Brand AlchemistLoading...

Privacy Policy

Effective Date: March 9, 2026

Brand Alchemist, a product of Matthew Christian LLC ("we," "us," or "our"), operates the website and platform at brandalchemist.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: name, email address, and password (stored in hashed form) when you create an account, or your Google profile information if you sign in with Google OAuth.
  • Brand Guide Content: business name, industry, services, brand attributes, target audience details, pain points, value propositions, and any other information you enter into the brand guide builder.
  • Uploaded Media: logos, images, and other visual assets you upload for logo analysis or brand guide creation.
  • Organization Data: organization name, team member emails, roles, and white-label branding settings.
  • Payment Information: billing details are collected and processed directly by our payment processor, Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We receive only a Stripe customer identifier and subscription status.
  • Kiosk Mode Data: if you use a Brand Alchemist kiosk (operated by an agency), we collect the brand information you enter and the email address you provide to receive your brand guide. No account is created.
  • Communications: any messages, feedback, or support requests you send to us.

1.2 Information Collected Automatically

  • Usage Data: we track feature usage counts (e.g., brand guides generated, logo concepts created) per organization for plan limit enforcement.
  • IP Address: collected for rate limiting and security purposes.
  • Cookies: we use strictly functional cookies for authentication session management (NextAuth.js session tokens). These are HTTP-only, secure cookies. We do not use advertising, analytics, or tracking cookies.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and organization.
  • Generate AI-powered brand guides, logos, and visual assets based on your inputs.
  • Process payments and manage subscriptions.
  • Send transactional emails including account verification, brand guide delivery, team invitations, and kiosk brand guide links.
  • Enforce usage limits and rate limits based on your subscription plan.
  • Provide customer support.
  • Protect against fraud, abuse, and unauthorized access.
  • Improve and develop the Service.

3. Third-Party Service Providers

We share information with the following third-party processors to operate our Service:

ProviderPurposeData Shared
OpenAIAI brand guide generation, logo analysis, image creationBrand guide content, uploaded logos, and prompts you provide
StripePayment processing, subscription managementEmail, name, billing information
SendGrid (Twilio)Transactional email deliveryEmail address, email content
GoogleOAuth authentication, web fontsAuthentication tokens (OAuth only)
Google Cloud PlatformHosting, database, infrastructureAll data is stored on GCP infrastructure

Each provider processes data in accordance with their own privacy policies. We encourage you to review their policies, particularly OpenAI's Privacy Policy regarding how your brand guide content is handled during AI generation.

4. AI-Generated Content Disclosure

Brand guides, logo concepts, imagery, and other creative outputs are generated using artificial intelligence (OpenAI). The content you provide (brand name, industry, audience details, uploaded logos, etc.) is sent to OpenAI's API for processing. We do not use your content to train our own AI models. OpenAI's data retention and usage policies govern how they handle data sent through their API.

5. Data Retention

  • Account Data: retained as long as your account is active.
  • Brand Guides: retained until you delete them or your account is closed.
  • Kiosk Data: brand guides created via kiosk mode are retained within the operating agency's organization. Emails provided at the kiosk are stored as share recipients.
  • Payment Records: billing history is maintained as required by law and Stripe's data retention policies.
  • Deletion: you may request deletion of your account and associated data by contacting us at barry@brandalchemist.app. We will process deletion requests within 30 days, except where we are required by law to retain certain information.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Passwords are hashed using bcrypt before storage.
  • All data is transmitted over HTTPS/TLS encryption.
  • Session cookies are HTTP-only and Secure.
  • CSRF protection is enabled on all authenticated endpoints.
  • API keys and secrets are stored in Google Cloud Secret Manager, not in source code.
  • Rate limiting protects against brute force and abuse.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal retention requirements.
  • Portability: request your brand guide data in a portable format (PDF export is available within the Service).
  • Opt-Out: you may close your account at any time. We do not sell personal data.

To exercise any of these rights, contact us at barry@brandalchemist.app.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

9. Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Data is shared only with the service providers listed in Section 3, solely for the purpose of operating the Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised effective date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Brand Alchemist — a product of Matthew Christian LLC

Email: barry@brandalchemist.app

Website: brandalchemist.app