Privacy & Cookie Policies
Last updated: October 2025
This Privacy Policy explains how AIBrandScan collects, uses, stores, shares, and protects personal data when you use our website, dashboard, reports, browser extension, API, MCP integrations, agent workflows, monitoring services, and related services.
By using AIBrandScan, you acknowledge the practices described in this Privacy Policy.
This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy.
1. Who we are
AIBrandScan is operated by:
Maciej Chmura IdeaUnlock
ul. Tadeusza Kościuszki 1
32-020 Wieliczka
Poland
NIP / VAT ID: 8652425764
REGON: 18070444800000
Email: help@aibrandscan.com
For the purposes of this Privacy Policy, “AIBrandScan”, “we”, “us”, and “our” refer to the business listed above.
Unless stated otherwise, Maciej Chmura IdeaUnlock is the controller of personal data processed in connection with operating AIBrandScan.
2. What AIBrandScan does
AIBrandScan helps users understand, monitor, and improve how brands, websites, products, services, competitors, and topics appear in AI-generated answers and AI search experiences.
Depending on the feature or plan, AIBrandScan may process data for:
- one-time AI visibility scans;
- recurring AI visibility monitoring;
- prompt and keyword tracking;
- brand mention analysis;
- competitor visibility analysis;
- multilingual and market-specific tracking;
- technical readiness checks for public web pages;
- reports, summaries, recommendations, and alerts;
- browser extension functionality;
- API, MCP, and agent workflow access.
AIBrandScan provides analytical and informational results. It does not guarantee indexing, rankings, citations, mentions, traffic, leads, revenue, or business outcomes.
3. Key privacy promises
We do not sell your personal data.
We do not use your private account data, billing data, or customer content to train our own general-purpose AI models.
We process your data to provide AIBrandScan features, reports, monitoring, support, security, billing, product improvement, and legal compliance.
The AIBrandScan browser extension is designed to analyse only the page you choose to scan. It is not intended to collect your full browsing history, passwords, private messages, payment card data, or unrelated form inputs.
MCP, API, and agent integrations may send data between your agent environment and AIBrandScan depending on how you configure them.
4. Personal data we collect
We may collect and process the following categories of personal data.
4.1 Account data
When you create or use an account, we may process:
- name;
- email address;
- company name;
- role or job title;
- password or authentication data;
- account settings;
- workspace/team information;
- login history;
- communication preferences.
4.2 Billing and payment data
When you buy a scan, subscription, or other paid service, we may process:
- billing name;
- company name;
- billing address;
- VAT/tax number;
- invoice details;
- payment status;
- subscription plan;
- transaction metadata;
- payment provider customer ID.
Payments are processed by third-party payment providers, including Stripe or another payment processor. We do not store full payment card details on our own servers.
4.3 Scan, monitoring, and report data
When you use AIBrandScan, we may process:
- brand names;
- website URLs;
- public web page content from submitted URLs;
- prompts, queries, and keywords;
- selected markets, countries, and languages;
- competitors;
- AI/search results collected for reports;
- visibility scores;
- mentions and citations;
- technical readiness checks;
- generated reports, summaries, and recommendations;
- scan history and monitoring history;
- user notes, settings, and configurations.
4.4 Browser extension data
If you use the AIBrandScan browser extension, we may process data needed to perform scans and provide extension features.
Depending on the feature used, this may include:
- the URL of the page you choose to scan;
- public page metadata;
- page title;
- headings;
- canonical tags;
- robots/meta tags;
- structured data;
- visible text or selected technical page signals;
- extension diagnostics;
- extension version;
- browser and device information.
The extension is designed to analyse the page you choose to scan. It is not intended to collect passwords, private messages, payment card data, full browsing history, or form inputs unrelated to the scan.
4.5 API, MCP, and agent workflow data
If you use API, MCP, or agent integrations, we may process:
- API keys or token metadata;
- MCP connection metadata;
- agent requests;
- prompts and scan requests sent by your agent;
- brand and report data requested by your agent;
- timestamps;
- request logs;
- usage limits;
- error logs;
- security and abuse-prevention logs.
You are responsible for configuring your agents and deciding what data they send to AIBrandScan.
4.6 Support and communication data
If you contact us, we may process:
- name;
- email address;
- message content;
- attachments or screenshots you provide;
- support history;
- feedback;
- survey responses;
- sales or onboarding communication.
4.7 Technical and usage data
When you use our website or service, we may collect:
- IP address;
- browser type;
- device type;
- operating system;
- approximate location based on IP address;
- pages visited;
- referral source;
- session information;
- feature usage;
- error logs;
- security logs;
- cookie identifiers;
- analytics events.
