Privacy Policy

This Privacy Policy explains how ELITE BRANDING AGENCY LLC, doing business as Brandilite (“Brandilite”, “we”, “us”, or “our”), collects, uses, discloses, and protects personal data when you visit our website, purchase a subscription plan, communicate with us, or use our development, website optimization, AI tooling, API integration, deployment, and related professional services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR, the General Data Protection Regulation where applicable, applicable United States consumer data protection laws, and the California Consumer Privacy Act as amended by the California Privacy Rights Act.

Data Controller

Data We Collect

Account and Contact Information

• Name, email address, company name, role, and contact details.
• Information submitted through forms, onboarding questionnaires, calls, chat, email, or support requests.
• Project preferences, service plan selections, and business goals shared with us.

Client Project and Website Data

• Website URLs, landing pages, product pages, onboarding flows, analytics summaries, and conversion information.
• Brand assets, copy, images, design references, style guides, and business documentation you provide.
• Bug reports, feature requests, QA notes, deployment requirements, and product feedback.

Repository, Code, and Development Data

When you authorize us to access a code repository or project workspace, including GitHub or similar services, we may access:

• Repository contents, source code, configuration files, scripts, assets, and documentation.
• Branch, commit, pull request, issue, deployment, and build metadata.
• Environment, framework, API, and integration information needed to perform development work.

We do not use client proprietary code to train generalized AI models. Repository access is used to provide the services you request, such as debugging, feature development, technical audits, optimization, pull requests, deployments, and integrations.

Payment and Billing Information

• Subscription plan, billing status, invoices, receipts, payment history, and tax information.
• Payment information processed by our payment provider. We do not store full credit card numbers.

AI, API, MCP, and Automation Tooling Data

To provide development, optimization, and automation services, we may process data through AI models, developer tools, API call tooling, MCP servers, context tooling, and integrations with third-party apps. This may include prompts, project context, code snippets, technical logs, structured outputs, documentation, and integration results.

Usage and Technical Data

• Pages visited, forms submitted, features used, timestamps, session data, device data, browser type, and IP address.
• Analytics events, referral URLs, campaign attribution, and performance data.
• Security logs, error logs, deployment logs, and system diagnostics.

How We Use Your Data

• Provide Brandilite services, subscription plans, audits, development support, and technical delivery.
• Debug, build, deploy, and optimize websites, applications, landing pages, and integrations.
• Access authorized repositories and workspaces to create pull requests, fix bugs, ship features, or review code.
• Use AI and automation tools to assist with coding, analysis, documentation, QA, support, optimization, and project delivery.
• Process payments, invoices, subscriptions, and taxes.
• Communicate with you about onboarding, service delivery, support, account updates, and legal notices.
• Improve our website, services, operations, security, and client experience.
• Prevent fraud, abuse, unauthorized access, and security incidents.
• Comply with legal, accounting, tax, regulatory, and contractual obligations.

Legal Bases for Processing

• Contract: To provide services, subscriptions, support, development work, and requested deliverables.
• Legitimate Interests: To improve services, protect systems, prevent abuse, and operate our business.
• Consent: For optional integrations, marketing communications, cookies where required, and certain third-party connections.
• Legal Obligation: To comply with applicable tax, accounting, regulatory, and legal requirements.

Third-Party Services and Integrations

We may share or process data with third-party service providers only as necessary to provide, secure, improve, and operate our services. These may include:

• GitHub: Repository access, pull requests, issues, code review, and development workflows.
• Google: Google Workspace, Google Analytics, Google Search Console, Google OAuth, Google Drive, and related services where authorized.
• Slack: Client communication, support, workflow notifications, and project collaboration where authorized.
• Vercel: Hosting, deployment, build logs, previews, and production releases.
• OpenAI: AI-assisted coding, analysis, content, automation, and technical workflows.
• Anthropic: AI-assisted coding, analysis, content, automation, and technical workflows.
• Stripe or payment providers: Subscription billing, invoices, and payment processing.
• Clerk, OAuth, or authentication providers: Login, authentication, identity, and access control where applicable.
• PostHog, Google Analytics, or analytics providers: Product, website, and usage analytics where applicable.
• Resend, email, or CRM tools: Transactional email, support, sales, and client communication.
• Cloud, database, and backend providers: Hosting, storage, databases, logging, and infrastructure.
• MCP, context, and API tooling providers: Authorized tool calls, workflow automation, application context, and integrations with connected apps.

