Last updated: April 2026. By accessing or using Brandy, you agree to these Terms & Conditions. Please read them carefully.

1. Service description

Brandy is an AI-powered product marketing assistant. The service is provided on an "as is" basis and is intended to support marketing professionals, business owners, and entrepreneurs. Brandy does not replace professional legal, financial, or medical advice.

2. User accounts

You are responsible for maintaining the confidentiality of your login credentials. You must not share your account with others or use another person's account without authorisation. You must be at least 18 years old to create an account.

3. Acceptable use

You agree not to use Brandy to:

• Generate content that is unlawful, harmful, or discriminatory
• Attempt to reverse-engineer, scrape, or exploit the service
• Violate the rights of any third party
• Circumvent any security or access controls

4. Intellectual property

All content, design, and code within Brandy is the property of the service operator. You retain ownership of any content you provide as input. Brandy's responses are generated by AI and should be reviewed before use in commercial contexts.

5. Credits and payments

Some features may require credits. Credits are non-refundable once used. Pricing may change with reasonable notice provided to registered users.

6. Limitation of liability

To the maximum extent permitted by law, the service operator shall not be liable for any indirect, incidental, or consequential damages arising from your use of Brandy. AI-generated content may contain errors — always review before publishing or distributing.

7. Termination

We reserve the right to suspend or terminate accounts that violate these Terms. You may delete your account at any time from the profile settings.

8. Governing law

These Terms are governed by the laws of the European Union and applicable member state laws. Any disputes shall be subject to the jurisdiction of EU courts.

9. Changes to these Terms

We may update these Terms from time to time. Continued use of the service after changes constitutes acceptance of the updated Terms.

10. Contact

For questions about these Terms, please contact us through the Brandy platform.

We collect your email for login — that is the only personal data collected, and we do not collect or store more personal data. We keep all such data according to strict EU legal compliance as described below. We do not collect personal data for marketing, profiling, advertising, or any purpose beyond providing you with the Brandy service. Your conversations, business information, and account details belong to you. They are never sold, shared, rented, or disclosed to any third party.

Last updated: April 2026. This Privacy Policy is written in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the EU ePrivacy Directive (2002/58/EC), the EU AI Act (Regulation (EU) 2024/1689), and applicable national data protection laws including Hungary's Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

1. Data controller

Brandy is operated as an independent AI marketing service. The operator acts as data controller under GDPR Article 4(7). For all data protection matters, contact us through the Brandy platform.

2. What personal data we collect — and why

Under GDPR Article 4(1), personal data means any information relating to an identified or identifiable person. We apply strict data minimisation (GDPR Article 5(1)(c)) and collect only what is strictly necessary:

• Email address — collected solely for account authentication and transactional communications (password reset, account verification). It is never used for marketing, profiling, or sharing with third parties. This is the only directly identifying personal data we hold.
• Display name — optional. You may use any name or pseudonym. Used only to personalise how Brandy addresses you.
• Encrypted password — stored as a one-way hash. We cannot read your password. Used only for authentication.
• Conversation history — your messages and Brandy's responses, stored to provide continuity across sessions. You may delete all conversation memory at any time from your profile settings.
• Session token — a temporary cryptographic token issued at login, used to authenticate your session. Expires automatically when you log out.
• Knowledge profile — when the "Remember me" feature is enabled, Brandy periodically extracts key facts you share during conversations (such as brand name, advertising platforms, target audience, and marketing goals) and stores them as a personal knowledge profile. This enables Brandy to remember you beyond the last 40 messages. This feature is ON by default and can be disabled at any time from your profile settings. The knowledge profile is deleted when you use the "Delete all history & memory" button.

We do not collect: payment details, phone numbers, location data, biometric data, health data, IP addresses for profiling, behavioural tracking data, or any data category listed as sensitive under GDPR Article 9.

3. No cookies

Brandy does not use cookies of any kind — not analytics cookies, not advertising cookies, not third-party tracking cookies. We use browser local storage solely to retain your session token and display preferences (language, colour theme). This is strictly necessary for the service to function and does not require separate consent under the EU ePrivacy Directive (2002/58/EC). No cookie banner is required because no non-essential cookies are placed.

4. Legal basis for processing (GDPR Article 6)

• Contract performance (Art. 6(1)(b)): email address and session data are processed to provide the service you signed up for.
• Consent (Art. 6(1)(a)): conversation memory storage is based on your consent, which you may withdraw at any time by deleting your history from profile settings.
• Legitimate interests (Art. 6(1)(f)): session security and fraud prevention, where our interests do not override your fundamental rights.

5. What we never do

We make the following strict commitments, enforceable under EU law:

• We never sell, rent, or trade your personal data to any third party
• We never share your conversations with other users or organisations
• We never use your business information or conversations to train AI models
• We never display advertising or use your data for ad targeting
• We never perform automated profiling that produces legal or significant effects (GDPR Article 22)
• We never transfer your data to third countries without appropriate GDPR safeguards

6. Conversation memory and knowledge profile — your control

Brandy stores two types of memory to provide a personalised experience. You have full control over both:

• Conversation history — the last 40 messages of your sessions, used to maintain context within and across conversations
• Knowledge profile — key facts Brandy extracts from your conversations every 5 messages when the "Remember me" feature is enabled (ON by default). This includes things like your brand, platforms, audience, and goals. It persists beyond the 40-message window so Brandy never forgets what matters.

You may disable the "Remember me" feature at any time from your profile settings — this stops new facts from being saved. You may permanently delete both your conversation history and knowledge profile at any time using the "Delete all history & memory" button in your profile settings. Deletion is immediate, irreversible, and guaranteed under GDPR Article 17 (right to erasure).

7. AI processing and the EU AI Act

Brandy uses the Anthropic Claude API. Under the EU AI Act (Regulation (EU) 2024/1689), effective August 2026:

• Brandy is a general-purpose AI assistant classified as a limited-risk system
• You always know you are interacting with an AI — Brandy is transparent about this by design
• Your messages are processed by Anthropic's API under a Data Processing Agreement with Standard Contractual Clauses for EU-to-US transfers
• Your conversations are not used to train AI models

8. Data storage and security

Data is stored via Supabase on EU-region infrastructure. All data is encrypted in transit (TLS 1.2+) and at rest. Access is restricted to authorised systems only. In the event of a data breach, we will notify the relevant supervisory authority within 72 hours (GDPR Article 33) and affected users without undue delay (GDPR Article 34).

9. Data retention

• Account data: retained while your account is active; permanently deleted within 30 days of account closure
• Conversation history: retained while your account is active; delete at any time from profile settings
• Session tokens: expire automatically on logout

10. Your rights under GDPR (Articles 15–22)

• Access (Art. 15): request a copy of your personal data
• Rectification (Art. 16): correct inaccurate data
• Erasure (Art. 17): delete your data — exercisable directly from profile settings
• Restriction (Art. 18): limit how we process your data
• Portability (Art. 20): receive your data in machine-readable format
• Object (Art. 21): object to processing based on legitimate interests

Requests will be responded to within 30 days (GDPR Article 12).

11. Sub-processors

• Anthropic (USA): Claude API for AI responses — Standard Contractual Clauses apply
• Supabase (EU region): database and authentication
• Railway (USA): application hosting — Standard Contractual Clauses apply

12. Supervisory authority

You have the right to lodge a complaint with your national Data Protection Authority. Hungarian users may contact the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) at naih.hu. All EU DPA contacts are listed at edpb.europa.eu.

13. Changes to this policy

Material changes will be communicated to registered users. Continued use after changes constitutes acceptance. The "Last updated" date above always reflects the current version.