5. How we collect personal data
We collect personal data:
- directly from you when you create an account, submit a URL, run a scan, configure monitoring, contact support, or make a purchase;
- automatically when you use the website, dashboard, extension, API, MCP, or agent workflows;
- from payment providers;
- from public web pages that you ask us to analyse;
- from AI/search/data providers used to generate visibility reports;
- from your connected tools, agents, or integrations;
- from cookies and similar technologies, where applicable.
6. Voluntary provision of data
Providing personal data is generally voluntary.
However, some data is necessary to create an account, use selected features, generate reports, process payments, issue invoices, provide support, comply with legal obligations, or secure the service.
If you do not provide required data, we may be unable to provide some or all parts of AIBrandScan.
7. Why we process personal data
We process personal data for the following purposes.
7.1 To provide the service
We use data to:
- create and manage accounts;
- perform scans;
- provide monitoring;
- generate reports;
- analyse URLs, prompts, brands, competitors, and AI/search results;
- provide dashboards;
- send alerts and notifications;
- enable browser extension functionality;
- enable API, MCP, and agent workflows;
- provide customer support.
Legal basis: performance of a contract or taking steps before entering into a contract.
7.2 To process payments and manage billing
We use billing data to:
- process purchases;
- manage subscriptions;
- issue invoices;
- handle payment status;
- prevent payment fraud;
- comply with tax and accounting obligations.
Legal basis: performance of a contract, legal obligation, and legitimate interest.
7.3 To secure and protect AIBrandScan
We use technical and usage data to:
- detect abuse;
- prevent fraud;
- investigate security incidents;
- protect accounts;
- enforce rate limits;
- prevent unauthorised access;
- maintain service reliability.
Legal basis: legitimate interest and legal obligation where applicable.
7.4 To improve AIBrandScan
We may use data to:
- debug errors;
- improve user experience;
- improve scans, reports, and scoring systems;
- analyse feature usage;
- develop new features;
- monitor performance;
- improve documentation and onboarding.
Legal basis: legitimate interest.
Where appropriate, we use aggregated or anonymised data.
7.5 To communicate with you
We may use your contact data to:
- respond to support requests;
- send service notifications;
- send billing notices;
- send security alerts;
- send onboarding messages;
- send product updates;
- send marketing messages where permitted.
Legal basis: performance of a contract, legitimate interest, or consent where required.
You may unsubscribe from marketing emails at any time.
7.6 To comply with law
We may process personal data to:
- comply with tax, accounting, and legal obligations;
- respond to lawful requests;
- establish, exercise, or defend legal claims;
- comply with consumer protection, data protection, and business regulations.
Legal basis: legal obligation and legitimate interest.
8. Electronic marketing communications
Where required by law, we will send commercial information, newsletters, direct marketing, or promotional communications by email or other electronic means only with your consent.
The legal basis for processing personal data for this purpose is your consent under Article 6(1)(a) GDPR and, where applicable, consent required under Polish electronic communications law.
You may withdraw your consent at any time by using the unsubscribe link in the message or by contacting us at help@aibrandscan.com.
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
We may still send service-related messages, such as account, billing, security, legal, and operational notices.
9. AI, reports, and visibility data
AIBrandScan may analyse data from public URLs, AI-generated answers, search results, and third-party data providers.
Reports may include:
- brand visibility analysis;
- competitor comparisons;
- citations and mentions;
- visibility scores;
- technical readiness signals;
- recommendations;
- summaries;
- AI/search result snapshots.
AI and search results are dynamic and may change over time. Reports are based on selected prompts, markets, languages, providers, and available results at the time of scanning.
We do not guarantee that any brand, website, product, service, or content will be indexed, ranked, cited, mentioned, recommended, or displayed by any AI or search system.
10. Do we use your data to train AI models?
We do not sell your personal data.
We do not use your private account data, billing data, or customer content to train our own general-purpose AI models.
If we use third-party AI or search providers to generate reports, the data sent to those providers may include prompts, URLs, brand names, competitor names, public webpage content, or other scan inputs required to provide the service.
The processing of such data by those providers may be subject to their own terms, privacy policies, and data processing arrangements.
Where possible and commercially reasonable, we configure providers to limit retention and training use. However, you should not submit highly sensitive or confidential personal data unless we have expressly agreed to this in writing.
11. Customer content
You retain ownership of the data you submit to AIBrandScan, such as:
- brand names;
- URLs;
- prompts;
- keywords;
- competitors;
- markets;
- languages;
- notes;
- configurations;
- uploaded content, if any.
We process customer content to provide the service, generate reports, perform monitoring, provide support, maintain security, comply with law, and improve the service as described in this Privacy Policy and the Terms and Conditions.
You are responsible for ensuring that you have the right and lawful basis to submit customer content to AIBrandScan.
