Privacy Policy

Last Updated:

Champlin Enterprises ("we", "us", or "our") operates BrandForge (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI image studio platform. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

1.1 Personal Information

When you register for an account, we collect:

Account Information: Name, email address, password (encrypted)
Profile Information: Profile photo, display name, timezone preferences
Workspace Information: Workspace name, team member details, subscription plan
Brand Information: Brand names, brand voice descriptions, color palettes, reference imagery, and other brand-defining assets you upload to scope generations.

1.2 AI Generation Activity

When you use the Service to generate images, we collect and process:

Prompts: The text prompts you submit for image generation, including any brand-context augmentation we add on your behalf.
Reference Images: Images you upload as visual references to guide the generated output (logos, product photos, style examples).
Generation Metadata: Selected style, size, industry tag, brand association, timestamp, credit cost.
Generated Outputs: The images returned by our AI provider in response to your prompt + brand context.

1.3 Content and Media

We store content you create and manage:

Library Items: Generated images, prompt text, version history, brand association.
Media Assets: Logos, brand-asset images, reference materials you upload to your workspace.
Reference Images: Visual references attached to specific brands, used to steer generation output.
Approval & Share Links: Public share-link tokens, batch scopes, view counts, download events.
Brand Voice Profiles: Tone, vocabulary, and styling notes you record for each brand.

1.4 Usage and Analytics Data

We automatically collect:

Log Data: IP address, browser type, device information, operating system
Usage Metrics: Features used, pages visited, time spent, actions taken
Performance Data: Error logs, API response times, system performance metrics
Audit Logs: User actions, changes to content, team member activities

1.5 Communication Data

Support Requests: Messages sent to customer support
Email Communications: Emails exchanged with our team
Notifications: Preferences for email and in-app notifications

How We Use Your Information

We use the information we collect to:

Provide the Service: Authenticate users, manage workspaces and brands, generate on-brand images via integrated AI providers, store and organize your asset library.
Process Transactions: Handle subscription payments, manage billing, process credit-pack purchases and tier changes.
Maintain Security: Detect and prevent fraud, abuse, and security incidents (including AI-generation abuse).
Improve the Service: Analyze usage patterns, develop new features, optimize performance.
Communicate: Send transactional emails, service updates, security alerts, and marketing communications (with consent).
Provide Support: Respond to inquiries, troubleshoot issues, provide customer assistance.
Comply with Legal Obligations: Meet regulatory requirements, respond to legal requests.
Enforce Terms: Enforce our Terms of Service and other policies.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

Contract Performance: Processing necessary to provide the Service you've subscribed to
Legitimate Interests: Improving our Service, preventing fraud, ensuring security
Consent: Marketing communications, optional features (you may withdraw consent anytime)
Legal Obligations: Compliance with applicable laws and regulations

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

Hosting: Server infrastructure operated by Champlin Enterprises on Plesk-managed infrastructure.
Email Services: Mailgun for transactional emails, magic-links, invitations, and engagement tracking.
Payment Processing: Stripe for subscription billing and credit-pack purchases.
AI Image Generation: Google Gemini (the image-generation engine that returns the visuals you request). Each prompt + reference image you submit is sent to Google for processing, subject to Google's privacy policy and the Gemini API terms.

3.2 Public Share Links

When you create a public share link for a generated image batch, anyone with the link can view the included images and (if you allow it) download them. The link's secret token is the only access control — share carefully. You can revoke a share link at any time from the library.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

3.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Data Security

We implement industry-standard security measures to protect your information:

Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
Password Security: Passwords are hashed using bcrypt with strong salting
Token Management: JWT tokens with short expiration times and secure refresh token rotation
Access Controls: Role-based access control (RBAC) and least-privilege principles
Database Security: Encrypted database connections and regular security patches
Monitoring: Continuous monitoring for security threats and suspicious activity
Regular Audits: Periodic security audits and vulnerability assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to:

Provide the Service and maintain your account
Comply with legal obligations (e.g., tax records, audit logs)
Resolve disputes and enforce our agreements
Maintain backup and disaster recovery systems

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law. Backup copies may persist for up to 90 days.

Your Privacy Rights

You have the following rights regarding your personal information:

Access

Request a copy of the personal information we hold about you

Correction

Update or correct inaccurate or incomplete information

Deletion

Request deletion of your personal information (right to be forgotten)

Portability

Receive your data in a structured, machine-readable format

Objection

Object to processing of your information for certain purposes

Restriction

Request restriction of processing in certain circumstances

Withdraw Consent

Withdraw consent for processing based on consent (without affecting prior processing)

To exercise these rights, please contact us at kevin@kevinchamplin.com. We will respond within 30 days.

Cookies and Tracking

We use cookies and similar tracking technologies to:

Essential Cookies: Maintain your session, authenticate you, remember your preferences
Analytics Cookies: Understand how you use the Service and improve user experience
Security Cookies: Detect and prevent security threats

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

Third-Party Services

Our Service integrates with third-party AI providers — primarily Google Gemini — to perform image generation. When you submit a prompt and reference images, they are transmitted to the AI provider for processing, subject to that provider's terms and privacy policy. We do not control how AI providers store, log, or use submitted prompts; review their policies directly (e.g. Google Privacy Policy). Generated images are returned to you and stored under your workspace per the retention rules in this Policy.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, and disclose
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at kevin@kevinchamplin.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide prominent notice or obtain your consent where required by law. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Champlin Enterprises

Email: kevin@kevinchamplin.com

Privacy Officer: Available via email for privacy-related inquiries