Privacy Policy

Last Updated: April 17, 2026

Your Data Belongs to You

At ValueBrand, we are committed to protecting your privacy and ensuring that you retain full ownership and control of your data.

Data Ownership

All data uploaded, processed, or generated through ValueBrand remains the exclusive property of the user. ValueBrand acts solely as a data processor and does not claim ownership of any user data.

Data Sharing Policy

ValueBrand does not sell, rent, or share user data with third parties. Data may only be disclosed with your explicit consent or where required by applicable law.

Security Measures

  • Encryption at rest using AES-256
  • Encryption in transit using TLS 1.2 or higher
  • Strict access controls and authentication mechanisms
  • Continuous monitoring and logging of system activity

Data Storage

All data is securely stored in cloud infrastructure with encryption at rest and in transit. Data is logically isolated per user account and accessible only to authorized systems.

Data Retention

Data is retained only while your account is active. Upon deletion, all data is permanently removed within 30 days, except where retention is required by law.

Human Access to Data

ValueBrand does not allow routine human access to user data. Access is only permitted when strictly necessary for user-requested support, debugging, or security purposes. All such access is logged, monitored, and restricted to authorized personnel under confidentiality obligations.

Your Rights

  • Access your data
  • Request deletion of your data
  • Export your data
  • Withdraw consent at any time
  • Lodge a complaint with a data protection authority

Compliance

ValueBrand aligns its practices with major data protection regulations, including GDPR and CCPA, and continuously updates its policies to reflect evolving legal requirements.

Google API Services: User Data Policy Compliance

ValueBrand's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google user data is used solely to provide analytics and insights within the authenticated merchant's private ValueBrand dashboard. It is never sold, shared, used for advertising, used for profiling, or used to train AI or machine learning models.

How Google Data Flows Through ValueBrand

When a merchant connects a Google account, ValueBrand uses Google OAuth 2.0 to obtain a read-only access token. Serverless Google Cloud Functions use this token to fetch data from the relevant Google APIs. The raw API responses are processed server-side. AI analysis runs against the data and only the resulting insights are written to the merchant's private BigQuery dataset. No raw Google user data is exposed to any other merchant, third party, or system.

Scope: youtube.force-ssl (YouTube Data API v3, Read-only enforced)

Data Accessed

  • Video metadata: titles, descriptions, tags, thumbnails, published dates, and video duration for all public videos on the connected channel
  • Public comment threads and individual comment text on the channel's videos
  • Channel name, description, and public subscriber count

Data Usage

  • Powers the Content Mix analysis pillar and classifies videos by type (educational, promotional, storytelling, UGC) to evaluate content balance
  • Powers the Social Engagement pillar and measures comment volume and interaction signals
  • Comment text is processed server-side by the AI sentiment engine; raw comment text is not stored in BigQuery beyond the processing window
  • ValueBrand accesses this scope in read-only enforced mode and never uploads, deletes, or modifies any YouTube content

Scope: yt-analytics.readonly (YouTube Analytics API, Read-only)

Data Accessed

  • Channel-level metrics: total watch time, average view duration, and views per video
  • Traffic source breakdown (search, suggested, external, direct)
  • Audience retention curves per video
  • Subscriber gain and loss events over time
  • Geographic view distribution by country
  • Viewer age range and gender demographics where available and consented to by viewers

Data Usage

  • Powers the Social Engagement pillar and calculates audience reach, interaction rates, and follower growth patterns over time
  • Aggregated metrics are stored per-merchant in BigQuery and are never cross-referenced across merchant accounts
  • Demographic data is aggregated at the channel level and is never linked to individual viewer identities

Scope: auth/content (Google Merchant Center Content API v2.1, Read-only enforced)

Data Accessed

  • Product listing fields: title, description, price, availability, condition, brand, GTIN, and product category
  • Product approval status (approved, disapproved, pending) and the reasons for any disapprovals
  • Feed diagnostic errors and item-level issues
  • Shopping performance metrics: clicks, impressions, and click-through rate (CTR)

