Privacy Policy

Last updated: May 2026

BrandMate AI ("we", "us", "BrandMate") is operated by Jilla Ventures. We are committed to protecting your privacy in accordance with the data-protection laws applicable to where you live: Australia (Privacy Act 1988 + Australian Privacy Principles), New Zealand (Privacy Act 2020), United Kingdom (UK GDPR + Data Protection Act 2018), India (Digital Personal Data Protection Act 2023), Singapore (Personal Data Protection Act 2012), Sri Lanka (Personal Data Protection Act 2022).

1. Information We Collect

Information you provide

• Email address (for account creation and communication)
• Business name and business details
• Google Maps URL for your business

Information collected automatically

• Google reviews associated with your business (publicly available data)
• Usage analytics (pages visited, features used, session duration)
• Browser type, device type, and IP address

Information we do NOT collect

• Credit card / UPI / bank details — all payments are handled by our payment processors (Razorpay for India, Dodo Payments for AU / NZ / UK / SG / LK), and we never see or store your card information
• Personal browsing history outside of BrandMate
• Personally identifiable information of your customers

2. How We Use Your Information

• To provide and operate the Service, including GBP audits, review reply generation, competitor analysis, and content generation
• To generate AI-powered content and suggestions for your business
• To send you service notifications, updates, and important account information
• To improve and develop the Service using anonymised, aggregated data
• To respond to your support requests and enquiries
• To comply with legal obligations

3. Third-Party Data Sharing

We share data with the following third-party providers only as necessary to deliver the Service:

• Google (Places API, Business Profile API) — to retrieve your business information and reviews
• Razorpay — for India payments (UPI Autopay, cards, NetBanking)
• Dodo Payments — Merchant of Record for AU / NZ / UK / SG / LK customers
• Google Gemini (AI) — to generate content suggestions. Business data sent to AI models is anonymised where possible and is not used to train third-party models

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

4. Data Storage & Security

• Your data is stored on servers located in Europe (Hetzner Cloud).
• All data is encrypted at rest and in transit using industry-standard encryption protocols.
• We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

5. Data Retention

• Active accounts: Your data is retained for as long as your account remains active and you continue to use the Service.
• Closed accounts: Upon account closure, your data will be retained for 90 days to allow for account reactivation or data export requests. After 90 days, your data will be permanently deleted.
• Legal obligations: We may retain certain data for longer periods where required by law (e.g., financial records for tax purposes).

6. Your Rights

Under all six data-protection regimes we operate under, you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data portability: Request an export of your data in a commonly used format.
• Complaint: Lodge a complaint with your local authority: OAIC (Australia), Privacy Commissioner (NZ), ICO (UK), Data Protection Board (India), PDPC (Singapore), DPA (Sri Lanka).

To exercise any of these rights, please contact us at anz@brandmate.ai.

7. Marketing Communications & Consent

When BrandMate sends marketing or transactional communications to you (the account holder), we comply with the laws of your jurisdiction:

• Australia: Spam Act 2003 (Cth) — every commercial electronic message identifies the sender, is sent only with your consent (express or inferred from your subscription), and includes a functional unsubscribe link valid for 30 days.
• New Zealand: Unsolicited Electronic Messages Act 2007 — same consent + identification + unsubscribe requirements.
• India: DPDPA 2023 — marketing requires verifiable consent; the principal may withdraw consent at any time.
• United Kingdom: PECR 2003 + UK GDPR — opt-in consent for marketing emails to individuals; clear unsubscribe required.
• Singapore: PDPA 2012 (DNC provisions) — checked against the Do Not Call Registry before SMS / fax / voice marketing.
• Sri Lanka: PDPA 2022 — opt-in consent and withdrawal mechanism.

You can unsubscribe from BrandMate marketing emails at any time using the one-click link in the footer of any email (no login required) or from your Notifications page. Transactional messages (account, billing, security, renewal reminders) are not marketing and continue while your account is active.

Consent log: When you toggle any email preference, we record the change with a timestamp, your IP address, and the source (settings page, email link, or preset) into our email_preference_changes audit table. This is required by DPDPA and GDPR as proof of consent. You can request a copy of your consent history by emailing anz@brandmate.ai.

Quiet hours: Real-time alerts (critical-review and ranking-drop) only send between 9 AM and 9 PM in your business's local timezone. This matches India's TCCCPR rules and is a safe default everywhere we operate.

When you use BrandMate to send messages to your customers (review-request emails / SMS, WhatsApp replies, AI receptionist outbound), you are the sender for the purposes of Australia's ACMA Spam Act 2003 and Do Not Call Register Act 2006, and equivalent laws elsewhere. You are responsible for obtaining recipient consent, maintaining your sender ID, honouring unsubscribe requests, and (for AU SMS / voice) checking the Do Not Call Register where required. BrandMate provides the tools; compliance for your campaigns is your obligation. See our Terms of Service for the customer-side obligation.

8. Cookies & Tracking

BrandMate uses cookies and similar technologies in three categories. On your first visit you will see a consent banner — analytics and functional cookies only activate after you explicitly opt in. Your choice is stored in localStorage for future visits and you can change it any time from this page.

• Strictly necessary (always on): session authentication, security, CSRF protection, and remembering your consent choice. Required to operate the Service.
• Analytics (opt-in): Google Analytics 4 (GA4) with anonymize_ip enabled, used only to understand aggregate site traffic. Loaded only after you click Accept all or enable this category in Customise. We do not run advertising or remarketing pixels.
• Functional (opt-in): remembers your country and currency selection so you don't have to choose every visit.

We do not run third-party advertising cookies, social-network pixels, or cross-site behavioural tracking. To withdraw consent, clear your browser's site data for brandmate.ai or use the customise panel on the consent banner.

9. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or a prominent notice within the Service. We encourage you to review this page periodically.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: anz@brandmate.ai
• Entity: Jilla Ventures
• Serving: Australia · New Zealand · India · Sri Lanka · United Kingdom · Singapore