Privacy Policy
At BrandDeck we take your privacy seriously. This Privacy Policy explains what personal data we collect, why we collect it, how we use it and what rights you have. BrandDeck operates in accordance with the General Data Protection Regulation (GDPR).
1. Who is responsible for your data
BrandDeck, operating under that trade name and based in the Netherlands, is the data controller for personal data processed through branddeck.co. You can reach us at hello@branddeck.co for any privacy-related questions.
2. What data we collect
We collect the following categories of personal data:
• Account data: name, email address, and password when you create an account
• Billing data: payment information processed securely via our payment provider. We do not store full card details ourselves.
• Usage data: information about how you use the platform, including features used, brands created and login activity
• Communication data: messages you send us via email or support channels
• Content data: brand assets, guidelines and other materials you upload to the platform
3. Why we collect your data
We use your personal data for the following purposes:
• To create and manage your account
• To provide and improve the BrandDeck platform
• To process your payments and manage your subscription
• To send you important service updates and notifications
• To respond to your support requests
• To comply with legal obligations
4. Where we store your data
All data is stored on servers located in Germany. We have chosen Germany specifically to ensure your data is stored within the European Union and remains fully compliant with GDPR requirements. Your data never leaves the European Economic Area.
5. How long we keep your data
We keep your personal data for as long as your account is active. After account deletion, we retain your data for 30 days to allow for account recovery, after which it is permanently deleted. Billing records may be retained for up to 7 years as required by Dutch tax law.
6. Who we share your data with
We do not sell your personal data. We may share data with the following categories of service providers who help us operate BrandDeck:
• Hosting and infrastructure providers (data stored in Germany, EU)
• Payment processors for handling subscriptions
• Email service providers for sending transactional emails
All third-party providers are bound by data processing agreements and may only use your data for the purposes we specify.
7. Your rights under GDPR
As a user in the European Economic Area, you have the following rights:
• Right of access: you can request a copy of the personal data we hold about you
• Right to rectification: you can ask us to correct inaccurate data
• Right to erasure: you can ask us to delete your personal data
• Right to restriction: you can ask us to limit how we process your data
• Right to data portability: you can ask us to provide your data in a machine-readable format
• Right to object: you can object to certain types of processing
To exercise any of these rights, contact us at hello@branddeck.co. We will respond within 30 days.
8. Security
We take appropriate technical and organizational measures to protect your personal data. For more information, see our Security page at branddeck.co/security.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you by email before any material changes take effect. The current version is always available at branddeck.co/privacy.
10. Contact and complaints
Questions or concerns about how we handle your data? Contact us at hello@branddeck.co. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
