PRIVACY POLICY

This Privacy Policy explains how Brand Muse ("we," "us," "our") collects, uses, stores, and protects your information when you use our creator analytics platform and services.

Brand Muse is an independent service and is not affiliated with, endorsed by, or sponsored by TikTok Inc., YouTube LLC, Instagram LLC, Meta Platforms Inc., X Corp., Shopify Inc., or any other social media or e-commerce platform.

By using Brand Muse, you agree to the collection and use of information in accordance with this Privacy Policy.

A. Information from Social Media Platforms

When you authorize Brand Muse to connect to your social media accounts, we collect data through each platform's official API in accordance with your authorization.

TikTok Data Collection

When you connect your TikTok account, we access the following information:

user.info.basic - Basic profile information:

• Open ID (unique identifier)
• Union ID (cross-app identifier)
• Avatar URLs
• Display name

user.info.profile - Extended profile information:

• Profile web link
• Profile deep link
• Bio description
• Verification status

user.info.stats - Performance statistics:

• Follower count
• Following count
• Likes count
• Video count

video.list - Your public videos:

• Video ID
• Video title
• Video description
• Duration
• Cover image URL
• Embed links
• Share URLs
• Creation time
• Publicly available engagement metrics

We only access your own TikTok data through authorized API endpoints. We do not and cannot access other users' private data.

Instagram and Facebook (Meta) Data Collection

When you connect your Instagram account via Facebook Login for Business, we access the following information through Meta's official APIs:

Profile and account data:

• Instagram Business or Creator account ID
• Username, profile picture, and account type
• Follower count, follows count, media count
• Biography and website (when available)

Content and media:

• Your media posts (images, videos, reels, carousels)
• Captions, permalinks, timestamps
• Publicly available engagement metrics (likes, comments, saves, shares, plays, impressions, reach)

Insights and analytics:

• Account-level insights (impressions, reach, follower count, accounts engaged)
• Media-level insights appropriate to content type (e.g., plays for reels, impressions for feed posts)

Facebook Page linkage (required for Instagram Business):

• Page ID and name associated with your Instagram Business account (used only to establish the connection)

We only access your own Instagram and linked Page data through authorized API endpoints. We do not access other users' private data. Data is used solely to provide your owned-content analytics, performance insights, and strategic recommendations within Brand Muse. We comply with Meta's Platform Terms, Data Use Policy, and applicable developer policies.

YouTube Data Collection

When you connect your YouTube channel, we access profile, channel statistics, owned-video metadata, and performance data such as views, watch time, and subscriber change as authorized by you through Google's OAuth and YouTube API. Specific data types are disclosed at connection time and in our dashboard. We comply with Google's API Services User Data Policy. This data is used to provide your Brand Muse features and may be processed by contracted service providers only to operate and secure the service.

X (Twitter) Data Collection

When you connect your X (formerly Twitter) account, we access the following information through X's OAuth 2.0 API (with PKCE):

users.read - Basic profile information:

• User ID
• Username (handle)

tweet.read - Read access to your posts:

• Used to verify your account connection and support future analytics features

We request the offline.access scope to maintain your connection without requiring repeated authorization. We only access your own X data through authorized API endpoints. We do not and cannot access other users' private data.

Shopify Data Collection

When you connect your Shopify store, we access the following information through Shopify's API using credentials you provide:

• Store URL and store name
• Order data (order IDs, revenue totals, order dates, currency, attribution source)

This data is used solely to provide ROI tracking and attribution analytics within your Brand Muse dashboard. We store your Shopify API credentials in encrypted form.

B. Information You Provide Directly

• Account Information: Email address, password (encrypted), account preferences
• Profile Information: Display name, profile settings
• Communications: Messages sent to customer support, feedback, survey responses

C. Automatically Collected Information

• Device Information: Browser type and version, operating system, device type
• Log Data: IP address, access times, pages viewed, referring URLs
• Cookies and Tracking Technologies: Session identifiers, authentication tokens, preference settings
• Usage Data: Features accessed, time spent on platform, interaction patterns
• Usage and decision-making data: When you use the product we may store how you interact with it (e.g. which features or content you view, choices you make in the app) and decision context (e.g. selections and preferences) to personalize your experience and improve our service. This data is tied to the resources you use (e.g. per connected platform where relevant) and is deleted when you delete that platform's data or your full account (see Data Retention and Your Rights below).