We may add or remove third-party tools as our services evolve. When material changes affect how personal data is processed, we will update this Privacy Policy.

Google API Services User Data

If you connect a Google account or authorize access to Google services, our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google data only to provide user-facing Brandilite services you authorize, such as website analytics review, Search Console analysis, documentation, file access, communication, reporting, or optimization support. We do not sell Google user data. We do not use Google user data to train generalized AI or machine learning models. Human access is limited to what is necessary to provide support, deliver the service, investigate security issues, comply with law, or act with your consent.

AI and Developer Tooling

Brandilite may use AI models, coding agents, API call tooling, MCP servers, context tools, and connected applications to help perform development, debugging, QA, optimization, deployment, documentation, and support tasks.

• We aim to share only the minimum project context necessary for the requested task.
• We do not intentionally submit sensitive secrets, passwords, private keys, or unnecessary personal data to AI tools.
• Clients should avoid providing production secrets unless specifically required through approved secure channels.
• We do not use your proprietary code or confidential project data to train generalized AI models.
• AI-assisted outputs are reviewed as appropriate before being used in client-facing deliverables.

GitHub and Source Code Data

What We Access

• Source code, configuration files, assets, issues, branches, commits, pull requests, and deployment information.
• Repository information needed to analyze bugs, propose changes, ship features, improve performance, or deploy updates.

What We Do Not Do

• We do not sell your source code.
• We do not share your proprietary code with unrelated clients.
• We do not use client proprietary code to train generalized AI models.
• Repository access can be revoked by disconnecting the integration or removing our access.

Data Retention

• Account and contact data: Retained while your account or client relationship is active, then as needed for legal, accounting, tax, and business records.
• Billing and subscription records: Retained for up to 7 years or as required by law.
• Project files and support communications: Retained as needed to deliver services and maintain business records, generally up to 3 years unless a longer period is required.
• Repository access: Active only while authorized. Cached technical data is deleted or de-identified within a reasonable period after disconnection unless retention is required for legal, security, or business continuity reasons.
• Usage, analytics, and log data: Generally retained for up to 12 months unless needed for security, fraud prevention, debugging, or legal purposes.
• AI/tooling context: Retained only as needed to provide services, improve workflows, maintain records, or comply with legal obligations.

Your Privacy Rights

Depending on your location and applicable law, including UK GDPR, GDPR, CCPA/CPRA, and other US consumer privacy laws, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal data, subject to legal retention requirements.
• Request restriction of processing.
• Object to processing based on legitimate interests.
• Receive a portable copy of your data.
• Withdraw consent where processing is based on consent.
• Opt out of sale or sharing of personal information where applicable.

We do not sell personal information. To exercise your rights, contact us at legal@brandilite.com. We will respond within the timeframe required by applicable law.

International Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States and countries where our service providers operate. Where required, we use appropriate safeguards such as contractual protections, data processing agreements, and Standard Contractual Clauses.

Cookies

We may use cookies and similar technologies to operate our website, remember preferences, understand site performance, improve user experience, and secure our services.

• Essential cookies: Required for website functionality, security, preferences, and session management.
• Analytics cookies: Help us understand how visitors use our website and improve our services.
• Marketing cookies: Used only where permitted or with consent where required by law.

Security

We use appropriate technical and organizational measures to protect personal data, including:

• Encryption in transit using HTTPS/TLS.
• Access controls and role-based permissions.
• OAuth and token-based authentication for integrations where applicable.
• Scoped access permissions using the minimum access reasonably necessary.
• Security reviews, monitoring, and vulnerability remediation.
• Secure handling of API keys, credentials, and project secrets.

Children

Our services are not intended for children under 18. We do not knowingly collect personal data from children under 18.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by email, website notice, or another appropriate method. Continued use of our website or services after an update means the revised Privacy Policy applies.

Complaints

If you have concerns about how we handle your data, contact us at legal@brandilite.com.

If you are in the United Kingdom, you may also contact the Information Commissioner’s Office at https://ico.org.uk. If you are in the European Economic Area, you may contact your local Data Protection Authority.

Contact