Privacy Policy

Last updated: April 2026

BrandMate.ai ("we", "us", "BrandMate") is operated by Jilla Ventures. We are committed to protecting your privacy in accordance with the data-protection laws applicable to where you live: Australia (Privacy Act 1988 + Australian Privacy Principles), New Zealand (Privacy Act 2020), United Kingdom (UK GDPR + Data Protection Act 2018), India (Digital Personal Data Protection Act 2023), Singapore (Personal Data Protection Act 2012), Sri Lanka (Personal Data Protection Act 2022).

1. Information We Collect

Information you provide

• Email address (for account creation and communication)
• Business name and business details
• Google Maps URL for your business

Information collected automatically

• Google reviews associated with your business (publicly available data)
• Usage analytics (pages visited, features used, session duration)
• Browser type, device type, and IP address

Information we do NOT collect

• Credit card or payment details — all payments are handled securely by PayPal, and we never see or store your card information
• Personal browsing history outside of BrandMate
• Personally identifiable information of your customers

2. How We Use Your Information

• To provide and operate the Service, including GBP audits, review reply generation, competitor analysis, and content generation
• To generate AI-powered content and suggestions for your business
• To send you service notifications, updates, and important account information
• To improve and develop the Service using anonymised, aggregated data
• To respond to your support requests and enquiries
• To comply with legal obligations

3. Third-Party Data Sharing

We share data with the following third-party providers only as necessary to deliver the Service:

• Google (Places API, Business Profile API) — to retrieve your business information and reviews
• PayPal — for secure payment processing
• Google Gemini (AI) — to generate content suggestions. Business data sent to AI models is anonymised where possible and is not used to train third-party models

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

4. Data Storage & Security

• Your data is stored on servers located in Europe (Hetzner Cloud).
• All data is encrypted at rest and in transit using industry-standard encryption protocols.
• We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

5. Data Retention

• Active accounts: Your data is retained for as long as your account remains active and you continue to use the Service.
• Closed accounts: Upon account closure, your data will be retained for 90 days to allow for account reactivation or data export requests. After 90 days, your data will be permanently deleted.
• Legal obligations: We may retain certain data for longer periods where required by law (e.g., financial records for tax purposes).

6. Your Rights

Under all six data-protection regimes we operate under, you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of any inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data portability: Request an export of your data in a commonly used format.
• Complaint: Lodge a complaint with your local authority: OAIC (Australia), Privacy Commissioner (NZ), ICO (UK), Data Protection Board (India), PDPC (Singapore), DPA (Sri Lanka).

To exercise any of these rights, please contact us at anz@brandmate.ai.

7. Marketing Communications & Consent

When BrandMate sends marketing or transactional communications to you (the account holder), we comply with the laws of your jurisdiction:

• Australia: Spam Act 2003 (Cth) — every commercial electronic message identifies the sender, is sent only with your consent (express or inferred from your subscription), and includes a functional unsubscribe link valid for 30 days.
• New Zealand: Unsolicited Electronic Messages Act 2007 — same consent + identification + unsubscribe requirements.
• India: DPDPA 2023 — marketing requires verifiable consent; the principal may withdraw consent at any time.
• United Kingdom: PECR 2003 + UK GDPR — opt-in consent for marketing emails to individuals; clear unsubscribe required.
• Singapore: PDPA 2012 (DNC provisions) — checked against the Do Not Call Registry before SMS / fax / voice marketing.
• Sri Lanka: PDPA 2022 — opt-in consent and withdrawal mechanism.

You can unsubscribe from BrandMate marketing emails at any time using the link in any email, or by emailing anz@brandmate.ai. Transactional messages (account, billing, security) are not marketing and may continue while your account is active.

When you use BrandMate to send messages to your customers (review-request emails / SMS, WhatsApp replies, AI receptionist outbound), you are the sender for the purposes of Australia's ACMA Spam Act 2003 and Do Not Call Register Act 2006, and equivalent laws elsewhere. You are responsible for obtaining recipient consent, maintaining your sender ID, honouring unsubscribe requests, and (for AU SMS / voice) checking the Do Not Call Register where required. BrandMate provides the tools; compliance for your campaigns is your obligation. See our Terms of Service for the customer-side obligation.

8. Cookies

BrandMate uses minimal cookies:

• Session authentication cookies — required for you to remain logged in while using the Service.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or a prominent notice within the Service. We encourage you to review this page periodically.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: anz@brandmate.ai
• Entity: Jilla Ventures
• Serving: Australia · New Zealand · India · Sri Lanka · United Kingdom · Singapore