Privacy Policy

BrandLock LLC. and its “Affiliates”, which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership (“BrandLock ”, “Company” or “We”) is committed to protect your right to privacy.

This privacy policy (“Privacy Policy”) which is incorporated by reference in our Terms of Use, available at: https://brandlock.io/terms-of-use/, governs the collection, processing and transfer of data associated with visitors of our Site at https://brandlock.io/ (respectively, “Visitor” and “Site”), and associated with our Customers and their End Users (as such terms are defined below).

For the purpose of this Privacy Policy a Visitor, Customer and End-User shall be referred to as “You” or “your”.

You represent and warrant that You are above the age defined as “child” under applicable laws in your jurisdiction (“Children”). If you are under 18, please read this Privacy Policy with your parents or legal guardians. The Services are not directed or intended for Children and we do not knowingly collect or solicit information from Children. If we become aware that a user is considered as Children under applicable law, we will delete its Personal Data from our database. We request that such individuals will not provide Personal Data through the Services. If You become aware or have any reason to believe that a child has shared any information with us, please contact us and we will take reasonable steps to ensure that such information is immediately deleted from our database.

We value your trust, and therefore strive to present You this Privacy Policy in clear, plain language, so You can quickly find answers to the questions that interest You.

BrandLock may update this policy, we will notify You about significant changes in the way we treat Personal Data by sending a notice to the primary email address specified in your account or by placing a prominent notice on the Website.

If you are a California Resident please see our CCPA Notice available at: https://brandlock.io/ccpa.

Important: Our core Brandlock services delivered via JavaScript (e.g., the Customer Journey Hijacking Prevention and Intent-Based Promotion Services) are designed not to collect or process any personal identification information (“PII”) on their own. However, our Site (including demo requests, contact forms, newsletters, and onboarding contracts) also involves the collection of PII as described below.

INTRODUCTION & OVERVIEW

BrandLock offers its customers (“Customers”) various services and features, including (collectively shall be defined as the “Service(s)”): (i) a Online Journey Hijacking Prevention (“OJHP”) service, that identifies and blocks unauthorized ads or web sessions, that divert Customer’s end users (“End Users”) from the Customer’s website; and/or (ii) an One on One Intent Based Promotion (“OOIBP”) services, that offers individualized incentives to End Users in order to increase the business metrics and revenues; and (iii) online dashboard and account enabling the Customer, its employees and administrators to analyze the data provided by the Services.

THE DATA PROCESSED BY BRANDLOCK

Note about our Technical Services:
When Brandlock code (JavaScript) runs on a Customer’s site, we do not collect personal identifiers such as names, emails, or billing data — only hashed identifiers and session/application telemetry, and only to the extent strictly necessary to provide the contracted Services.

“Personal Data”, means information which identifies or may identify an individual, including first and last name, phone number, email address, pictures, billing information, online identifiers, etc.
We only collect or process PII when you voluntarily provide it through our Site, demo request forms, onboarding documents and contracts, or when you consent to receive communications from us.
We do not derive or infer PII from the Brandlock JavaScript service delivery itself.

“Non-Personal Data”, means non-identifiable aggregated data, such as technical data transmitted by the user’s device and aggregated use of the Site by the general public for ensuring the technical functioning of our network and to help prevent fraudulent use of the Services.

In the table below, we detail the data set we collect and the purpose of such processing. It is important to understand, in some cases we act as the “Data Controller” as defined under the EU General Data Protection Regulation (“GDPR”) or “Business” as defined under the California Consumer Privacy Act (“CCPA”) when we process Personal Data of our Customers or Visitors, however, we act as a “Data Processor” as defined under the GDPR or “Service Provider” as defined under the CCPA in the event we process Personal Data from an End User, i.e., an individual browsing our Customer’s website, all as further detailed in the table below.