Data Usage

  • Powers the UVP Clarity pillar and evaluates how clearly and consistently product copy communicates the brand's unique value proposition and differentiation
  • Surfaces catalog health issues (disapproved products, feed errors) as actionable alerts in the merchant dashboard
  • Product data is stored in the merchant's private BigQuery dataset and is never shared with other merchants or third parties
  • ValueBrand accesses this scope in read-only enforced mode and never modifies, submits, or deletes any product listings

Scope: business.manage (Google Business Profile API, Read-only enforced)

Data Accessed

  • Publicly visible customer reviews: review text, star rating, review date, and reviewer display name as shown on the public Business Profile
  • Review response status: whether the business has replied to each review
  • Aggregate rating statistics: total review count and average star rating

Data Usage

  • Powers the Review Sentiment pillar and performs rating distribution analysis, review recency scoring, NLP sentiment classification of review text, and response-rate evaluation
  • Raw review text is processed server-side by the AI sentiment engine and is not retained in BigQuery beyond the analysis window; only the sentiment scores and aggregate insights are stored
  • ValueBrand accesses this scope in read-only enforced mode and never writes, responds to, edits, deletes, or otherwise modifies any business reviews or any part of the business profile

Google Data: Storage and Security

All Google-derived data is stored in the merchant's private BigQuery dataset, encrypted at rest with AES-256 and in transit with TLS 1.2 or higher. Each merchant's dataset is logically isolated. No cross-merchant data access is possible at any layer of the system.

Google Data: Retention and Deletion

Google-derived data is retained only while the integration is active. When a merchant disconnects a Google integration, the OAuth token is revoked immediately via the Google token revocation endpoint, and all associated data in BigQuery is permanently deleted within 30 days. Merchants can also request immediate deletion by contacting info@valuebrand.ai.

Google Data: User Control and Revoking Access

Merchants can disconnect Google integrations at any time from the ValueBrand application settings. Access can also be revoked directly from Google Account, Security, Third-party apps and services. Upon revocation, ValueBrand immediately stops all data collection for that integration.

Google Data: Strict Use Limitations

  • Google user data is never sold, rented, or shared with any third party
  • Google user data is never used for advertising, ad targeting, or user profiling
  • Google user data is never used to train AI or machine learning models
  • Google user data is never transferred to another app without explicit user consent
  • ValueBrand only accesses Google data explicitly authorized through the Google OAuth consent screen

Meta API Services: User Data Policy Compliance

ValueBrand integrates with the Meta Graph API to analyze Facebook Page and Instagram Business Account performance on behalf of the authenticated merchant. All Meta permissions are used in a read-only capacity. ValueBrand never publishes content, sends messages, buys ads, or modifies any page, account, or user data through Meta APIs.

How Meta Data Flows Through ValueBrand

When a merchant connects their Meta account, ValueBrand obtains a page access token via the Facebook Login OAuth flow with only the permissions listed below. Serverless Cloud Functions use these tokens to fetch data from the Meta Graph API. The raw API responses are processed server-side. AI analysis runs against the data and only the resulting insights are written to the merchant's private BigQuery dataset. No raw Meta user data is shared with any other merchant, third party, or system.

Permission: pages_show_list

Data Accessed

  • Facebook Page IDs, page names, and page categories for all Pages managed by the authenticated business account

Data Usage

  • Used solely to identify which Facebook Pages belong to the merchant so ValueBrand can correctly link engagement data to the right brand account
  • Used exclusively for account linkage and not used to read page content, posts, or audience data

Permission: pages_manage_metadata

Data Accessed

  • Page metadata: page name, description, contact information, hours of operation, and cover image
  • Page health signals: response rate, verification badge status, and published status

Data Usage

  • Powers the Narrative Cohesion and UVP Clarity pillars and assesses how completely and consistently the brand page presents its identity and value proposition
  • ValueBrand reads this data and does not modify any page settings, metadata, or configuration

