BrandMic
Log InGet Started Free

Privacy Policy

Effective Date: May 4, 2026  ·  Last Updated: May 4, 2026

1. Introduction

BrandMic ("BrandMic," "we," "us," or "our") operates the BrandMic platform at brandmic.com — an AI-powered service that helps local service businesses create, narrate, and automatically publish short-form video content to their YouTube channels and other social platforms.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and what choices you have. By using BrandMic, you agree to the practices described here.

2. Information We Collect

Information you provide directly

  • Business name, email address, and industry when you create an account
  • Business information: service descriptions, location, phone number, website URL
  • Photos, video clips, and PDF documents you upload to your image library
  • Knowledge base content: business descriptions, call-to-action text, and service details

Information we collect automatically

  • Login activity and session authentication tokens (magic links, no passwords stored)
  • API request logs for security and debugging purposes
  • Video creation and publishing activity within your account

3. Google API Services and YouTube Data

BrandMic's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What permission we request

When you connect your YouTube channel, BrandMic requests one permission only: youtube.upload. This allows BrandMic to upload videos to your YouTube channel on your behalf. We request no other YouTube permissions.

What we do NOT access

  • Your YouTube Analytics or view counts
  • Your subscriber list or subscriber data
  • Your existing videos, playlists, or channel history
  • Your YouTube comments or community posts
  • Any other Google account data beyond what is listed below

What we collect from Google

  • OAuth access token and refresh token — required to maintain your connection and upload videos without requiring you to re-authenticate each time
  • YouTube channel ID and channel name — displayed in your BrandMic dashboard to confirm which channel is connected

How we store Google data

  • OAuth tokens are encrypted using AES-128-CBC with HMAC-SHA256 authentication (Fernet symmetric encryption) before being stored in our database
  • Encrypted tokens are stored in our secure cloud database (Neon PostgreSQL)
  • Tokens are never stored in plain text, never written to local files, and never transmitted to any third party

How we use Google data

  • Access tokens are used solely to upload videos — generated by BrandMic from your own business content — to your YouTube channel
  • Refresh tokens are used solely to renew access tokens when they expire, maintaining uninterrupted autopilot publishing without requiring you to reconnect
  • No Google data is used for advertising, profiling, analytics, or any purpose other than uploading videos on your behalf
  • No Google data is sold, rented, or shared with any third party under any circumstances

Revoking access

You can disconnect BrandMic from your YouTube channel at any time through either of these methods:

  1. From your BrandMic dashboard: Settings → YouTube Connection → Disconnect
  2. From your Google Account: myaccount.google.com/permissions → BrandMic → Remove access

After disconnecting, all OAuth tokens associated with your account are permanently deleted from our database within 24 hours. BrandMic will stop uploading videos to your channel immediately upon disconnection.

4. How We Use Your Information

  • To generate AI scripts and voiceover narration from your business content
  • To compose short-form videos from your uploaded photos and clips
  • To upload completed videos to your connected YouTube channel
  • To send you transactional emails (magic link login, upload notifications)
  • To provide customer support and respond to your requests
  • To improve the platform's AI models and video quality (using anonymized data only)
  • To comply with legal obligations and enforce our Terms of Service

We do not sell your personal information. We do not use your business content or uploaded media to train third-party AI models or to serve advertising.

5. Data Storage and Security

Your data is stored in cloud infrastructure located in the United States (Neon PostgreSQL in us-east-1; Cloudflare R2 for media files). We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) for all data between your browser and our servers
  • Encryption at rest for all OAuth tokens and sensitive credentials (Fernet AES-128-CBC)
  • Row-level security (RLS) on all database tables — your data is isolated from other tenants
  • No shared database rows between different business accounts
  • Access to production systems is restricted to authorized personnel only

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • Service providers: We use third-party services to operate the platform (Groq for AI processing, Cloudflare for storage, SendGrid for email, Google Cloud for compute). These providers process data only as necessary to provide their services and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, court order, or government authority.
  • Business transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. Your Rights and Choices

  • Access and correction: You can view and update your business profile information from your dashboard at any time.
  • Data deletion: You can request deletion of your account and all associated data by emailing [email protected]. We will process deletion requests within 30 days.
  • YouTube disconnection: You can revoke YouTube access at any time as described in Section 3.
  • Media deletion: You can delete individual photos, clips, or videos from your image library at any time through your dashboard.
  • Export: You can download any videos generated by BrandMic from your dashboard at any time.

8. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will permanently delete your data within 30 days, except where retention is required by law (for example, billing records required for tax purposes, retained for up to 7 years).

OAuth tokens from disconnected YouTube accounts are deleted within 24 hours of disconnection. Videos stored in your library are deleted within 30 days of account deletion.

9. Cookies

BrandMic uses session cookies to keep you logged in after clicking your magic link. We do not use third-party advertising cookies or tracking pixels. We do not use cookies to build behavioral profiles or serve targeted ads.

10. Children's Privacy

BrandMic is a business platform intended for adults operating service businesses. We do not knowingly collect information from anyone under the age of 18. If you believe a minor has created an account, contact us at [email protected] and we will delete the account immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last Updated" date at the top of this page. Continued use of BrandMic after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

BrandMic

Email: [email protected]

Website: brandmic.com

Terms of ServiceBack to BrandMic