Privacy Policy

Last updated: April 21, 2026

At BrandFriend, we believe your brand assets should remain under your control. Our architecture follows a "Zero-Mirror" model, ensuring that your core brand files are never mirrored on our infrastructure.

1. Zero-Mirror Storage Architecture

When you use the BrandFriend Lite tier, all brand assets (Logos, Graphics, PNGs) are stored directly in your personal Google Drive in a folder named "BrandFriend Assets [DO NOT DELETE]".

  • No File Mirroring: We do not copy, store, or mirror your actual image files on our servers.
  • Storage Quota: These files consume your own Google Drive storage quota.
  • Access Control: We only access these files when you are actively using the dashboard or add-on, via a secure temporary proxy using your own Google authentication token.

2. Data We Process (Metadata)

To provide the management interface, we store limited metadata in our secure database (AWS DynamoDB):

  • Identity: Your email address for authentication and kit mapping.
  • Kit Metadata: The names of your brand kits and the timestamp of creation.
  • Brand Values: The HEX colour codes and Google Font family names you define.
  • File Pointers: We store the unique Google Drive File ID and file name. This is a pointer that allows us to find the file in your Drive; it is not the file itself.

3. How We Use Your Information

We use your data strictly to:

  • Authenticate your access to your brand kits.
  • Generate a temporary secure proxy for viewing thumbnails in the dashboard.
  • Enable the Google Workspace Add-on to find and insert assets from your Drive into your documents.

4. Data Sharing, Disclosure, and Transfer

We do not share, sell, trade, or transfer your Google user data to third parties, except in the following limited circumstances:

  • Service Providers: We share data with infrastructure providers like AWS (database storage) and Vercel (hosting) solely to provide the services. These providers are bound by strict confidentiality agreements and do not use your data for any other purpose.
  • Legal Requirements: We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations.
  • Explicit Consent: We will only share your data with other third parties if you provide us with explicit, affirmative consent to do so.

Specifically regarding Google Workspace data: We do NOT share your Google user data with third-party AI models, advertising networks, or data brokers. Your data is used exclusively to provide the BrandFriend functionality within your Workspace environment.

5. Data Protection & Security Mechanisms

We take the security of your data seriously. We implement the following protection mechanisms:

  • Encryption in Transit: All communication between your browser, the Google Workspace Add-on, and our servers is encrypted using industry-standard Transport Layer Security (HTTPS).
  • Authentication: We use Google OAuth 2.0 and OpenID Connect to verify your identity. We never see or store your Google password.
  • Encryption at Rest: Any metadata stored in our database (item names, hex codes) is encrypted at rest using AWS-managed encryption keys.
  • Zero-Mirror: By not mirroring your image files, we eliminate the risk of those files being compromised in the event of a breach of our infrastructure.

6. Data Retention & Deletion

We retain your Google User Data (metadata) only for as long as necessary to provide the service:

  • Kit Metadata: Retained as long as your account is active. If you delete a brand kit or your account, all associated metadata (hex codes, font names, file pointers) is permanently deleted from our database.
  • Google Drive Files: Since these files live in your Google Drive, you have ultimate control. If you delete an asset via the BrandFriend dashboard, we send a request to Google Drive to move that file to your Trash. If you delete your "BrandFriend Assets" folder manually in Google Drive, the assets are gone immediately.
  • Account Deletion: Users may request full account deletion by contacting support. Upon request, all data associated with your email address will be purged within 30 days.

7. Google Limited Use Disclosure

BrandFriend's use and transfer of information received from Google APIs to any other app will adhere to the Google API Service User Data Policy, including the Limited Use requirements.

8. Contact

For any privacy-related enquiries, please contact Sethi De Clercq at sethi+brandfriend@eduflip.net.