12. Sensitive data
AIBrandScan is not intended for processing highly sensitive personal data.
You should not submit:
- health data;
- biometric data;
- genetic data;
- precise financial secrets;
- government ID numbers;
- passwords;
- private messages;
- confidential legal case materials;
- children’s data;
- special category personal data under GDPR;
- any data you are not authorised to share.
If you need to process sensitive or regulated data through AIBrandScan, contact us first and obtain our written agreement.
13. Cookies and similar technologies
We may use cookies and similar technologies to operate the website, remember settings, authenticate users, improve performance, analyse usage, and support marketing.
Cookies may include:
- strictly necessary cookies;
- authentication cookies;
- security cookies;
- preference cookies;
- analytics cookies;
- marketing or advertising cookies.
Strictly necessary cookies are used to provide core website or service functionality and generally do not require consent. Non-essential cookies, such as analytics or marketing cookies, may require consent depending on applicable law.
Detailed information about cookie categories, purposes, retention, and consent management is available in our Cookie Policy.
You can manage cookies through your browser settings and, where available, through our cookie banner or consent settings.
14. Analytics and diagnostics
We may use analytics and diagnostics tools to understand how users interact with AIBrandScan, improve product experience, detect problems, and measure performance.
Analytics data may include:
- page views;
- clicks;
- feature usage;
- session metadata;
- device information;
- browser information;
- approximate location;
- error events;
- performance information.
Where required, we ask for consent before using non-essential analytics cookies or similar technologies.
15. Specific third-party tools
Depending on how AIBrandScan is configured, we may use selected third-party tools for:
- payments;
- analytics;
- hosting;
- email delivery;
- customer support;
- security;
- AI/search processing;
- product diagnostics;
- error monitoring;
- advertising or marketing, if used.
When we use tools such as analytics, advertising, customer support, or AI/search providers, these tools may process limited personal data according to their own privacy policies and data processing terms.
We will update this Privacy Policy or our sub-processor information when we add providers that materially affect the processing of personal data.
Once our production stack is final, we may publish a more detailed provider table naming specific tools and their purposes.
16. Social media pages, plugins, and embedded content
AIBrandScan may maintain profiles on social media platforms and may include links, buttons, pixels, or embedded content from third-party platforms such as LinkedIn, X, YouTube, Meta, or similar services.
When you interact with those platforms or embedded content, the relevant third-party provider may collect information such as:
- IP address;
- browser information;
- device identifiers;
- interaction data;
- information about the page you visited.
These third-party platforms process data according to their own privacy policies.
In some cases, we and the platform provider may act as joint controllers for limited statistical or advertising-related processing, where required by applicable law.
17. Sub-processors and service providers
We use trusted third-party service providers, sometimes called sub-processors, to operate, secure, support, and improve AIBrandScan.
These providers may process limited personal data only as needed to provide their services to us.
Our current or future service providers may include providers used for:
- hosting and infrastructure;
- database services;
- payments and billing;
- email delivery;
- analytics and diagnostics;
- customer support;
- AI/search/data processing;
- browser extension functionality;
- API/MCP infrastructure;
- monitoring and security;
- logging and error tracking;
- accounting and tax support.
Examples may include:
- payment processors, such as Stripe;
- hosting and infrastructure providers;
- email and transactional notification providers;
- analytics and diagnostics providers;
- AI, search, and data providers used to generate visibility reports;
- customer support tools;
- security, logging, and monitoring providers;
- accounting and invoicing tools.
Where required by GDPR, we impose data protection obligations on sub-processors that are materially equivalent to the obligations we have towards our customers.
We may update our sub-processors from time to time. If we add or replace a sub-processor in a way that materially affects the processing of customer personal data, we will provide reasonable notice where required by applicable data protection law.
Business customers may object to a new sub-processor on reasonable data protection grounds. If we cannot reasonably resolve the objection, either party may terminate the affected service.
18. When we share personal data
We may share personal data with:
- payment processors;
- hosting and infrastructure providers;
- email service providers;
- analytics providers;
- AI/search/data providers;
- customer support providers;
- security, logging, and monitoring providers;
- accounting and tax advisers;
- professional advisers, such as lawyers and accountants;
- public authorities, courts, or regulators where legally required;
- buyers, successors, or affiliates in connection with a merger, acquisition, reorganisation, or sale of assets.
We do not sell personal data.
19. International transfers
We are based in Poland and primarily operate from the European Union.
Some service providers may process personal data outside the European Economic Area.
Where personal data is transferred outside the EEA, we use appropriate legal safeguards where required by law. These may include:
- an adequacy decision of the European Commission;
- participation of the recipient in the EU-U.S. Data Privacy Framework, where applicable;
- Standard Contractual Clauses approved by the European Commission;
- Binding Corporate Rules, where applicable;
- other lawful transfer mechanisms permitted by data protection law.