We use your information solely to provide, maintain, and improve Brand Muse services.

Primary Uses

Display Your Social Media Data:

• Present your profile information in your personal dashboard
• Display your performance statistics and metrics
• Show your content library and engagement data

Calculate Personalized Analytics:

• Analyze your content performance trends
• Generate engagement insights specific to your account
• Score your creator influence based on your metrics
• Identify patterns in your content performance

Maintain Your Account:

• Authenticate your identity and manage access
• Secure your account and prevent unauthorized access
• Communicate service updates and important notices
• Provide customer support

Improve Our Service:

• Fix bugs and resolve technical issues
• Enhance user experience and interface design
• Develop new features and analytics capabilities
• Conduct internal research on service performance

Important Limitations

We do NOT:

• Share your data with other Brand Muse users
• Combine your data with other users' data for aggregate analytics shared with third parties
• Train AI models on your data that are then used to serve other users
• Sell your personal information to third parties
• Use your data for advertising purposes or to create advertising profiles
• Access data beyond what you explicitly authorize through platform API scopes

Your data remains in your isolated account accessible only to you.

For All Users

We process your information based on:

• Consent: You explicitly authorize us to access your social media data through platform authentication flows
• Contract: Processing is necessary to provide Brand Muse services as outlined in our Terms of Service
• Legitimate Interests: Service improvement, security, fraud prevention, and technical maintenance

For Users in the European Economic Area, UK, and Switzerland (GDPR)

We process your personal data on the following legal bases:

• Consent (Article 6(1)(a) GDPR): For collecting and processing social media data you authorize
• Contract Performance (Article 6(1)(b) GDPR): To provide the services you requested
• Legitimate Interests (Article 6(1)(f) GDPR): For service improvement, security, and fraud prevention, where such interests are not overridden by your data protection rights

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

We Do Not Sell Your Personal Information

Brand Muse does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

Limited Sharing

We share your information only in the following circumstances:

Service Providers and Data Processors:

We engage third-party companies to perform services on our behalf, including:

• Cloud infrastructure providers (hosting and storage)
• Database services
• Authentication and security services (WorkOS for login and session management)
• AI model providers (Anthropic and Google) that process your chat messages and related context to power Brand Muse's AI strategist features. Your messages, conversation history, and relevant account context (such as brand profile and campaign information) are sent to these providers to generate responses. These providers process data according to their respective data processing agreements and do not use your data to train their models.
• Error monitoring and performance tracking services (Sentry) that receive technical error data, request metadata, and limited user context to help us identify and fix issues
• Creator data and intelligence providers (InsightIQ by Phyllo) that provide publicly available creator profile and audience data for our creator discovery features. When you use creator search, your search queries are sent to this provider.
• Analytics tools for service improvement
• Customer support platforms

These service providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to:

• Protect your information with appropriate security measures
• Use your information only for the purposes we specify
• Comply with applicable data protection laws
• Not disclose your information to others

Legal Requirements and Protection of Rights:

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, government request)
• Enforcement of our Terms of Service
• Protection of the rights, property, or safety of Brand Muse, our users, or the public
• Detection, prevention, or addressing of fraud, security, or technical issues

Business Transfers:

If Brand Muse is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our service of any change in ownership or use of your personal information.

With Your Consent:

We will seek your explicit consent before sharing your information for any purpose not covered in this Privacy Policy.

Storage Location

Your data is stored on secure servers located primarily in the United States. We use industry-standard cloud infrastructure providers to ensure reliability and security.

Security Measures

We implement appropriate technical and organizational measures to protect your information:

Technical Safeguards:

• Encryption in transit using TLS/SSL protocols
• Encryption at rest for sensitive data
• Secure authentication mechanisms
• Regular security audits and vulnerability assessments
• Isolated data architecture (each user's data in separate silos)
• Access logging and monitoring

Organizational Safeguards:

• Strict access controls limiting who can access user data
• Employee training on data protection and privacy
• Confidentiality agreements with all personnel
• Incident response procedures
• Regular security policy reviews

Platform-Specific Compliance

We comply with data protection requirements specified by each connected platform, including TikTok's Developer Data Sharing Agreement, Meta's Platform Terms, Google's API Services User Data Policy, X's Developer Agreement and Policy, and Shopify's API Terms of Service.

