Privacy Policy — Branchify Last updated: May 2026 1. What We Collect We collect the following personal data when you register and use Branchify: - Email address (used for account identification and login) - Task and project data you create within the Service - Basic usage metrics (login frequency, feature usage) - Subscription and billing status (plan tier, subscription period — payment card details are handled exclusively by Stripe and are never stored by Branchify) - AI credit transaction history (action type, token counts, credit amounts, timestamps — stored for billing accuracy and dispute resolution) - Account deletion feedback (reason provided when deleting an account — retained after account deletion for product analytics) 2. How We Use Your Data Your data is used exclusively to provide the Service features: - Authenticating your account sessions - Storing and displaying your projects and tasks - Sending password reset and email verification emails - Managing your subscription and credit balance - Improving the Service based on aggregated usage patterns We do not sell, rent, or share your personal data with third parties, except as described in Section 4. 3. AI Feature Data Processing When you use AI-powered features (such as generating a task branch or creating a task tree from a document), the relevant content — specifically your task title, task description, and/or the text extracted from an uploaded document — is transmitted to an AI provider for processing. This transmission is necessary for the feature to function. By default, Branchify uses its own Anthropic API key for this processing. If you configure your own API key (Anthropic or other supported providers) in Settings, your content is sent to that provider directly using your credentials. The AI provider processes your content to generate a response and does not store your content beyond the duration of the request, subject to that provider's own privacy policy. We do not use your task content for AI model training. 4. Third-Party Services Branchify uses the following third-party services that may receive your data: Supabase — Cloud database and authentication infrastructure. Stores all user data (projects, tasks, profiles). Located in US East region. Stripe — Payment processing for Pro subscriptions and one-time credit top-ups. Stripe receives your email address and processes payment card data directly. Branchify only stores your Stripe customer ID and subscription status. Stripe's privacy policy: https://stripe.com/privacy Anthropic — AI processing for Branchify AI features (when using Branchify's API key). Task content is transmitted per request. Anthropic's privacy policy applies to that processing. Vercel — Application hosting and deployment infrastructure. 5. Data Storage & Residency Your data is stored on secure cloud infrastructure provided by Supabase (currently US East region). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Note: EU and Brazil data residency options are planned for a future release. At this time, all user data is stored in the US East region. 6. Data Retention Your data is retained for as long as your account exists. When you delete your account, all associated data (profile, projects, tasks, credit transactions) is permanently deleted, with the following exception: account deletion feedback submitted during the deletion flow is retained anonymously for product analytics. 7. Your Rights You have the right to: - Access the data we hold about you - Download a copy of your data (Settings → Data Export) - Delete your account and all associated data (Settings → Delete Account) Under GDPR (EU) and LGPD (Brazil), you may also have the right to data portability and to object to processing. Contact us via the Support page to exercise these rights. 8. Cookies & Session Data Branchify uses a single, essential authentication session cookie provided by Supabase. This cookie is required for the Service to function and cannot be disabled. We do not use tracking, advertising, or analytics cookies. No third-party cookies are set by Branchify. 9. Security We take security seriously. Passwords (for email/password accounts) are managed by Supabase Auth using bcrypt hashing. Session tokens are cryptographically signed and expire automatically. 10. Changes to this Policy We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. 11. Contact Questions about this Privacy Policy? Contact us via the Support page in the application.