Privacy Policy

Last updated on May 20, 2026.

This Privacy Policy describes how Brandless, operated by Nevin Solutions ("Brandless," "we," "us," or "our"), collects, uses, and shares information when you visit our website at brandless.io or use our platform and services (the "Services"). By using the Services you agree to the practices described here.

Brandless is a white-label software-as-a-service platform. Our direct customers are agencies and entrepreneurs ("Customers") who use the platform to deliver software to their own end users. This policy covers how we handle data we collect directly. When you sign in to a workspace operated by one of our Customers, that Customer's own privacy policy governs your relationship with them, and we process your data on their behalf as described under "Customer Data" below.

Information We Collect

We collect three categories of information.

Information you provide directly. When you create an account, this includes your name, email address, organization name, and any other details you submit through forms or support requests. Payment information (card details, billing address) is collected and processed by our payment processor; we do not store full card numbers ourselves.

Information collected automatically. When you access the Services, we and our infrastructure providers automatically collect technical information including IP address, browser type, device and operating system details, referring pages, pages viewed, and timestamps. We use this for operating, securing, and improving the Services.

Information from third parties. If you sign in via a third-party identity provider (such as Clerk), that provider shares your basic profile information with us in accordance with the permissions you grant during sign-in.

How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Authenticate you and secure your account
  • Process payments and manage subscriptions
  • Communicate with you about your account, the Services, and changes to either
  • Provide customer support and respond to your inquiries
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our agreements
  • Improve the Services, develop new features, and conduct analytics

Customer Data

Our Customers use Brandless to operate their own white-label workspaces and may collect data about their own end users in the process ("Customer Data"). When you interact with a workspace operated by one of our Customers, that Customer is the controller of your data and we act as their processor under their instructions. The Customer's own privacy policy governs how your data is used. If you have questions about Customer Data, please contact the Customer directly.

How We Share Information

We do not sell your personal information. We share information in the following limited circumstances.

Subprocessors. We use trusted third-party service providers to operate the Services. They process information on our behalf under contracts that require appropriate security and confidentiality. Our current subprocessors include:

  • Convex — database and backend infrastructure (EU region available)
  • Clerk — authentication and identity management for our Customers
  • ElevenLabs — voice and chat AI runtime
  • Resend — transactional email delivery
  • Vercel — application hosting and content delivery

Legal compliance. We may disclose information when required by law, subpoena, or legal process, or when we believe disclosure is necessary to protect our rights, comply with judicial proceedings, or respond to lawful government requests.

Business transfers. If Brandless is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

With your consent. We may share information with third parties when you direct us to do so.

International Transfers

Brandless is operated from outside the European Union. Where required by law, we rely on appropriate transfer mechanisms such as the European Commission's standard contractual clauses to lawfully transfer personal data outside your jurisdiction. Convex operates an EU deployment region that we use for Customer Data subject to EU data residency requirements where available.

Data Retention

We retain personal information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymize it. Customer Data is retained according to the instructions of the relevant Customer.

Security

We implement reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, restricted access controls, and regular security reviews. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

Your Rights

Depending on where you live, you may have certain rights regarding your personal information, including the right to access, correct, delete, or export your data, the right to object to or restrict certain processing, and the right to withdraw consent where processing is based on consent. To exercise these rights, contact us at hello@brandless.io. We will respond within the timeframe required by applicable law.

If you are an end user of a workspace operated by one of our Customers, please direct rights requests to that Customer first. We will assist Customers in responding to such requests as their processor.

Cookies and Similar Technologies

We use cookies and similar technologies to operate the Services, remember your preferences, keep you signed in, and understand how the Services are used. You can control cookies through your browser settings; disabling cookies may affect functionality.

Children's Privacy

The Services are not directed to individuals under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate changes by updating the "Last updated" date above and, where the changes are material, will notify you through the Services or by email. Continued use of the Services after the changes take effect means you accept the updated policy.

Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Brandless, by Nevin Solutions
Email: hello@brandless.io