Important Notice

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to maintain and improve our security practices.

Active Account Data

While your Brand Muse account is active, we store your connected platform data in your isolated account to provide analytics and dashboard features.

TikTok: Profile information and statistics (display name, bio, follower count, following count, likes count, video count); video metadata and performance metrics; calculated analytics.

Instagram (Meta): Instagram Business or Creator profile and statistics; media metadata and engagement metrics; account-level and media-level insights; calculated analytics. We store access tokens necessary to refresh data and honor Meta's data retention and deletion requirements.

YouTube: Channel and profile data, video metadata, and analytics as authorized at connection.

X (Twitter): User ID and username. Access and refresh tokens necessary to maintain your connection.

Shopify: Store URL, store name, order data (order IDs, revenue totals, order dates, currency, attribution source), and encrypted API credentials.

All platform data is stored in your isolated account that only you can access. We do not share this data with other users or use it to train AI models for other users. Your data is stored securely and can be deleted at any time through your account settings or via platform-specific data deletion requests (see below).

After Account Deletion

When you delete your Brand Muse account:

| Data Type | Retention Period | |-----------|------------------| | Social media profile data (TikTok, Instagram, YouTube, X) | Deleted within 30 days | | Social media statistics | Deleted within 30 days | | Content metadata | Deleted within 30 days | | Calculated metrics and analytics | Deleted within 30 days | | Shopify order data and encrypted credentials | Deleted within 30 days | | AI chat history and conversation data | Deleted within 30 days | | Usage and decision-making data (behavioral patterns, decision context) | Deleted within 30 days | | Account email address | Retained for 90 days for legal compliance and anti-fraud purposes | | Access tokens (all platforms) | Immediately invalidated | | Billing records (if applicable) | Retained for 7 years as required by law |

After Platform Authorization Revocation

When you disconnect a connected platform (TikTok, Instagram, YouTube, X, or Shopify):

• We stop fetching new data from that platform immediately
• Access tokens for that platform are invalidated and removed
• Your stored data for that platform remains in your Brand Muse account until you manually delete it or delete your account
• You can delete platform-specific data at any time through your account settings

Instagram/Meta: You may also request data deletion through Meta's data deletion instructions. We support Meta's Data Deletion Callback: when Meta notifies us of a deletion request, we delete the user's Instagram-related data and respond with a confirmation code as required by Meta's platform policies.

Legal Compliance

We may retain certain information as required by applicable laws, regulations, or legal processes, including for tax, accounting, or audit purposes.

Rights Available to All Users

Access Your Data: View all your data in your Brand Muse dashboard

Delete Your Data: Delete your account at any time through Settings → Account → Delete Account

Revoke Platform Access: Disconnect social media accounts through:

• TikTok: Settings → Security → Manage Apps, or Brand Muse Settings → Integrations
• Instagram: Facebook Settings → Business Integrations (or Meta account settings), or Brand Muse Settings → Integrations
• YouTube: Google Account → Security → Third-party access, or Brand Muse Settings → Integrations
• X (Twitter): X Settings → Security and account access → Apps and sessions, or Brand Muse Settings → Integrations
• Shopify: Brand Muse Settings → Integrations

Export Your Data: Request a copy of your data by emailing admin@brandmuseagency.com

Update Your Information: Modify account settings and preferences at any time

Opt-Out of Communications: Unsubscribe from marketing emails using the link in each message

California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the right to:

Right to Know: Request disclosure of:

• Categories of personal information collected
• Categories of sources from which information is collected
• Business purpose for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information collected

Right to Delete: Request deletion of your personal information, subject to certain exceptions

Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising

Right to Correct: Request correction of inaccurate personal information

Right to Limit Use of Sensitive Personal Information: Request limitation on use of sensitive personal information

Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

Authorized Agent: You may designate an authorized agent to submit requests on your behalf

Verification: We may request additional information to verify your identity before processing requests

Response Time: We will respond within 45 days of receipt of a verifiable request

To exercise these rights, email admin@brandmuseagency.com or use the account settings in the Brand Muse application.

