GDPR Compliance
Our commitment to protecting your data under EU regulations
Brand Vigilant is fully committed to complying with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data in accordance with EU data protection laws.
Our Role Under GDPR
Brand Vigilant acts as a Data Controller for the personal data of our customers and users, and as a Data Processor when handling threat intelligence data on behalf of our customers.
Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request limitation of how we use your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or marketing.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
Legal Bases for Processing
We process personal data under the following legal bases:
- Contract Performance: To provide our brand protection services
- Legitimate Interests: To improve our services and prevent fraud
- Legal Compliance: To comply with legal obligations
- Consent: For marketing communications (where applicable)
Data We Collect
We collect and process the following categories of personal data:
- Account Data: Name, email, company name
- Billing Data: Payment information (processed by payment providers)
- Usage Data: Platform interactions, IP addresses, device information
- Threat Intelligence: Domain data, WHOIS information, screenshots
Data Retention
We retain personal data only as long as necessary:
- Account Data: For the duration of your subscription + 30 days
- Billing Data: As required by tax and accounting regulations (typically 7 years)
- Usage Data: Up to 2 years for analytics purposes
- Threat Intelligence: As needed to provide services, typically 1 year
International Data Transfers
Your data may be processed outside the European Economic Area (EEA). We ensure appropriate safeguards through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where available
- Data processing agreements with all sub-processors
Sub-Processors
We use the following sub-processors to deliver our services:
- Google Cloud Platform: Cloud infrastructure (EU and US regions)
- Cloudflare: CDN and security services
- Stripe: Payment processing
- NOWPayments: Cryptocurrency payment processing
- Neon: Database hosting
Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
- Incident response procedures
Data Protection Officer
For questions about data protection or to exercise your GDPR rights, contact our Data Protection team:
- Email: [email protected]
- Address: Brand Vigilant, London, United Kingdom
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
Updates to This Policy
We may update this GDPR compliance information periodically. Material changes will be communicated via email or platform notification. Last updated: February 9, 2026.