Permission: pages_read_engagement

Data Accessed

  • Aggregated post-level engagement metrics for Facebook Page posts: reactions (broken down by type), comment count, shares, saves, clicks, reach, and impressions

Data Usage

  • Powers the Social Engagement pillar and calculates interaction rate, reach trends, post performance patterns, and content type effectiveness
  • All metrics are stored as aggregated data per merchant in BigQuery and are never linked to individual user identities

Permission: pages_read_user_content

Data Accessed

  • Public visitor posts on the Facebook Page
  • User comments on page posts
  • User reviews and recommendations left on the page (publicly visible content only)

Data Usage

  • Powers the Review Sentiment and Emotional Tone pillars. NLP sentiment classification of audience-generated content detects reputation risks and emotional resonance
  • Raw comment and review text is processed server-side and is not retained in BigQuery beyond the analysis window; only aggregated sentiment scores are stored
  • ValueBrand reads this publicly visible content only and does not moderate, delete, hide, or reply to any user posts or comments

Permission: instagram_basic

Data Accessed

  • Instagram Business Account profile: username, biography, follower count, following count, media count, and profile picture URL
  • Media object list: post IDs, media types (image, video, carousel, reel), published timestamps, captions, and permalink URLs. No private or archived content is included

Data Usage

  • Identifies the merchant's Instagram presence and links it to the brand account
  • Provides the media list for the Content Mix pillar and classifies posts by type (educational, promotional, UGC, storytelling) to evaluate content balance against what drives sales in the merchant's category

Permission: instagram_manage_insights

Data Accessed

  • Profile-level metrics: impressions, reach, profile visits, and website clicks
  • Follower demographics: age range, gender distribution, and top geographic locations (aggregated, not individual)
  • Per-post performance: saves, video plays, story completion rates, and story exit points

Data Usage

  • Powers the Social Engagement pillar for Instagram and tracks audience growth trends, interaction rates, and content reach analysis
  • Stored per-merchant in BigQuery; follower demographics are aggregated and are never linked to individual Instagram user identities

Permission: instagram_manage_comments (Read-only enforced)

Data Accessed

  • Public comments on the merchant's Instagram posts and reels

Data Usage

  • Powers the Review Sentiment and Emotional Tone pillars. NLP sentiment classification of audience comments measures how audiences emotionally respond to the brand's Instagram content
  • Raw comment text is processed server-side and is not retained in BigQuery beyond the analysis window; only aggregated sentiment scores are stored
  • ValueBrand accesses this permission in read-only mode and never posts, deletes, hides, pins, or replies to any Instagram comments

Meta Data: Storage and Security

All Meta-derived data is stored in the merchant's private BigQuery dataset, encrypted at rest with AES-256 and in transit with TLS 1.2 or higher. Each merchant's dataset is logically isolated. No cross-merchant data access is possible at any layer of the system.

Meta Data: Retention and Deletion

Meta-derived data is retained only while the integration is active. When a merchant disconnects the Meta integration, the access token is revoked and all associated data in BigQuery is permanently deleted within 30 days. Merchants can also request immediate deletion by contacting info@valuebrand.ai.

Meta Data: User Control and Revoking Access

Merchants can disconnect the Meta integration at any time from the ValueBrand application settings. Access can also be revoked directly from Facebook, then Settings and Privacy, then Settings, then Apps and Websites. Upon revocation, ValueBrand immediately stops all data collection for that integration.

Meta Data: Strict Use Limitations

  • Meta user data is never sold, rented, or shared with any third party
  • Meta user data is never used to buy, run, or target advertisements
  • ValueBrand never publishes posts, sends messages, or takes any action on behalf of the user through Meta APIs
  • Meta user data is never used to train AI or machine learning models
  • Meta user data is never transferred to another application without explicit user consent
  • No scope requested by ValueBrand grants write, publish, or advertising access of any kind

Contact for Privacy Requests

For any privacy-related questions, data access requests, or deletion requests, contact us at info@valuebrand.ai