for an additional 30 days after primary deletion; we don't restore from backups except in emergency recovery.

Your rights

Depending on where you live, you may have legal rights regarding your personal data — including access, correction, deletion, restriction of processing, data portability, and objection to processing. To exercise any of these rights, email hello@brandfine.co from the email address registered to your account. We respond within 30 days.

For users in the European Economic Area, the United Kingdom, or Switzerland: you also have the right to lodge a complaint with your local data protection authority. The legal basis for our processing is performance of our contract with you (the Terms of Service), our legitimate interests in operating and securing the service, or your explicit consent for optional integrations you connect.

Cookies

Brandfine sets a single first-party session cookie when you log in, used only to keep you signed in. We do not set advertising cookies, cross-site tracking cookies, or share cookie data with third parties. Our analytics is collected via a self-hosted, cookieless setup.

Children

Brandfine is a business tool intended for use by adults. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a minor has provided us with personal data, please contact us so we can delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of the service after a change constitutes acceptance of the updated policy.

Contact

Privacy questions, data requests, or anything else policy-related: hello@brandfine.co. We aim to respond within 30 days.