Privacy policy

Effective July 5, 2026

The short version: BrandRuns collects only what it needs to run your content autopilot, uses it only for that purpose, and does not sell or share it. This page spells that out in plain language.

What we collect

  • Account information. Your name, email address, and password (stored as a secure hash; we never see the password itself).
  • Brand material. Your brand name, website address, the content of the public pages we read from that website, and the photos, documents, and past posts you choose to upload.
  • Social account connections. When you connect a social account, the platform gives us an access token so we can publish on your behalf. Tokens are encrypted at rest with AES-256 and are never shown to anyone, including you.
  • Content history. The drafts we generate, your approve/reject/edit decisions, and a record of what published where and when. This history is what keeps your content from repeating itself.
  • Billing. Payments are handled by Stripe. We never see or store your card number.

How we use it

  • To build your Brand Brain and write drafts in your voice.
  • To publish the posts you approve to the accounts you connected.
  • To show you your own history, schedule, and results.
  • To operate, secure, and improve the service.

We use Anthropic's Claude models to analyze your brand material and draft your posts. Your material is sent to that service to do this work and is subject to its data protections; it is not used to train public AI models.

What we never do

  • We do not sell your data. To anyone. Ever.
  • We do not share your data with third parties for their marketing.
  • We do not train public AI models on your content.
  • We do not post anything you have not approved, unless you have explicitly turned on autopilot for low-risk posts.

The full details live in our data sharing policy.

Who processes data for us

BrandRuns runs on a small set of infrastructure providers, each used only to operate the service: Vercel (hosting), Supabase (database and file storage), Anthropic (content drafting), Stripe (payments), and the social platforms you connect (publishing). Each receives only what it needs to do its job.

Your controls

  • Disconnect any social account at any time; its token is deleted.
  • Edit or delete uploaded brand material at any time.
  • Request a copy or full deletion of your data by emailing privacy@brandruns.com. Deletion requests are honored within 30 days.

Retention and security

We keep your data while your account is active and delete it when you ask us to close the account. Access tokens are encrypted at rest, connections use TLS, and access to production systems is limited to what operating the service requires.

Changes and contact

If this policy changes in a way that matters, we will tell you by email before the change takes effect. Questions: privacy@brandruns.com.