VISIT FREE PROMOTION

Privacy notice

Effective: 25.02.2026.

1. Data controller's data

Data Controller: Mind Bridge Ltd.

Seat:
8142 Úrhida, Szegfű street 13/2

Company registration number:
07-09-020559

Tax number:
23384778-1-07

Contact:
support@brandnavigator.app

The controller has not appointed a Data Protection Officer (DPO) as there is no legal obligation to do so.

2. Scope of the prospectus

This privacy notice applies to:

  • a brandnavigator.app website (marketing page and subscription)
  • a my.brandnavigator.app SaaS application

The two systems are technically separate, but the data controller is the same for both systems.

3. Scope of personal data processed

3.1 During registration

The following data may be processed during user registration:

  • name or company name
  • e-mail address
  • password (encrypted)

Legal basis:
GDPR Article 6 (1) b) - performance of the contract

3.2 Profile and onboarding data

When using the service, the user may provide the following information:

  • industry
  • niche or service description
  • target group
  • communication style
  • platform preferences
  • marketing challenges
  • Website URL
  • uploaded documents

Legal basis:
performance of the contract

3.3 Data generated by the use of the service

The following data may be generated during the operation of the system:

  • marketing strategies
  • buyer persona data
  • brand identity data
  • campaign data
  • generated marketing content
  • content calendar data
  • AI chat history
  • credit transactions
  • user activity data
  • social media integrations

Legal basis:
performance of the contract

3.4 Data relating to payment

Payment of subscriptions to the brandnavigator.app page.

Used systems:

  • WooCommerce
  • Stripe

The SaaS application does not store credit card data.

Legal basis:

  • performance of the contract
  • legal obligation (Act C of 2000 - Accounting Act)

3.5 Newsletter and marketing communication

Marketing communications are only made with the consent of the user.

Used systems:

  • Brevo
  • MailerLite

Legal basis:
GDPR Article 6 (1) a) - consent

4. AI-based data processing

BrandNavigator uses artificial intelligence-based services to generate marketing content.

Data transmitted to AI systems may include:

  • industry
  • niche
  • target group
  • communication style
  • marketing data
  • generated or uploaded texts
  • chat history
  • website content (in case of scraping)

AI service providers:

  • Google (Gemini API)
  • OpenAI API

Data transmitted via the API are not used for model training.

Transmission of data to the EU-US Data Privacy Framework or Standard Contractual Clauses is based on.

AI-generated content does not constitute automated decision-making within the meaning of Article 22 of the GDPR.

5. External platform integrations (OAuth)

The user may choose to link his/her account to the following external services:

  • Facebook

  • Instagram

  • LinkedIn

  • Google Calendar

Integrations allow users to publish or synchronise content from the BrandNavigator system to connected platforms.

The system may process the following data for the operation of integrations:

  • access token

  • refresh token

  • linked account name

  • Facebook user ID

  • Facebook page identifiers

  • Instagram Business profile IDs

  • LinkedIn account IDs

  • Google user ID

  • Google Calendar ID

  • metadata of created calendar events

Google Calendar integration allows users to save content created in BrandNavigator directly to their Google Calendar.

In all cases, access is limited to the account or calendar authorised by the user.

Tokens are stored for the following period:

  • until the token expires

  • until the relationship is terminated

  • until the user account is deleted

When you disconnect or delete your account, the tokens are automatically deleted.

Legal basis:

  • performance of a contract (Article 6(1)(b) GDPR)

  • user OAuth permission

Sharing Google user data

The data processed in the context of the Google Calendar integration (access token, refresh token, Google user ID, Google Calendar ID, calendar event metadata) will be shared only for the following purposes and with the following parties:

  • Google LLC - the data is transmitted via the Google Calendar API, only for the purpose of performing calendar operations authorised by the user.
  • Supabase Inc. - OAuth tokens are stored in encrypted form in the database to maintain the connection.
  • Vercel Inc. - the hosting infrastructure has technical access to the data when processing API requests, but does not store it.

Google user data are not shared with third parties for advertising, marketing or analytical purposes, and are not used for teaching artificial intelligence models.

Access to Google user data is limited to the scope of what the user has explicitly authorised during the OAuth process.

6. Cookies and similar technologies

The website uses cookies and similar technologies.

They can be designed to:

  • user session management
  • security features
  • analytical measurements
  • measurement for marketing purposes

Used in the browser for technical purposes:

  • localStorage
  • sessionStorage

For detailed information on how we handle cookies, please see the separate Cookie Notice located.

7. Analytical and measurement systems

The service may use measurement systems for statistical and analytical purposes.

These can be used to collect anonymous or pseudonymised statistical data, for example:

  • on the use of this website
  • about conversions
  • the effectiveness of marketing campaigns

Metering systems are not suitable for direct identification of users.

8. Technical log data

During the operation of the system, technical log data may be generated, for example:

  • IP address
  • browser type
  • operating system
  • device information
  • bug reports

This data is necessary to maintain the security of the system.

9. Technical infrastructure

The following infrastructure will be used for the operation of the service:

  • Supabase (database and authentication)
  • Vercel (application hosting)
  • RackForest (web hosting)
  • WooCommerce
  • Stripe
  • Brevo
  • MailerLite
  • Sentry (error monitoring)

The system Row Level Security (RLS) applies rules.

10. Data processors

The data controller uses the following data processors.

RackForest Ltd.

Hosting
1132 Budapest, Victor Hugo utca 18-22
https://rackforest.com
info@rackforest.com

Supabase Inc.

Database and authentication
https://supabase.com

Vercel Inc.

Hosting infrastructure
https://vercel.com

Stripe Inc.

