Privacy Notice
Last updated: July 18, 2026
Who we are
BrandoraFlow is operated by Julia Aleen Trejo ("we", "us", "our"), trading as BrandoraFlow. Julia Aleen Trejo is the data controller responsible for personal data processed through the BrandoraFlow service.
For any privacy-related questions or requests, contact hello@brandoraflow.example.
Data we collect
Account data: name, email address, password (hashed), and profile photo.
Business & brand data: business name, industry, brand voice, colors, logos, social links, and other information you provide during onboarding and settings.
Content data: prompts you submit, generated content, saved assets, calendars, CRM contacts, invoices, and proposals.
Usage & device data: pages viewed, features used, IP address, browser, device identifiers, and diagnostic logs.
Support data: messages you send us and their attachments.
Why we process your data and legal basis
Providing the service (performance of a contract): creating your account, generating and storing content, delivering downloads, and enabling paid features.
Service improvement, security, and fraud prevention (legitimate interests): monitoring for abuse, debugging, and improving product quality.
Legal compliance (legal obligation): tax, accounting, and responding to lawful requests.
Marketing communications (consent, where required): product updates and offers, which you can opt out of at any time.
How we share your data
Hosting and infrastructure providers that run the BrandoraFlow application and database.
Analytics and error-monitoring providers that help us understand usage and diagnose issues.
Merchant of Record: Paddle.com Market Ltd ("Paddle") acts as the reseller and Merchant of Record for all purchases on BrandoraFlow. Paddle processes payments, manages subscriptions, calculates and remits sales tax/VAT, issues invoices, and handles refund requests. Paddle acts as an independent controller for payment data. See Paddle's privacy notice at https://www.paddle.com/legal/privacy.
Professional advisers (legal, accounting) where necessary.
Authorities where required by law or to protect our rights.
We do not sell your personal data.
International transfers
Some of our providers may process personal data outside your country of residence. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect your data.
Data retention
We keep personal data for as long as your account is active and as needed to provide the service. When your account is deleted, we delete or anonymise your data within 90 days, except where longer retention is required by law (for example, tax records).
Your rights
Depending on where you live, you may have the right to access, rectify, erase, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact hello@brandoraflow.example. You also have the right to lodge a complaint with your local data protection authority.
Security
We use appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest, hashed passwords, role-based access controls, row-level security on our database, and audit logging. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard practices.
Cookies
We use essential cookies to keep you signed in, and analytics cookies to understand usage. You can manage cookies in your browser settings.
Changes
We may update this notice; material changes will be announced in-app or by email.