European Economic Area, UK, and Switzerland Residents (GDPR Rights)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of Access: Obtain confirmation of whether we process your personal data and access to that data

Right to Rectification: Correct inaccurate or incomplete personal data

Right to Erasure (Right to be Forgotten): Request deletion of your personal data under certain circumstances

Right to Restriction of Processing: Request that we limit processing of your personal data in certain situations

Right to Data Portability: Receive your personal data in a structured, machine-readable format

Right to Object: Object to processing of your personal data based on legitimate interests

Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing

Right to Lodge a Complaint: File a complaint with your local Data Protection Authority

Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you

To exercise these rights, email admin@brandmuseagency.com. We will respond within 30 days as required by GDPR.

Contact for Rights Requests

Email: admin@brandmuseagency.com
Subject Line: Privacy Rights Request
Include: Your registered email address and specific right you wish to exercise

Brand Muse is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age.

If you are under 18 years of age, please do not use Brand Muse or provide any personal information to us.

If we become aware that we have collected personal information from an individual under 18 years of age, we will take steps to delete that information promptly. If you believe we have collected information from someone under 18, please contact us immediately at admin@brandmuseagency.com.

Age Verification

We may request additional verification if we have reason to believe a user may be under 18 years of age.

Cross-Border Data Processing

Brand Muse operates in the United States, and your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

Safeguards for International Transfers

For users in the European Economic Area, UK, and Switzerland, we ensure appropriate safeguards for international data transfers:

Standard Contractual Clauses: We use Standard Contractual Clauses approved by the European Commission

Adequacy Decisions: We rely on adequacy decisions where applicable

Service Provider Agreements: Our service providers are contractually required to provide appropriate data protection

TikTok Compliance: We comply with TikTok's requirements for international data transfers

By using Brand Muse, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

Types of Cookies We Use

Essential Cookies:

• Required for service functionality
• Enable core features like authentication and security
• Cannot be disabled without affecting service functionality

Preference Cookies:

• Remember your settings and preferences
• Enhance user experience
• Can be controlled through browser settings

Analytics Cookies:

• Understand how users interact with our service
• Improve service performance and user experience
• Provide aggregate usage statistics

Third-Party Analytics

We may use third-party analytics services such as Google Analytics to understand service usage patterns. These services may collect information about your use of Brand Muse and other websites.

Your Cookie Choices

Browser Settings: You can control cookies through your browser settings to refuse all cookies or indicate when a cookie is being sent

Impact of Disabling Cookies: Some features of Brand Muse may not function properly if you disable cookies, particularly authentication and session management features

Do Not Track Signals

Some browsers include a "Do Not Track" feature. Our service does not currently respond to Do Not Track signals because there is no industry consensus on how to interpret these signals.

We Do NOT Use Cookies For:

• Cross-site tracking for advertising
• Creating advertising profiles
• Selling data to third-party advertisers or data brokers

Brand Muse may contain links to social media platforms (TikTok, YouTube, Instagram, X), e-commerce platforms (Shopify), and other third-party websites or services.

Important Notice:

• This Privacy Policy applies only to Brand Muse
• We are not responsible for the privacy practices of third-party websites or services
• We encourage you to review the privacy policies of any third-party sites you visit
• Your interactions with third-party platforms are governed by their respective privacy policies

Updates and Modifications

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

Notification of Changes

When we make material changes to this Privacy Policy, we will notify you by:

• Email to your registered email address
• Prominent in-app notification
• Notice on our website at brandmuseagency.com

Material Changes: We will provide at least 30 days' advance notice for material changes that affect how we use your personal information

Non-Material Changes: Minor updates may be posted without advance notice

Review and Acceptance

We encourage you to review this Privacy Policy periodically. Your continued use of Brand Muse after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

If you do not agree with the revised Privacy Policy, you must stop using Brand Muse and may delete your account.

Version History

Previous versions of this Privacy Policy are available upon request by emailing admin@brandmuseagency.com.

Contact for Privacy Matters

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: admin@brandmuseagency.com

For Legal Matters

Email: admin@brandmuseagency.com

For EEA, UK, and Switzerland Residents

Data Protection Contact: admin@brandmuseagency.com

Right to Lodge Complaint: You have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have not complied with applicable data protection laws.

