Privacy Policy

1. What We Do

Brandspot helps you track how AI platforms (like ChatGPT, Claude, Perplexity) refer traffic to your website. We connect to your Google Analytics to identify and analyze this AI-driven traffic.

2. What Data We Collect

2.1 Account Information

• Name, email address, password (encrypted)
• Projects you create: brand names, domains, keywords, and questions you want to track

2.2 Google Analytics Data (With Your Permission)

When you connect your Google Analytics account, we access:

What we collect:

• Traffic metrics: sessions, users, page views, bounce rates
• Goal data: conversions and goal values from your Analytics
• Referrer information: to identify traffic from AI platforms
• Landing pages: which pages receive AI traffic
• Historical data: up to 365 days of past data, plus daily ongoing sync

What we DON'T access:

• We never modify your Analytics data or settings
• We never access other Google services (Gmail, Drive, etc.)
• We only read data - never write

2.3 Google OAuth Scopes We Use

• https://www.googleapis.com/auth/analytics.readonly
  Read-only access to retrieve your Analytics metrics for AI traffic analysis
• https://www.googleapis.com/auth/analytics.manage.users.readonly
  Verify you have permission to access the Analytics property you're connecting

3. How We Use Your Google Analytics Data

Purpose: To show you which AI platforms are sending traffic to your website.

What we do:

1. Fetch your Analytics data daily via Google Analytics Data API
2. Filter for traffic from AI referrers (domains like chatgpt.com, claude.ai, perplexity.ai)
3. Store aggregated metrics per AI referrer (sessions, users, goals)
4. Display this data in your Brandspot dashboard
5. Track trends over time to show you how AI traffic is growing

What we DON'T do:

• We don't share your Analytics data with anyone
• We don't use it for advertising
• We don't sell your data
• We don't allow humans to read your raw data (except for your own dashboard or troubleshooting with your permission)

4. Data Storage & Security

• Where: Data hosted on servers in Germany
• Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
• Access Tokens: Your Google OAuth tokens are encrypted in our database
• Access Control: Only you can see your Analytics data in your account

5. Data Retention

• Google Analytics Data: Stored while your connection is active
• When you disconnect: Analytics data deleted within 30 days
• When you delete your account: All data deleted within 30 days

6. Your Control

You can:

• Disconnect Google Analytics anytime from your project settings
• Delete your account and all associated data anytime
• Request data deletion by emailing [email protected]

When you disconnect:

1. We immediately stop syncing new data
2. Your OAuth access is revoked
3. Stored Analytics data is deleted within 30 days

7. Third-Party Services

We use:

• Google Analytics API: To retrieve your Analytics data (with your consent)
• Stripe: For payment processing (they handle billing info, we don't store credit cards)
• Cloud Hosting: Servers in Germany for data storage

8. Google API Services Compliance

Our use of Google Analytics data complies with Google API Services User Data Policy, including Limited Use requirements:

• We use your Analytics data ONLY to provide AI traffic analysis features
• We do NOT transfer your data to third parties (except as required by law)
• We do NOT use your data for advertising
• We do NOT allow humans to read your data without your consent

9. Your Rights (EU Users)

Under GDPR, you have the right to:

• Access your data
• Correct inaccurate data
• Delete your data
• Export your data
• Withdraw consent (disconnect Google Analytics)

To exercise these rights: [email protected]

10. Children's Privacy

Our service is not intended for users under 16 years old.

11. Changes to This Policy

We'll notify you by email if we make significant changes to this policy.

12. Contact Us