Privacy Policy

Last updated: March 12, 2026

1. What We Do

BrandScanAI ("we", "us", "our") is a web-based service that analyzes how AI models (such as ChatGPT, Claude, and Gemini) respond to prompts related to your brand. We generate prompts based on the brand name and industry you provide, send them to AI models via third-party APIs, and compile the results into a report.

2. Information We Collect

Information you provide directly

  • Brand name — the brand you want to scan (max 50 characters).
  • Industry category — selected from a predefined list (e.g., "Project Management", "CRM").
  • Email address — provided when you purchase a full report, used to deliver the report.

Information collected automatically

  • IP address — used for rate limiting (preventing abuse) and bot protection verification. We do not store IP addresses long-term; they are only held temporarily in our rate-limiting system and expire within 60 seconds.

Information we do NOT collect

  • We do not use cookies for tracking or advertising purposes.
  • We do not use any analytics or tracking scripts (no Google Analytics, no tracking pixels).
  • We do not collect your name, phone number, physical address, or any financial information (payment is handled entirely by our payment processor).

3. How We Use Your Information

  • Brand name and industry are used to generate prompts sent to AI models and to compile your report. They are included in the stored report.
  • Email address is used solely to send you your purchased report. We do not send marketing emails or share your email with third parties for marketing.
  • IP address is used for rate limiting and bot protection only.

4. Third-Party Services

We use the following third-party services to operate BrandScanAI. Each service receives only the minimum data necessary:

  • OpenRouter (openrouter.ai) — routes our prompts to AI models (OpenAI, Anthropic, Google). Receives the brand name and industry as part of the prompt text. Subject to OpenRouter's Privacy Policy.
  • Creem (creem.io) — our Merchant of Record that handles payment processing. Receives your email address and order metadata. We do not see or store your payment card details. Subject to Creem's Privacy Policy.
  • Cloudflare Turnstile (cloudflare.com) — bot protection for the free preview scan. Receives your IP address and browser challenge data. Subject to Cloudflare's Privacy Policy.
  • Resend (resend.com) — email delivery service. Receives your email address and the report link to deliver your report.
  • Vercel (vercel.com) — hosts our website and stores generated reports. Subject to Vercel's Privacy Policy.
  • Upstash (upstash.com) — provides our rate-limiting infrastructure. Receives hashed IP-based identifiers that expire within 60 seconds.

5. Data Storage and Retention

  • Full scan reports are stored on Vercel Blob Storage. Reports are accessible only via a unique, non-guessable ID (UUID).
  • We do not currently have an automatic deletion policy for reports. If you would like your report deleted, please contact us.
  • Rate-limiting data (IP-based) expires automatically within 60 seconds.

6. Data Security

We use HTTPS encryption for all data in transit. Report access is protected by cryptographically unique identifiers. Payment verification uses HMAC-SHA256 signatures. We apply security headers including Content Security Policy, X-Frame-Options, and Referrer-Policy to protect against common web attacks.

7. Your Rights

You may:

  • Request a copy of data we hold about you.
  • Request deletion of your report and associated data.
  • Contact us with any privacy-related questions or concerns.

8. Children's Privacy

BrandScanAI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at support@brandscanai.com.