Privacy Policy

Last updated: September 2025

At Brand Ninja, we value the privacy and security of our users’ personal information.

This Privacy Policy explains how we collect, use, store, and protect your information when you use our software-as-a-service (SaaS) platform (“Platform”).

By using our Platform, you agree to the terms and practices described below.

1. Information We Collect

1.1 Personal Information

When you register or interact with our Platform, we may collect personal information such as:

  • Full name, email address, phone number, and business details

  • Billing and payment information

  • Account credentials and authentication details

We collect this information to provide access to our services, manage your account, and communicate with you effectively.

1.2 Usage Information

We automatically collect information about how you use our Platform, such as:

  • IP address, device identifiers, browser type, operating system, and usage logs

  • Pages visited, actions performed, and session timestamps

This helps us ensure platform security, detect misuse, and improve user experience.

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixels, analytics scripts) to:

  • Recognize returning users and maintain session integrity

  • Remember preferences and settings

  • Analyse traffic and performance metrics

You can manage or disable cookies in your browser, though some features may not function properly.

2. Use of Information

We use the information collected for legitimate business purposes, including:

2.1 Service Delivery and Improvement

To:

  • Provide and maintain the Platform

  • Personalise and optimise user experiences

  • Monitor system performance and reliability

2.2 Communication

To:

  • Send onboarding information, updates, and service announcements

  • Respond to customer inquiries and provide technical support

  • Share security, compliance, or policy updates

2.3 Analytics and Research

To:

  • Conduct usage analysis and performance benchmarking

  • Produce anonymised and aggregated statistical data for product improvement

Aggregated data does not personally identify you.

2.4 Legal and Compliance Obligations

We may process your data to:

  • Comply with legal obligations under Australian Privacy Principles (APPs)

  • Enforce our terms of service and prevent fraud or abuse

3. Data Sharing and Disclosure

We will not sell, rent, or trade your personal information. We may share limited information only in the following circumstances:

3.1 Service Providers and Sub-Processors

We engage vetted third-party vendors to assist in operations such as cloud hosting (AWS), analytics, billing, and social media integrations (e.g. Ayrshare).

All third parties are bound by strict confidentiality, data-processing, and security agreements.

A full list of approved sub-processors is available upon request.

3.2 Legal and Regulatory Disclosure

We may disclose information if required by:

  • Law, subpoena, or valid legal process

  • Regulatory or law enforcement agencies where permitted or required

3.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, we may transfer user information as part of the transaction.

We will notify users of any material change via email or notice on our website.

4. Data Security

We apply industry-standard administrative, technical, and physical safeguards to protect your information.

4.1 Security Controls

  • Encryption in transit (TLS 1.2 +) and at rest (AES-256)

  • Multi-factor authentication (MFA) for administrative access

  • Principle of least privilege and regular access reviews

  • Secure software development lifecycle (SDLC) and vulnerability assessments

4.2 Incident Response and Breach Notification

If a data breach occurs that is likely to result in serious harm, we will:

  • Investigate and contain the breach

  • Notify affected users and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme

4.3 User Responsibilities

Users are responsible for:

  • Keeping account credentials secure

  • Using strong passwords and enabling MFA where available

  • Notifying us immediately if they suspect unauthorised access

5. Data Retention and Deletion

We retain personal data only for as long as necessary to:

  • Provide our services

  • Meet legal, accounting, or reporting requirements

When data is no longer needed, it is securely deleted or anonymised in accordance with ISO 27001 standards.

Users may request deletion of their personal data at any time by contacting our Privacy Officer.

6. International Data Transfers

We may process or store data in regions outside of Australia (for example, AWS Sydney and AWS US East regions).

Where cross-border transfers occur, we ensure:

  • Equivalent levels of protection through contractual safeguards, and

  • Compliance with the Privacy Act 1988 (Cth) and applicable international standards.

7. Children’s Privacy

Our Platform is not intended for individuals under 16 years of age.

We do not knowingly collect personal data from children. If such data is discovered, we will promptly delete it.

8. Your Rights

Under the Australian Privacy Principles, you may:

  • Request access to your personal information

  • Request correction or deletion of inaccurate data

  • Withdraw consent for specific data uses (subject to contractual or legal limitations)

To exercise these rights, please contact us using the details below.

9. Updates to this Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal obligations.

Any material updates will be communicated via email or website notice with the “last updated” date amended accordingly.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

Privacy Officer

Brand Ninja (Integrity Labs Pty Ltd)

Level 3/71 Palmerston Cres South Melbourne VIC 3205

📧 privacy@brandninja.ai