Skip to main content
Legal

Privacy Policy.

Last updated: 20 May 2026

BrandMint ("BrandMint", "we", "our", "us"), operated by Nurgazy Seidaliev, provides a brand identity generation service at brandmint.studio.

This Privacy Policy explains what personal information we collect, the legal basis on which we process it, how we use it, how long we keep it, who we share it with, and the rights you have. We collect the minimum information necessary to deliver the service. We do not sell your personal information to anyone.

1. Information we collect

1.1 Account information

When you create an account or sign in, we receive:

  • Your email address (provided directly or via Google OAuth).
  • Your name and profile photo URL, if you sign in with Google and grant that permission.
  • A unique identifier assigned to your account by Supabase Auth.

1.2 Brand intake information

When you complete the intake form, we collect all information you provide, including: business name, industry, location, price positioning, brand stage, the meaning behind your name, a sensory description of your brand environment, the emotional outcome you deliver to customers, aspirational reference brands, personality traits, your primary differentiator, your ideal customer profile, colour preferences, typography style, logo approach, and any visual constraints.

This information is used solely to generate your Brand Assets and to store them for later retrieval.

1.3 Generated Brand Assets

We store the Brand Assets we generate for you (written copy, colour palette, logo, pattern, PDF) in your account so you can re-download them at any time.

1.4 Payment information

Payments are processed by Lemon Squeezy, which acts as our Merchant of Record. We do not receive, store, or have access to your card number, expiry date, CVV, or full billing address. We receive only the order ID, the payment amount, and your email address from Lemon Squeezy following a successful purchase, which we use to unlock your download.

1.5 Usage and technical data

To operate and improve the service securely, we log:

  • IP address and user-agent string on key events (intake submission, generation, purchase, download).
  • Session identifiers used for funnel analytics.
  • Approximate event timestamps (page views, generation completion, download).

We do not use third-party advertising scripts or tracking pixels.

2. Legal basis for processing

We process your personal information on the following legal bases under UK GDPR:

  • Contract performance — generating and delivering your Brand Assets requires processing your intake information and account details.
  • Legitimate interests — analysing aggregate usage patterns to improve service quality, and maintaining security logs to prevent fraud and abuse.
  • Legal obligation — retaining order and payment records for tax, accounting, and chargeback dispute purposes.

3. How your data is used

  • To generate and deliver your Brand Assets. Your intake information is sent to third-party AI models to produce the outputs you purchased.
  • To authenticate you and maintain your account. Your email anchors your identity and lets you access purchased brands across sessions.
  • To process your purchase and handle disputes. Order data is required for delivery, refunds, and chargeback resolution.
  • To improve the service. Aggregate, anonymised usage data informs product decisions. We do not review individual brand books for marketing or model training.
  • To communicate with you. We send transactional emails only — sign-in links, purchase confirmations, and material service updates. We do not send marketing email without explicit consent.

4. Third-party generation disclosure

Brand Asset content — including written copy, colour logic, logo specifications, and pattern designs — is generated by third-party AI models operated by OpenAI (including GPT-4.1 and image generation models). Your intake information is sent to OpenAI's API to produce your brand. Per OpenAI's published API data usage policy, data submitted via the API is not used to train their models. We do not share your intake data with any other AI model provider or training pipeline.

5. Where your data is stored

  • Database and authentication: Supabase (PostgreSQL and Supabase Auth). Data is stored in the EU or US depending on Supabase project region.
  • Generated asset files (logo, pattern, PDF): Supabase Storage, served via CDN.
  • Transactional email delivery: Resend.
  • Application hosting and infrastructure: Vercel.

6. Third parties we share data with

We share personal data with the following sub-processors strictly to operate the service. Each processor has its own privacy policy and appropriate data protection commitments.

We do not sell, rent, or share personal data with advertisers, data brokers, or any party not listed above.

7. Cookies and local storage

We use the minimum storage mechanisms necessary to operate the service:

  • Session cookies set by Supabase Auth to keep you signed in across page loads.
  • Browser localStorage used to persist a draft of your intake form so progress is not lost if the page reloads. This data is stored locally on your device and is deleted when you submit or clear your draft.

We do not use third-party advertising cookies, tracking pixels, or analytics scripts that profile individual users.

8. How long we keep your data

  • Account and Brand Assets: retained indefinitely while your account is active, so you can re-access purchased brands at any time.
  • Order and payment records: retained for a minimum of 7 years for tax, accounting, and legal compliance.
  • Usage and analytics data: retained for 24 months in identifiable form, then aggregated and anonymised.
  • Account deletion: if you close your account, we delete your personal information within 30 days, except where we are legally required to retain it (e.g., financial records).

9. Your rights

Under UK GDPR and applicable data protection law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data, subject to our legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Complaint — lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with the data protection authority in your country of residence.

To exercise any of these rights, email hello@brandmint.studio. We will respond within 30 calendar days.

10. Children

BrandMint is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we do, the "Last updated" date at the top will change. For material changes that affect your rights or how we process your data, we will notify you by email at least 14 days before the change takes effect.

12. Contact

For privacy questions, data requests, or complaints: hello@brandmint.studio

Also see our Terms of Service.