Privacy Policy — Branditex

1. Data Controller

Controller: Dzianis Misiulia
Service: Branditex — Brand Operating System
Website: branditex.com
Contact: misyulyadenis@gmail.com

Dzianis Misiulia, operating the Branditex platform, is the data controller responsible for the processing of your personal data as described in this Privacy Policy, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Types of Personal Data Collected

We collect and process the following categories of personal data when you use the Branditex platform:

Category	Data Fields	Source
Account data	Full name, email address, company name, registration date, account status (paid / unpaid), subscription plan	Provided by user at registration
Authentication data	Hashed password, hashed recovery code	Provided by user at registration
Profile data	Profession, industry / field of work, age range, personal goal for using Branditex, preference for receiving service updates	Provided voluntarily by user in Profile settings
Brand strategy data	Brand name, positioning statement, communication channels, competitor information, audience profiles, brand pyramid fields, brand platform fields (purpose, vision, values, personality, essence, story, identity), SWOT analysis, Censydiam wheel positions, positioning map positions	Created by user within the platform tools
Technical data	Timestamps of account creation and last save operations	Generated automatically by the system
Communication data	Service requests submitted via the "Call Pro" feature (name, email, request topic)	Provided voluntarily by user

Passwords and recovery codes are stored exclusively as one-way cryptographic hashes. The original values are never stored or accessible.

3. Purposes and Legal Basis

Purpose	Legal Basis (GDPR Art. 6)
Providing access to the Branditex platform and its tools (account management, authentication, session control)	Art. 6(1)(b) — Performance of a contract
Processing subscription payments and maintaining paid account status	Art. 6(1)(b) — Performance of a contract
Storing brand strategy data created by the user within the platform	Art. 6(1)(b) — Performance of a contract
Administration of the system: monitoring account status, reviewing service requests, managing user accounts via the admin panel	Art. 6(1)(f) — Legitimate interest of the controller in administering and improving the service
Personalising the platform experience based on the user's profession, industry and stated goals	Art. 6(1)(a) — Consent (provided voluntarily in Profile settings)
Sending updates about new features and service examples (only if opted in)	Art. 6(1)(a) — Consent (explicit opt-in checkbox)
Security: rate-limiting failed login attempts, protecting against unauthorised access	Art. 6(1)(f) — Legitimate interest of the controller

4. Data Retention

We retain personal data only as long as necessary for the purposes described above, in accordance with applicable EU law:

Account and profile data — retained for the duration of your account. Upon account deletion, personal data is removed within 30 days.
Brand strategy data — retained for the duration of your account as this data is created and owned by you.
Authentication data (hashed passwords) — retained for the duration of your account and deleted with it.
Payment records — retained for 7 years in accordance with EU accounting and tax regulations (Council Directive 2006/112/EC).
Service request data — retained for up to 2 years for the purpose of responding to and recording service communications.
Security logs (login attempt data) — automatically cleared after 15 minutes following successful login; no long-term retention.

5. Transfer to Third Parties

Personal data is not sold, rented, or transferred to third parties for their own purposes.

The following sub-processors may process your data as part of the technical infrastructure of the platform, under strict data processing terms:

Google Firebase / Firestore (Google LLC, USA) — cloud database storage. Data is stored in accordance with Google's standard contractual clauses for international data transfers.
Stripe (Stripe, Inc., USA) — payment processing. Stripe processes payment data under its own privacy policy and PCI-DSS compliance. Branditex does not store full card details.
Vercel (Vercel, Inc., USA) — web hosting and content delivery. No personal data is persistently stored at this layer.
Simple Analytics (Simple Analytics B.V., Netherlands) — privacy-first analytics. No cookies, no personal data collected, no cross-site tracking.

All US-based sub-processors operate under the EU–US Data Privacy Framework or Standard Contractual Clauses (SCCs) as required by Chapter V GDPR.

6. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at misyulyadenis@gmail.com:

Right of access (Art. 15) — You may request a copy of all personal data we hold about you.
Right to rectification (Art. 16) — You may correct or update your name and company directly in your Profile page. Other corrections can be requested by email.
Right to erasure / "right to be forgotten" (Art. 17) — You may request deletion of your account and all associated personal data. We will action this within 30 days.
Right to restriction of processing (Art. 18) — You may request that we restrict the processing of your data in certain circumstances.
Right to data portability (Art. 20) — You may request your personal and brand strategy data in a structured, machine-readable format.
Right to object (Art. 21) — You may object to processing based on legitimate interest (e.g. system administration analytics).
Right to withdraw consent (Art. 7(3)) — If processing is based on your consent (e.g. profile personalisation, update emails), you may withdraw consent at any time by updating your preferences on the Profile page or by contacting us. Withdrawal does not affect the lawfulness of prior processing.
Right to change your password — You may update your password at any time on the Profile page.
Right to update profile information — You may edit your name, company, profession, industry, age range, and goals directly on the Profile page.

We will respond to all requests within 30 days as required by GDPR Art. 12(3). If we need more time in complex cases, we will inform you within that period.

7. Right to Complain

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent national data protection supervisory authority.

Depending on your country of residence, the relevant authority may be:

Lithuania: State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) — vdai.lrv.lt
Germany: Your state's Datenschutzbehörde — bfdi.bund.de
France: Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr
Other EU / EEA countries: The supervisory authority of your country of habitual residence, place of work, or where the alleged infringement occurred.

A full list of EU data protection authorities is available at edpb.europa.eu.

We encourage you to contact us first at misyulyadenis@gmail.com — we aim to resolve all privacy concerns directly and promptly.

8. Cookies and Analytics

Branditex does not use tracking cookies or third-party advertising cookies.

The platform uses Simple Analytics, a privacy-first analytics service that does not set cookies, does not collect personal data, and does not perform cross-site tracking. No consent banner is required for this analytics tool under the ePrivacy Directive.

Session data (your login state) is stored in your browser's localStorage and is not transmitted to any third party.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the platform or applicable law. The effective date at the top of this page will be updated accordingly. Continued use of the platform after any update constitutes acceptance of the revised policy.

For significant changes, we will notify users who have opted in to service updates.

10. Contact

For any privacy-related requests or questions, please contact:

Dzianis Misiulia
Branditex — Brand Operating System
misyulyadenis@gmail.com