Privacy Policy

BrandSentry (“we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and the choices you have. By using our platform, you agree to the practices described in this policy.

1. Who We Are

BrandSentry is a brand-protection and website-security monitoring platform. We help businesses and individuals track the health of their websites, detect security threats, and respond to incidents in real time.

For the purposes of applicable data-protection law (including the GDPR and CCPA), the data controller is BrandSentry. You can reach us using the details in Section 12.

2. Data We Collect

2.1 Account & Profile Information

When you register or manage your account, we collect:

• Name and email address
• Password (stored as a secure, one-way hash — never in plain text)
• Profile avatar (uploaded or generated)
• Preferred language and notification settings
• Referral / affiliate code when you sign up via a referral link

2.2 Monitor & Security Scan Data

To provide monitoring and scanning services, we store:

• URLs and domain names you add as monitors
• Port scan results — open ports discovered on your domains and subdomains
• Broken-link scan results — pages and URLs found to return errors
• Subdomain discovery results
• SSL certificate details — expiry date, issuer, and chain for your monitored domains
• DNS records associated with your monitored domains
• Uptime check history and incident records

2.3 Server Monitoring Data

If you use the Server Resource Monitoring feature, our collection agent sends the following data from your servers to our platform:

• CPU usage percentage
• RAM usage percentage
• Available disk space
• MAC address (used to uniquely identify a server in your account)
• IP address of the server sending the data
• Active process list (only sent when CPU or RAM usage exceeds 80%)

This data is transmitted using your API key. You control when the agent runs and can stop collection at any time by removing the script from your server.

2.4 Email Tracking Data

All emails sent by the platform are logged for audit and deliverability purposes. We record:

• Recipient email address and name
• Email subject and template type
• Open events (tracked via a 1×1 transparent pixel)
• Link-click events (links are routed through a tracking redirect before reaching the destination)
• Timestamp of each event

2.5 Usage & Analytics Data

To understand how the platform is used and to improve performance, we log:

• Page URL visited
• Your user ID (if authenticated)
• IP address of your device
• Page load time in milliseconds
• Timestamp of each page request

2.6 Payment Information

Payments are processed by third-party payment processors (such as Stripe, PayPal, or Paddle). We do not store your full credit card numbers, bank account details, or CVV codes on our servers. We receive and store a transaction record containing: the amount, currency, plan purchased, processor name, payment status, and billing date.

2.7 Team & Collaboration Data

When you create or join a team, we store team names, member email addresses, membership roles, and invitation records (including one-time acceptance tokens).

2.8 Communications

When you contact us or interact with the platform, we may store the content of:

• Contact form submissions
• Feature requests
• Product ratings and feedback
• Support conversations

3. How We Use Your Data

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:

• Contract — processing required to deliver the services you subscribed to (account management, monitoring, alerts, payments).
• Legitimate Interests — improving platform performance, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
• Legal Obligation — retaining financial records and responding to lawful requests from authorities.
• Consent — for optional marketing communications. You may withdraw consent at any time.

5. How We Share Your Data

We do not sell your personal data. We share data only in the following circumstances:

Service Providers (Sub-processors)

We use trusted third-party services to help operate the platform. Each is bound by data processing agreements:

• Payment processors (e.g., Stripe, PayPal, Paddle) — to handle subscription payments.
• Email delivery providers — to send transactional and notification emails on our behalf.
• Sentry — for real-time error monitoring and crash reporting.
• Google — for OAuth sign-in, Google Sheets export, and Google Drive backup features when you choose to use them.
• Cloud hosting providers — the infrastructure our platform runs on.

Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of our users or the public.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

6. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

Email open tracking uses a 1×1 transparent pixel image. Link-click tracking works by routing links through our server before redirecting you to the destination. You can opt out of marketing emails at any time using the unsubscribe link included in every email.

7. Data Retention

After the applicable retention period, data is securely deleted or anonymised so it can no longer be linked to you.

8. Data Security

We take the security of your data seriously and implement the following measures:

• All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Passwords are hashed using a strong one-way algorithm (bcrypt) and are never stored or transmitted in plain text.
• API keys are used for server-to-server communication and can be regenerated or revoked at any time from your account settings.
• One-time magic login links expire immediately after use and cannot be reused.
• Real-time error monitoring via Sentry helps us identify and respond to security incidents quickly.
• Regular database backups are taken and stored securely, with access limited to authorised personnel.
• Access to production systems is restricted by role-based permissions and multi-factor authentication.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection authority.

10. Children’s Privacy

Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the “Last updated” date shown on this page and, where required by law, notify you by email or via an in-app notice. Your continued use of the platform after the effective date of the updated policy constitutes acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Website:Contact page
• Email:support@brandsentry.com