Legal

Privacy Policy

Last updated 17 Jun 2026

This policy explains how Onbrand collects and uses personal data when you use the platform, and the rights you have over that data.

1. Overview

This Privacy Policy explains how Onbrand, operated by ACT Agency (“we”, “us”), collects and uses personal data when you use the Service. We act as a data processor for the brand content you and your team manage, and as a data controller for your account and usage data.

2. Data we collect

  • Account data — name, email, organisation, role, and authentication identifiers.
  • Content data — brand guidelines, documents, images, copy, calendar entries, and other material you upload or create.
  • Usage data — log data, device and browser information, and how you interact with features.
  • Communications — messages you send to our support or sales teams.

3. How we use your data

We use personal data to provide and secure the Service, to authenticate you, to generate the AI output you request, to improve features and reliability, to communicate about the Service, and to comply with legal obligations. We do not sell your personal data.

4. AI processing and model providers

When you use AI features, your prompts and the relevant content are sent to AI model providers (such as Anthropic, OpenAI, and Google) to generate Output. We use providers under terms that do not train their models on your data through our paid API access. Output is returned to you and stored in your workspace.

5. Legal bases (GDPR)

Where the GDPR applies, we process personal data on the basis of: performance of a contract (to provide the Service), legitimate interests (to secure and improve the Service), consent (where required, for example certain cookies), and legal obligation.

6. Sharing and sub-processors

We share data with sub-processors who help us run the Service — hosting, database, email, AI model providers, and analytics. They process data only on our instructions and under appropriate agreements. We may disclose data where required by law.

7. Data retention

We retain personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, accounting, or reporting obligations. You can request deletion as described below.

8. Security

We use technical and organisational measures including encryption in transit, access controls, row-level data isolation between tenants, and least-privilege access. No method of transmission or storage is completely secure, but we work continuously to protect your data.

9. International transfers

Your data may be processed outside your country, including by sub-processors. Where data leaves the EEA we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

10. Your rights

Depending on your location, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to processing or withdraw consent. To exercise these rights, contact us at privacy@onbrandai.app. You may also lodge a complaint with your local data-protection authority.

11. Cookies and analytics

We use essential cookies to keep you signed in and to secure the Service, and limited analytics to understand usage. You can control non-essential cookies through your browser or our cookie settings where offered.

12. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified in-app or by email. The “Last updated” date above reflects the latest revision.

14. Contact

For privacy questions or to exercise your rights, contact privacy@onbrandai.app.