Type of Personal Data – Collected through Site	Purposes of Processing	*For EU persons – Legal Basis under the GDPR*
Contact Information of Customers and Potential Customers: Customers data, including contact information, payment information, etc. is governed by the Client Agreement and Data Processing Agreement. However, if You show interest in our Services by contacting us, signing up to receive a demo, or request we analyze your site (“Potential Customer”), You will be requested to provide certain Personal Data, such as your: name, email address, company, job title, phone number, and country.	We use the Customer or the Potential Customer data solely to provide the Service or respond to the inquiry submitted by it.	We process the Personal Data to perform our contract with You.
Direct Marketing: We collect the Customer, or the Potential Customer’s email address for Direct Marketing.	We use the email address provided by the Customer or Potential Customer for direct marketing, meaning we will send You email promotions and updates specifically regarding the Services You are interested in, or, if You are an existing Customer we will also send you information on the Services used and invoices (“Direct Marketing”).	our legitimate interest in providing You information regarding the Services, you may opt-out at any time.
Newsletter: In the event a You sign up to receive our newsletter, as a Visitor to the Site, or other marketing materials, You will be requested to provide your email address.	We use this information to send updates, commercial promotions, new products, features and services, special and promotional offers and events of interest.	We process this information solely upon receiving your consent. You may opt-out of this service at any time by submitting a request at the following link: info@brandlock .io or by other means we will make available (e.g., “unsubscribe” link within the applicable email).
Online Identifiers: When you interact with our Site or Services, including our Customers’ website we collect your Internet protocol (IP) address.	When we process your online identifiers through our Site from out Visitors, this is done for analytic and marketing purposes. However, when we process the online identifiers, such as IP from the Customer’s End Users, this is done solely to determine from which country the End User is accessing the Customer’s website.	In the event we process this information as the data controller we will require your consent, though our cookie notice on our Site. In the event we process the IP as our Customer’s processor, we rely on the lawful basis established by our Customer.
Contact us: If You voluntarily contact us in any manner, or for any requests or to notify us about something, You may be required to provide us with certain information such as your name and email address.	We will use your contact details only in order to respond to Your request, provide You with support and assist You or provide You with any other service that You may request.	We process the Personal Data under our legitimate interest.
Career: In the event You are interested in joining our team, and wish to submit your CV, You will be required to provide us with your contact details and submit your CV.	We collect this data in order to process your job application, including assessing suitability, eligibility or fitness to work.	our legitimate interest.
Unique ID: When End Users access our Customers’ website, they will be assigned with a unique ID, which is a random number we generate (“Unified ID” or “Unique ID”). Although the Unique ID does not reveal the identity of a user and is not generated based on any personal information, it may be considered under some jurisdictions as personal information. Therefore, we treat such information as Personal Data, in accordance with applicable laws.	To provide our Services to our Customers, hence to enable our Customer to identify that an End User is the same End Use when such End User access the Customer website again	We process this on behalf of our Customer (as a processor/service provider), therefore, we rely on the lawful basis established by our Customer
Non-Personal Data Technical Information: Clickstream data, scope, frequency, latency of web-pages accessed and viewed, interactions with content and materials, type of device/operating system/browser, time stamp, approximate location (i.e., country level), and language.	This Non-Personal Data is used so that we can provide our Services and maintain our Site, including among others, in order to measure and understand the level of engagement with the Services, for general business analytics	NA

HOW WE COLLECT YOUR DATA

Depending on the nature of your interaction with the Services, we may collect information as follows:

(i) Automatically – we may use Cookies (as elaborated in our Cookie Policy: https://brandlock.io/cookie-policy/) which gather information automatically.
“Our automatic collection via cookies and similar technologies relates only to your interaction with the Site, not with the Brandlock JavaScript Services deployed on a Customer’s site.”

(ii) Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as through communications, support, registration, etc.

(iii) Through our onboarding and contract processes — Any PII collected as part of onboarding (signed contracts, account setup, billing setup) is provided directly by you and processed under the terms of the contract.

SHARING PERSONAL INFORMATION

We do not share PII collected via our Site or onboarding with Customers’ services unless explicitly stated in your contract or permitted by law.
We may share PII with:

a) Authorized service providers (for email, billing, customer support) under contractual confidentiality;
b) Law enforcement or legal authorities when required by law.

Note: Data processed strictly by our Brandlock JS service on a Customer’s site remains under the Customer’s control and subject to that Customer’s privacy practices.

FOR HOW LONG DO WE RETAIN THE DATA WE COLLECT AND PROCESS?

PII collected through the Site, forms, or onboarding contracts is retained only as needed to support the purpose of collection (e.g., account setup, communication, billing).
PII from onboarding contracts is retained per contract terms and applicable law.
Data related solely to Brandlock Services telemetry (non-PII) is retained only as necessary to operate and improve the Services. For more information on our data retention policy please contact us at: info@brandlock.io.

TRANSFER OF DATA

We use AWS cloud services to store our data, which are located in the US. In the event of data transfer out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, When Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred in accordance with the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at: info@brandlock.io.
Any PII collected via the Site or through onboarding may be stored or processed in servers located outside your jurisdiction (e.g., AWS infrastructure in the US). We take appropriate safeguards (standard contractual clauses, where applicable) for such transfers.
Please note that this section does not cover data solely processed by Brandlock’s JS Services on Customer sites, which remains subject to the Customer’s data practices.

RIGHTS OF DATA SUBJECTS

Individuals have the right to know what information we hold about them and, in some cases, to have such information communicated to them. Individuals may also ask for our confirmation as to whether or not we process their Personal Information. Subject to the limitations in applicable law, individuals may also be entitled to obtain from us the Personal Data they have provided to us in a structured, commonly-used, and machine-readable format, and may have the right to transmit such Personal Data to another party.
Your rights (to access, correct, delete, portability, restrict processing) apply to PII we collect via the Site and onboarding contractual processes.
For questions about data processed as part of a Service rendered to your Customers, please contact your Customer directly and review their privacy disclosures.
If You wish to receive more information or in the event that You have any additional complaints about your privacy rights, please contact us at: info@brandlock.io.

SECURITY

We implement reasonable physical, technical, and organizational measures to protect PII collected via the Site and onboarding processes.
Security of data processed by Brandlock Services deployed on a Customer’s site is governed by the contract and relevant data processing addendums between Brandlock and that Customer.
For detailed information on the means implemented to prevent data breach, security incidents and to protect your Personal Data please ask us for a copy of security policy by emailing us at info@brandlock.io

CONTACT US:

If You have any questions about this policy or concerns about the way we process your Personal Data, please contact us at info@brandlock.io.