Legal

Privacy and data processing

Information handling during website research, checkout, video production, delivery and support. Service: BrandCapture.

Last updated: 19 July 2026

1. Controller and scope

The service operator identified below is the controller for data collected through this website and the video production service. When a customer submits personal data about other people, that customer is responsible for having a lawful basis and giving required notices.

2. Information we process

  • Contact, business and billing details, including name, company, email, phone, country and invoice information.
  • Creative briefs, instructions, messages, approvals, revision notes and support conversations.
  • Uploaded logos, images, video, audio, documents and other production assets.
  • Public business website content and technical results needed to prepare the creative plan.
  • Payment status and transaction references; full card details are handled by the payment provider and are not stored by us.
  • Security, device, request and service logs. Optional audience analytics are collected only after analytics consent.

3. Why we use it and legal bases

  • To provide a requested plan, perform the order, produce and deliver files, manage revisions, issue invoices and provide support—necessary for the contract or steps requested before it.
  • To secure the service, prevent abuse, maintain records, improve reliability and defend legal claims—our legitimate interests, balanced against individual rights.
  • To meet tax, accounting, consumer, sanctions and other legal duties—compliance with law.
  • To send optional marketing or run optional audience analytics—consent where required. Consent can be withdrawn at any time without affecting earlier lawful processing.

4. Website research and public data

The scanner accesses only publicly reachable pages from the website submitted by the user. We use that content to understand the business and draft a private creative plan. We do not treat public availability as permission to republish third-party personal data in a video.

5. AI-assisted processing

Selected brief content, public website text or production assets may be sent to configured AI and media providers when needed for research, scripting, voice, imagery, translation, editing or quality checks. We minimise the data sent and use provider controls available to the service. Do not include unnecessary sensitive data.

We do not use a solely automated decision that produces legal or similarly significant effects for the customer. A person controls the production decision and reviews proofs before delivery.

6. Recipients and processors

Data is shared only as needed with infrastructure and hosting providers, content delivery and security services, payment processors, email providers, private file storage, professional advisers, and configured AI or media production providers. Providers act under their own terms or processing commitments, as applicable.

We may disclose information when lawfully required, to protect people or the service, or as part of a business transfer with appropriate safeguards. We do not sell personal data.

7. International transfers

Some providers may process data outside your country or the European Economic Area. Where required, we rely on an adequacy decision, standard contractual clauses or another lawful transfer mechanism, with supplementary safeguards where appropriate.

8. Retention

We keep information only for as long as needed for the project, delivery, support, security and legal obligations. Retention depends on the record: unsuccessful enquiries are removed when no longer useful; production assets are kept for the active workflow and a reasonable support/download period; invoices and transaction records are retained for the statutory accounting period; dispute and security records are retained while a claim or risk remains relevant.

9. Security

We use access controls, private storage, token-protected customer pages, transport encryption, validation and operational monitoring. You must protect private project links and tell us promptly if one is exposed. No method of storage or transmission can be guaranteed completely secure.

10. Your rights

Depending on applicable law, you may request access, correction, deletion, restriction, portability or objection, and may withdraw consent. You may also complain to your local data protection authority. We may need to verify identity before acting.

We respond without undue delay and normally within one month under the GDPR. That period may be extended for complex or numerous requests where the law permits, and we will explain any extension.

11. Children

This business service is not directed to children and is not intended for orders by people who cannot enter a binding contract.

12. Changes and contact

We may update this notice when the service or legal requirements change. The current version and revision date are published here. Privacy contact: [email protected].