Legal
Privacy Policy
Last updated: 1 June 2026
1. Who we are
brandmystic is an AI-powered brand reading service. We analyse the content you provide — resume, social media posts, and profiles — and return a tarot-style brand reading. References to "we", "us", or "brandmystic" in this policy refer to the operators of this service.
2. What data we collect
We collect only what you choose to give us: the text content you paste into the reading form (resume, LinkedIn, TikTok, Instagram, or X content), your email address if you create an account, and basic usage data (pages visited, reading tier selected) to help us improve the service. We do not collect or store social media credentials, passwords, or any data scraped from third-party platforms.
3. How we use your data
Your submitted content is sent to Anthropic's Claude API to generate your brand reading. It is not stored on Anthropic's servers beyond the duration of the API call. We may store your reading result in our database if you create an account, so you can return to it later. We do not sell, license, or share your content with third parties for advertising purposes.
4. Marketing communications
If you opt in to marketing updates during the reading flow, we may email you about new features, tips, and offers. You can unsubscribe at any time via the link in any marketing email or by contacting us directly. Transactional emails (reading delivery, account notices) are sent regardless of marketing preference.
5. Third-party services
We use Anthropic (AI reading generation), Clerk (authentication), Stripe (payments), Supabase (database), Resend (transactional email), and Sentry (error monitoring). Each has its own privacy policy and data processing terms. By using brandmystic, you acknowledge that your data may pass through these services in the course of providing the reading.
6. Data retention
Reading results are stored for as long as your account is active. If you delete your account, your stored readings are deleted within 30 days. Content submitted without an account (guest readings) is not retained beyond the current session.
7. Your rights
Depending on your location, you may have the right to access, correct, or delete your personal data. To make a request, contact us at the address below. We will respond within 30 days.
8. Cookies and local storage
We use only strictly necessary cookies and browser storage — nothing that requires your consent. Here is what we set and why:
Authentication (Clerk): session cookies that keep you signed in across page loads. These are deleted when you sign out or your session expires.
Payments (Stripe): session cookies set during checkout to prevent fraud and process your payment securely. These are not used for advertising.
Reading state (localStorage): we store a small flag (bm_reading_used) in your browser's local storage so we know you have already used your free reading, and a temporary cache (bm_reading_cache) so your result survives a page refresh. These never leave your device and are not shared with anyone.
Session data (sessionStorage): we temporarily hold your submitted content and reading result in sessionStorage to pass it between pages during your active session. This is cleared automatically when you close the tab.
We do not use analytics cookies, advertising cookies, or any third-party tracking pixels. Because we use only strictly necessary storage, no cookie consent banner is required.
9. Children
brandmystic is not directed at children under 16. We do not knowingly collect personal information from anyone under that age.
10. Changes to this policy
We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the service after changes take effect constitutes acceptance.
11. Contact
Questions about this policy? Email us at hello@brandmystic.io.