We take reasonable steps to ensure that international transfers are protected in accordance with applicable data protection requirements.
20. How long we keep personal data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or allowed by law.
Typical retention periods:
- account data: for as long as your account exists;
- billing and invoice data: for the period required by tax and accounting law;
- scan and report data: for as long as needed to provide your plan, monitoring history, exports, support, and account functionality;
- support messages: for as long as needed to resolve issues and maintain business records;
- technical logs: usually for a limited period needed for security, diagnostics, and abuse prevention;
- marketing data: until you unsubscribe, withdraw consent, or object;
- consent records: for as long as needed to demonstrate compliance.
We may retain certain data for the period necessary to establish, exercise, or defend legal claims, and for the period required to comply with tax, accounting, consumer protection, and other legal obligations.
After the retention period ends, we may delete, anonymise, or aggregate the data.
Backups may retain data for a limited period before deletion occurs automatically.
21. Your rights under GDPR
If GDPR applies, you may have the right to:
- access your personal data;
- receive a copy of your personal data;
- correct inaccurate data;
- delete your data;
- restrict processing;
- object to processing based on legitimate interests;
- withdraw consent where processing is based on consent;
- request data portability;
- lodge a complaint with a supervisory authority.
To exercise your rights, contact us at:
We may need to verify your identity before fulfilling your request.
Some rights may be limited by law, security, legal claims, accounting obligations, or the rights of others.
22. Right to complain to a supervisory authority
If you believe that we process your personal data unlawfully, you may lodge a complaint with a data protection supervisory authority.
In Poland, the supervisory authority is:
Prezes Urzędu Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warszawa
Poland
Website: uodo.gov.pl
You may also contact the supervisory authority in your country of residence or workplace.
23. Children
AIBrandScan is not intended for children.
You must be at least 18 years old to use AIBrandScan. We do not knowingly collect personal data from children.
If you believe that a child has provided us with personal data, contact us at help@aibrandscan.com.
24. Security
We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
These measures may include:
- access controls;
- encryption where appropriate;
- secure hosting;
- authentication controls;
- logging and monitoring;
- backups;
- limited access to production data;
- security reviews;
- vendor assessment where appropriate.
No online service is completely secure.
You are responsible for securing your own account, password, devices, browser, API keys, MCP credentials, agents, and integrations.
25. Data breach notification
If we become aware of a personal data breach affecting your personal data, we will assess the breach and notify affected users, customers, or authorities where required by applicable law.
For business customers where we act as a processor, we will notify the customer without undue delay after becoming aware of a personal data breach affecting customer personal data.
26. Automated decision-making
AIBrandScan may generate automated reports, scores, summaries, and recommendations related to AI visibility.
These outputs are analytical and informational. They are not intended to produce legal effects concerning individuals or similarly significant effects under GDPR Article 22.
You are responsible for reviewing and deciding how to use AIBrandScan outputs.
27. Business customers and controller/processor roles
In many cases, AIBrandScan acts as an independent controller for data needed to operate the service, manage accounts, process payments, ensure security, and communicate with users.
Where a business customer submits personal data to AIBrandScan and AIBrandScan processes that data only on behalf of the business customer to provide the service, the business customer may act as the controller and AIBrandScan may act as the processor.
In such cases, the Data Processing Addendum in our Terms and Conditions applies unless we sign a separate data processing agreement.
28. Business customers and customer responsibilities
If you use AIBrandScan on behalf of a business, agency, client, or organisation, you are responsible for ensuring that:
- you have the right to submit data to AIBrandScan;
- you have a lawful basis for processing any personal data you submit;
- your use of AIBrandScan complies with privacy, data protection, consumer, marketing, employment, confidentiality, and intellectual property laws;
- you do not submit highly sensitive data unless expressly agreed in writing;
- your agents, API clients, MCP clients, team members, and contractors use AIBrandScan lawfully.
29. Links to third-party websites
AIBrandScan may contain links to third-party websites, tools, platforms, or services.
We are not responsible for the privacy practices, content, or security of third-party websites or services.
You should review the privacy policies of third-party services before using them.
30. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
If changes are material, we may notify you by email, in-app notice, or website notice.
The updated Privacy Policy will apply from the date stated at the top of the page.
Your continued use of AIBrandScan after the update means that you acknowledge the updated Privacy Policy.
31. Contact
For privacy questions, requests, or complaints, contact:
Maciej Chmura IdeaUnlock
ul. Tadeusza Kościuszki 1
32-020 Wieliczka
Poland
NIP / VAT ID: 8652425764
REGON: 18070444800000
Email: help@aibrandscan.com