← Back to sign in

Privacy Policy

Brae AUTO — Intelligent Content Automation Platform

This is a template. Replace this content with your actual legal documents before launch.

GDPR compliance is legally required. Consider termly.io or a qualified solicitor.

Last updated: [Date]

Brae AUTO ("we", "us", "our") takes the privacy of its users seriously. This policy describes what personal data we collect, how we use it, and your rights under applicable data protection law.

1. Information We Collect

We collect your email address and encrypted password when you create an account. We collect API keys you provide (Google Gemini, YouTube, Facebook) — these are encrypted at rest using AES-256. We collect usage data such as operation logs, published article counts, and AI spend in order to provide billing and usage features.

We do not collect payment card details directly — these are handled exclusively by Stripe.

2. How We Use Your Information

We use your data to operate your account, authenticate you, enforce billing, and provide the automation features of the Service. We may use anonymised usage data to improve the platform. We do not sell your data to any third parties and do not use it for advertising.

3. Data Storage and Security

All user data is stored on secure servers (Railway cloud infrastructure) with encryption at rest and in transit. API keys and OAuth tokens are stored encrypted using a server-side secret key. We perform regular security reviews and follow industry best practices to protect your data.

We retain your data for as long as your account is active. If you delete your account, your personal data will be permanently erased within 30 days, except where retention is required by law.

4. Third-Party Services

We integrate with the following third-party services in order to operate the platform:

  • Stripe — payment processing and subscription management. See stripe.com/gb/privacy.
  • Google Gemini — AI content generation. Your API key is used on your behalf; prompts are sent to Google's API under their terms.
  • YouTube (Google) — video sourcing and uploading via OAuth. Subject to Google's privacy policy.
  • Facebook / Meta — social media posting via the Graph API. Subject to Meta's data policy.

We share only the minimum data required with each provider and do not share your personal information beyond what is necessary to deliver the Service.

5. Your Rights (GDPR)

If you are in the UK or EEA, you have the right to: access a copy of your data; correct inaccurate data; request deletion of your data ("right to be forgotten"); restrict or object to processing; and data portability.

To exercise any of these rights, contact us at [your-email@domain.com]. We will respond within 30 days. You may also complain to the ICO at ico.org.uk.

6. Cookies

We use a single essential session cookie ("autopost_session") to authenticate you after login. This cookie contains a cryptographically secure random token and does not contain personal data. No third-party tracking or advertising cookies are set by this application.

7. Contact Us

Data controller contact: [your-email@domain.com]
Address: [Your Company Name, Address, City, Postcode, England]

Terms of Service · Sign in