Privacy Policy
Last updated: 13 July 2026
1. Who we are
Brandaris Studio(“Brandaris”, “we”, “us”) is an AI-assisted social media studio for agencies, available at app.brandaris.studio. It is operated by Search Click Group Ltd, a company registered in England and Wales (company number 06531280) with its registered office at 128 City Road, London, England, EC1V 2NX.
Search Click Group Ltd is the data controller for personal data processed through the service. For any privacy query, or to exercise your rights, contact us at searchclickgroup@gmail.com.
Where an agency uses Brandaris to manage content for its own clients, the agency is the data controller for the client material it uploads, and we process that material on the agency’s behalf as a data processor.
2. What we collect
- Account data — your email address, full name, avatar and role. Accounts are created by invitation; there is no self-service sign-up.
- Agency and client data — agency and client names, branding (logos, colours) and the social media handles of managed accounts.
- Content — assets you upload and the posts, captions and images generated or approved in the studio.
- Social listening data — publicly available posts and comments collected for accounts and topics you choose to monitor, and public influencer profile information.
- Billing data — plan, credit usage and a link to your Stripe customer record. Card details are held by Stripe, never by us.
- Technical data — authentication cookies and security logs needed to keep your session and account safe (including two-factor authentication status).
3. How we use it and our legal basis
- Providing the service (accounts, content creation, publishing, billing) — performance of a contract, Article 6(1)(b) UK GDPR.
- Security (authentication, mandatory two-factor, abuse prevention) — legitimate interests, Article 6(1)(f).
- Service emails (invitations, password resets, review notifications) — performance of a contract. We do not send marketing email.
- Legal compliance (accounting and tax records) — legal obligation, Article 6(1)(c).
We do not sell personal data, we do not use it for advertising, and we do not run third-party analytics or tracking on the service. AI-generated content is produced from the briefs and brand material you provide; our AI providers are contractually restricted to processing that data to provide the service.
4. Who we share it with
We use a small number of service providers (processors) to run Brandaris. Each processes data only on our instructions:
- Supabase — Database, authentication and file storage.
- Vercel — Application hosting and delivery.
- Stripe — Billing and payment processing.
- Anthropic — AI text generation (captions, briefs, brand analysis).
- Higgsfield — AI image and video generation.
- Apify — Social listening data collection (public posts and comments).
- Resend — Transactional email delivery.
- Blotato — Social media publishing on connected accounts.
We may also disclose information where required by law, or as part of a business transfer (in which case this policy continues to apply).
5. International transfers
Some providers process data outside the UK, including in the United States. Where that happens we rely on appropriate safeguards: the UK International Data Transfer Agreement or Addendum, standard contractual clauses, and/or the provider’s certification under the UK Extension to the EU–US Data Privacy Framework.
6. How long we keep it
- Account data — for the life of the account, then deleted within 30 days.
- Content and client data — until you delete it or the account closes.
- Social listening data — refreshed and pruned as monitoring runs; removed when a monitored account or topic is deleted.
- Billing records — 7 years, as required by UK tax law.
- Backups — encrypted backups roll off automatically within 30 days.
7. Your rights
Under the UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- receive your data in a portable format;
- restrict or object to certain processing.
To exercise any of these, email searchclickgroup@gmail.com and we will respond within one month. You can also complain to the Information Commissioner’s Office at ico.org.uk.
8. Security
All traffic is encrypted in transit (TLS) and data is encrypted at rest. Two-factor authentication is mandatory for every account. Access to production data is restricted and role-based, and client data is isolated per agency at the database level.
9. Cookies
Brandaris uses only strictly necessary cookies (session authentication). See the Cookie Policy for the full list.
10. Children
Brandaris is a business tool for agencies and is not directed at children. We do not knowingly process children’s personal data.
11. Changes to this policy
We will post any changes on this page and update the date at the top. Material changes will be notified to account holders by email or in-app notice.
