Privacy Policy

AI Brand Radar is operated as a service of aibradar.com. The data controller responsible for your personal data is the operator of aibradar.com. For any privacy-related requests, contact us at: privacy@aibradar.com. The service is hosted on servers located in Germany (Hetzner Online GmbH, Nuremberg), within the European Union.

When you register: • Full name and email address • Password (stored as a bcrypt hash — we never store your plain-text password) • Account creation date and email verification status When you use the service: • Brand names, domains, and keywords you add for monitoring • Custom prompts you configure • Analysis results stored in your account (AI visibility scores, competitor data, content suggestions) Technical data (automatically collected): • IP address and browser type (for security and abuse prevention, not for tracking) • Session tokens (JWT, stored in your browser, expire after 30 days)

• Art. 6(1)(b) — Contract: processing necessary to provide the service you signed up for • Art. 6(1)(c) — Legal obligation: storing invoicing data as required by law • Art. 6(1)(f) — Legitimate interest: security logging and abuse prevention

• To authenticate you and maintain your session • To store and display your brand monitoring results • To send transactional emails (account verification, password reset) • To process payments via Stripe (when applicable) We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 5.

We share data with the following processors, all operating under GDPR-compliant data processing agreements: • Hetzner Online GmbH (Germany) — server hosting • Directus (self-hosted on our own server) — database • n8n (self-hosted on our own server) — workflow automation • Stripe, Inc. (USA, EU-US DPF) — payment processing • Google LLC (USA, EU-US DPF) — reCAPTCHA (registration only) AI queries sent to external models (ChatGPT, Gemini, Grok, Perplexity) during brand analysis do not contain your personal data — only the brand-related prompts you configure.

• Account data: retained as long as your account is active • Analysis results: retained for 24 months, then automatically deleted • Security logs: retained for 90 days • Payment records: retained for 10 years (legal obligation) You can request deletion of your account and all associated data at any time (see Section 7).

Under the GDPR, you have the right to: • Access — request a copy of all personal data we hold about you • Rectification — correct inaccurate data • Erasure ("right to be forgotten") — request deletion of your account and data • Portability — receive your data in a machine-readable format • Objection — object to processing based on legitimate interest • Restriction — request that we limit processing of your data • Lodge a complaint — with your national data protection authority To exercise any of these rights, email privacy@aibradar.com. We will respond within 30 days.

We use only essential cookies necessary for the service to function (session authentication). We do not use tracking, analytics, or advertising cookies. See our Cookie Policy for details.

All data is transmitted over HTTPS (TLS 1.2+). Passwords are hashed with bcrypt (cost factor 12). Our servers are located in a GDPR-compliant data center in Germany. We apply security hardening at the OS, network, and application level.

We will notify registered users by email of any material changes to this Privacy Policy at least 14 days before they take effect.