• EU Citizens: Find your DPA at https://edpb.europa.eu/about-edpb/board/members_en
• UK Citizens: Information Commissioner's Office (ICO) at https://ico.org.uk/
• Swiss Citizens: Federal Data Protection and Information Commissioner (FDPIC)

Response Time

We strive to respond to all privacy inquiries within:

• 30 days for GDPR requests
• 45 days for CCPA requests
• 14 business days for general inquiries

Legal Entity: Brand Muse
Email: admin@brandmuseagency.com

For users in the European Economic Area, UK, and Switzerland, Brand Muse is the data controller responsible for your personal information.

TikTok Integration Compliance

We comply with all requirements specified in:

• TikTok Developer Terms of Service
• TikTok Developer Data Sharing Agreement
• TikTok API Product Privacy Policy

Our use of TikTok data is limited to providing analytics services to the authenticated user and does not include:

• Using TikTok data to build competitive products
• Creating derivative works that compete with TikTok
• Training AI models that serve users other than the authenticated user
• Sharing TikTok data with other Brand Muse users

Data Storage for Owned Content Dashboard: To provide you with analytics and dashboard features, we store your TikTok data (profile information, statistics, and video metadata) in your isolated account. This data is stored securely, is accessible only to you, and can be deleted at any time. We store this data to enable features such as performance tracking, trend analysis, and historical comparisons in your owned content dashboard.

Instagram and Meta Compliance

We comply with Meta's requirements for apps that access Instagram and Facebook data, including:

• Meta Platform Terms and Developer Policies
• Facebook Platform Terms and Data Use Policy
• Use of data only to provide the services described (owned-content analytics, insights, and recommendations)
• Support for Meta's Data Deletion Callback so users can request deletion of their Instagram-related data through Meta
• No use of Instagram or Facebook data for advertising, building advertising profiles, or selling data

Our use of Instagram and Facebook data is limited to the authenticated user's own connected accounts and does not include building competitive products, training AI models for other users, or sharing data with other Brand Muse users.

YouTube Integration Compliance

For YouTube-connected accounts, Brand Muse uses data only to provide user-facing analytics and recommendations to the authenticated account owner. We do not sell YouTube data, use it for advertising/profile building, or share it with other Brand Muse users. Human access to YouTube-linked user data is limited to operational support, security, and legal/compliance obligations under role-based controls and audit logging.

X (Twitter) Integration Compliance

We comply with X's Developer Agreement and Policy, including:

• X API Terms of Service and Developer Policy
• Use of data only to provide the services described (account connection and analytics)
• No use of X data for advertising, building advertising profiles, or selling data

Our use of X data is limited to the authenticated user's own connected account. We access only your user ID and username through the users.read scope and your posts through the tweet.read scope. We do not build competitive products, train AI models for other users, or share data with other Brand Muse users.

Shopify Integration Compliance

When you connect your Shopify store, we access order data solely to provide ROI tracking and attribution analytics within your Brand Muse dashboard. Your Shopify API credentials are stored in encrypted form and are used only to sync order data on your behalf. We do not access customer personal information from your Shopify store beyond order-level revenue and attribution data.

AI Service Providers

Brand Muse uses third-party AI model providers (Anthropic and Google) to power its AI strategist features. When you interact with the Muse chat or AI-powered features:

• Your chat messages, conversation history, and relevant account context (such as brand profile and campaign details) are sent to these providers to generate responses
• These providers act as data processors and process your data only to return responses to Brand Muse
• We select the AI provider automatically based on the type of request (e.g., strategic analysis vs. general queries)
• We do not use your data to fine-tune or train third-party AI models
• These providers are contractually obligated to protect your data and not use it for their own purposes beyond providing the service

Other Platform Integrations

We comply with each connected platform's developer policies and data protection requirements. Updated privacy disclosures will be provided when we add new platform integrations.

California residents have the right to request information about the disclosure of personal information to third parties for direct marketing purposes. As stated in this Privacy Policy, we do not share your personal information with third parties for their direct marketing purposes.

Nevada residents have the right to opt-out of the sale of certain personal information to third parties. As stated in this Privacy Policy, we do not sell your personal information. If you have questions, contact admin@brandmuseagency.com.

By using Brand Muse, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection, use, and disclosure of your information as described
• You understand your rights and how to exercise them
• You agree to the terms outlined in this Privacy Policy

If you do not agree with this Privacy Policy, you must not use Brand Muse.

For questions or concerns about this Privacy Policy, please contact us at admin@brandmuseagency.com