Online payment service provider
https://stripe.com

Google LLC

Google LLC
Google API services (Gemini API, Google Calendar API)
https://google.com

OpenAI LLC

AI services
https://openai.com

Meta Platforms Inc.

Facebook and Instagram API
https://meta.com

LinkedIn Corporation

LinkedIn API
https://linkedin.com

Brevo

Email marketing service
https://brevo.com

MailerLite

Email marketing service
https://mailerlite.com

Sentry

Fault monitoring system
https://sentry.io

11. International data transfers

Transfers outside the European Union are subject to the following legal safeguards:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses

12. Data retention period

Profile and content data

User data is stored for the duration of the account.

If you delete an account, the data will be deleted.

Inactive accounts

12 months of inactivity:

  • e-mail notification will be sent
  • After 30 days the account may be deleted

Unsubscribe

In case of cancellation of subscription, a grace period of 90 days is granted to restore the data.

Financial data

Records of financial transactions under the Accounting Act are kept for 8 years.

13. User rights

The user is entitled to:

  • right of access
  • right of rectification
  • right of cancellation
  • the right to restrict processing
  • the right to data portability
  • right to protest
  • withdrawal of consent

You can request the deletion of your data:

The controller shall make the request within 30 days.

14. Minors

The service is not intended for persons under the age of 16.

15. Data security

The data controller is:

  • uses an encrypted database
  • Applies Row Level Security rules
  • uses a secure authentication system
  • perform regular security updates

16. Submitting a complaint

The user may lodge a complaint:

National Authority for Data Protection and Freedom of Information

https://www.naih.hu

17. Amendment of the prospectus

The controller reserves the right to amend the privacy notice.

Users will be notified in the event of a significant change.

This document a full privacy statement adapted to BrandNavigator's current SaaS, OAuth and AI infrastructure.

Supplement to the Privacy Notice

Lead Navigator 

B2B Lead collection and contacting

This section supplements the existing Brand Navigator Privacy Notice.
Effective: 10.04.2026.
Data Controller: Mind Bridge Kft., H-8142 Úrhida, Szegfű utca 13/2, hello@brandnavigator.app

1. Scope and delimitation

This section is only for outbound B2B lead collection and contacting.

BrandNavigator's customers who have contacted BrandNavigator on their own initiative (e.g. audit request, filling in a contact form, direct contact) are not affected. Their processing is governed by the main text of this notice, on the basis of consent.

A special case: If someone learns about BrandNavigator's services via an outbound B2B email and then becomes a customer by their own choice (e.g. submits an audit request), from that point on the legal basis for data processing changes: the legal basis for lead collection (legitimate interest) ceases and the main rules (consent) apply.

2. Purpose and legal basis for data collection

Brand Navigator operates an automated system (Lead Navigator) that collects B2B contact data from publicly available sources in order to offer businesses digital marketing audits and related services.

Data processed:

  • Company name
  • Website URL
  • Publicly available company email address
  • Industry / sector of activity
  • Country

Legal basis for processing: Article 6(1)(f) GDPR - legitimate interest (legitimate interest).

BrandNavigator's legitimate interest: to make B2B business contacts with potential customers whose publicly available data may be relevant to the service we offer.

3. Source of data

The data are taken exclusively from publicly available sources:

  • Serper/Google Maps  - business name, website, category
  • Public websites - contact email address published on the company's own website
  • publicly accessible web archives

We do not collect data from closed systems, social media (except publicly disclosed company data), or from third-party databases through purchases.

4. Rights of the undertakings concerned

If we process your business data, you have the following rights:

Right to object (Article 21 GDPR):
You can object to the processing of your data at any time. In this case, your data will be deleted and you will not be contacted in the future.

Right to erasure (Article 17 GDPR):
You can request the deletion of your data. The deadline for fulfilling the request is 30 days.

Right of access (Article 15 GDPR):
You can request information about what data we process about you.

Right of rectification (Article 16 GDPR):
You can ask for inaccurate data to be corrected.

How to exercise your rights:
Email: hello@brandnavigator.app
Subject: „Data protection request - [company name]”

5. Unsubscribe / Opt-out

All our outgoing B2B emails contain an unsubscribe link. The unsubscribe is effective immediately:

  • We will keep your details (so that we do not send you an email again in the future)
  • No further communication will be initiated
  • You can request the deletion of your data separately by contacting us at the above address

Unsubscribe link: You can find it at the bottom of all our emails.
Direct opt-out: hello@brandnavigator.app

6. Data retention period

Data Retention period
Active lead (not contacted) 12 months from collection
Contact lead (email received) 24 months from last contact
Unsubscribed lead Unlimited (only the fact of unsubscription is stored)
Cancellation request filed To be deleted immediately

7. Data transmission

The B2B contact data collected we do not transfer to third parties, will not be sold or used for any purpose other than the original purpose.

Our data processors (who have technical access to the data):

  • Hetzner Online GmbH - server hosting (Helsinki, Finland) - within EU
  • Serper.dev - Google search API (in data collection phase)

8. Automated decision-making

The system automatically analyses the public digital presence of businesses (website speed, SEO, advertising activity, etc.) in order to formulate a relevant offer. This analysis is only used to personalise the contact and does not entail any decision with legal consequences for the data subject.

9. Making a complaint

If you believe that your data is being processed unlawfully, you can complain to the competent data protection authority:

  • Hungary: National Authority for Data Protection and Freedom of Information (naih.hu)
  • EU (in general): The data protection authority in your country
  • UK: Information Commissioner's Office (ico.org.uk)
  • Canada: Office of the Privacy Commissioner (priv.gc.ca)
  • USA: FTC (Federal Trade Commission) - ftc.gov/complaint

This supplement should be read in conjunction with the full Brand Navigator Privacy Notice.
Last update:2026.04.10. 

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None