Privacy Policy

1. Introduction

Brandbing ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Platform.

This policy applies to all users of Brandbing, including visitors to public brand sheets, registered affiliates, and casino operators with dashboard access.

2. Data We Collect

2.1 Public Website Visitors

When you browse Brandbing's public pages (brand sheets, directory, API documentation), we collect:

• • Technical data: IP address, browser type, device information, operating system
• • Usage data: Pages viewed, search queries, time spent on pages, referral source
• • API usage: Endpoint accessed, query parameters, request frequency (for rate limiting and abuse prevention)

2.2 Registered Users (Operators & Affiliates)

When you create an account or claim a brand, we collect:

• • Account data: Name, email address, company name, job title
• • Authentication data: Password (hashed and encrypted), session tokens
• • Brand ownership verification: Domain verification records, proof of affiliation with casino operator
• • Activity logs: Login times, brand updates made, data exports

2.3 Affiliate Network Participants (Future)

When affiliate network features launch, we will additionally collect:

• • Payment information: PayPal email, bank account details (for commission payouts), tax identification numbers
• • Traffic data: Clicks, conversions, player activity tracked via Everflow (anonymized player data only — we do not receive personally identifiable player information)
• • Communications: Support tickets, forum posts, messages with operators

2.4 Contact Form Submissions

If you contact us via the "For Operators" form or support channels, we collect your name, email, company, and message content to respond to your inquiry.

3. How We Use Your Data

We use your personal data for the following purposes:

• • Platform operation: Providing access to brand sheets, managing user accounts, authenticating logins
• • Data verification: Confirming operator identity before granting brand editing access
• • Communication: Sending account notifications, data update alerts, service announcements
• • Affiliate payments: Processing commission payouts (when network launches)
• • Analytics and improvement: Understanding how the Platform is used to improve features, content, and performance
• • Security and fraud prevention: Detecting abuse, preventing unauthorized access, enforcing Terms of Service
• • Legal compliance: Meeting regulatory obligations (KYC, anti-fraud, tax reporting)

Legal Basis (GDPR): We process your data based on legitimate interest (platform operation, fraud prevention), contractual necessity (user accounts, affiliate payments), and legal obligation (tax compliance, KYC).

4. Data Sharing and Third Parties

Brandbing does not sell your personal data. We share data only in the following circumstances:

4.1 Service Providers

We use trusted third-party services to operate the Platform:

• • Cloudflare Pages: Website hosting and content delivery
• • Railway (Directus CMS): Database hosting for brand data and user accounts
• • Cloudflare R2: File storage for logos, documents, and brand assets
• • Everflow (future): Affiliate tracking and conversion attribution
• • Resend (future): Transactional email delivery

All service providers are contractually required to protect your data and use it only for Brandbing's purposes.

4.2 Public Data

Brand data you submit as an operator (casino name, bonuses, licensing info) is publicly displayed on brand sheets and accessible via the API. Do not include personal data in brand submissions.

4.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect Brandbing's rights and safety.

5. Cookies and Tracking

Brandbing uses cookies and similar technologies for authentication, analytics, and site functionality.

Types of Cookies We Use:

• Essential Cookies Session authentication, security tokens. These are necessary for the Platform to function and cannot be disabled.
• Analytics Cookies (Future) When analytics are implemented, we'll use privacy-focused tools (e.g., Plausible or self-hosted solutions) to understand usage patterns without tracking individual users.

You can manage cookies via your browser settings. Disabling essential cookies may prevent you from logging in or using certain features.

6. Data Retention

We retain your personal data for as long as necessary to provide services and comply with legal obligations:

• • Active accounts: Data retained while your account is active
• • Inactive accounts: Automatically deleted after 2 years of inactivity (with prior notice)
• • Financial records: Payment data retained for 7 years for tax and accounting compliance
• • Usage logs: Anonymized and aggregated after 12 months

You may request deletion of your account at any time (see Section 9: Your Rights).

7. Data Security

We implement industry-standard security measures to protect your data:

• • Encryption: HTTPS for all connections, passwords hashed with bcrypt, sensitive data encrypted at rest
• • Access controls: Role-based permissions, operator data scoped to network, admin access logged
• • Infrastructure security: Cloudflare DDoS protection, Railway secure hosting, regular security audits
• • Monitoring: Automated alerts for suspicious activity, abuse detection on API endpoints

While we take security seriously, no system is 100% secure. If you suspect unauthorized access to your account, contact us immediately at security@brandbing.com.

8. International Data Transfers

Brandbing's infrastructure is primarily hosted in the EU and UK. However, some service providers (e.g., Cloudflare, Railway) operate globally and may process data outside the European Economic Area.

We ensure that all international data transfers comply with GDPR requirements through Standard Contractual Clauses (SCCs) and adequacy decisions. Your data is protected to the same standard regardless of where it is processed.

9. Your Rights (GDPR)

If you are an EU or UK resident, you have the following rights regarding your personal data:

How to Exercise Your Rights: Email privacy@brandbing.com with your request. We will respond within 30 days.

Right to Complain: If you believe we have mishandled your data, you may file a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France).

10. Children's Privacy

Brandbing is a business-to-business platform for iGaming professionals. We do not knowingly collect data from individuals under 18. If you believe a minor has provided us with personal data, contact us immediately and we will delete it.

11. Changes to This Privacy Policy

We may update this Privacy Policy as the Platform evolves or laws change. Material changes will be communicated via email to registered users or posted prominently on the website.

Continued use of the Platform after changes constitute acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to report a data concern, contact us at: