Security & Data Practices

BrandGen is built for marketing teams handling brand IP. The default posture is: we hold the minimum data we need to generate your images, and we never reuse that data to train models.

What we store

• Uploaded references are stored only for the duration of your generation session and the recent-history window in the app.
• Generated outputs are stored on Supabase storage so you can revisit and re-download them.
• Account metadata (email, OAuth identity) is stored via better-auth for sign-in.

What we do NOT do

• We do not train on your uploads or outputs. Your brand references and generated images are never added to any model training set.
• We do not sell, license, or share your brand assets with third parties.

Sub-processors

• Vercel — application hosting and edge compute
• Supabase — database and asset storage
• Google Gemini API — image generation inference
• PostHog and Vercel Analytics — anonymized product usage

Compliance

GDPR-aligned data subject rights are honored on request. Email support@getbrandgen.com to request export or deletion of your account data. A Data Processing Addendum (DPA) is available on request for paid customers once the paid tier launches.

Reporting a vulnerability

Disclose suspected security issues privately to support@getbrandgen.com. Please do not exploit issues against production data; we'll respond within one business day.