Privacy Policy

Last updated: July 3, 2026

This Privacy Policy explains how Brüng ("Brüng," "we," "us," or "our") collects, uses, stores, and shares information when you use our web application and related services (the "Service"). By creating an account and checking the box indicating you have read and agree to this Privacy Policy, you consent to the practices described here.

Our Terms of Service describes the rules for using the Service. If you do not agree with this policy, do not use the Service.


1. Who We Are

Brüng is a launch and growth tool for eCommerce brand operators. We help you build go-to-market strategy, marketing content, and launch materials with AI assistance. When you connect and authorize third-party accounts, Brüng can also draft or publish outputs to those channels — for example, creating product pages in Shopify, drafting emails in Gmail, or publishing posts to Instagram or Facebook.

For questions about this policy or your data, contact us at: support@brung.studio


2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a hashed credential — we do not store your plaintext password)
  • Any profile information you choose to provide

2.2 Business Profile (Onboarding)

When you set up your business profile in Brüng, we collect information such as:

  • Business name and industry
  • Team size and revenue range (if you provide them)
  • Business description, pain points, tools you use, and growth goals

We use this to tailor generated outputs to your business.

2.3 Project and Content Data

When you use the Service, we collect and store:

  • Projects you create and the names you give them
  • Business context, product information, and prompts you enter to generate outputs
  • Content outputs generated on your behalf (e.g., marketing copy, strategy documents, briefs, social posts, email drafts)

This content is stored in your account and is used to deliver the Service to you.

2.4 Files You Upload

You may upload files to help Brüng understand your business or assist you in chat:

  • Project files — reference documents, images, or notes attached to a project (e.g., intake reference files, banner images). These stay with your project until you delete them or your account.
  • Architect chat attachments — images, PDFs, or text files you attach in the Architect chat. These are stored temporarily (about 24 hours) and then removed automatically.

Accepted file types include common image formats (JPEG, PNG, WebP, GIF), plain text, Markdown, and PDF, up to 5 MB per file.

2.5 eCommerce Integration Data (Shopify)

If you connect a Shopify store, we may access and store:

  • Your shop name and store metadata
  • OAuth access tokens needed to keep the connection working
  • Product information needed to read your catalog or create product pages you request

Connecting Shopify is optional. You authorize it when you install or connect the app. With your permission, Brüng can create or update product pages in your store (for example, when you use "Push to Shopify"). You can disconnect at any time in Account Settings or by uninstalling the app from Shopify.

2.6 Social and Email Integrations

If you connect optional third-party accounts, we may access and store:

  • Instagram or Facebook (Meta)— account identifiers, page or profile metadata, and OAuth tokens needed to publish posts you request. We use Meta's APIs only to publish content you choose to deliver.
  • Gmail — your connected email address and OAuth tokens with permission to compose drafts only. Brüng creates drafts in your Gmail account; it does not send email on your behalf.

These integrations are optional. You can revoke access through the third-party provider or disconnect in Account Settings.

2.7 Architect Chat Logs

When you use the Architect advisor inside a project, we store a log of each exchange — your message, the assistant's reply, and a snapshot of relevant business context — to operate and improve the feature. The quick advisor on your dashboard home page is session-only and is not stored in this log.

2.8 Usage and Technical Data

We may automatically collect limited technical data when you use the Service, including:

  • Browser type and version
  • Operating system
  • IP address
  • Pages visited and actions taken within the application
  • Session duration and timestamps

This data is used to operate, maintain, and improve the Service.

2.9 Communications

If you contact us (e.g., for support), we retain the content of that communication to respond to you and improve the Service.


3. How We Use Your Information

We use the information we collect to:

  • Create and maintain your account
  • Deliver the features and outputs you request
  • Connect to third-party services you authorize (Shopify, Gmail, Meta)
  • Send transactional communications (e.g., account confirmation, password reset)
  • Monitor and improve service performance and reliability
  • Detect and prevent fraud, abuse, or security issues
  • Comply with applicable legal obligations

We do not use your data for advertising, and we do not sell your data to third parties.


4. AI Processing

Core features of Brüng use OpenRouter, a third-party AI routing service, to send your inputs to foundation-model providers (such as Anthropic or Google) for processing. When you submit prompts, business context, or file attachments through the Service, that content may be transmitted to OpenRouter and its underlying model providers to generate outputs.

Categories of data that may be sent for AI processing include:

  • Business context you provide (e.g., brand description, product details)
  • Prompts and instructions you enter
  • Files you attach in Architect chat (images, PDFs, text)
  • Content generated in response to your requests

We do not use your content to train Brüng's own AI models. OpenRouter and the model providers it routes to operate under their own terms and privacy policies. Depending on the provider and model in use, those providers may retain or use your inputs — including to train or improve their models. We do not control these third-party practices.

Do not submit sensitive personal data (such as customer records, financial account numbers, or health information) unless you are permitted to share it with our AI providers.


5. Cookies and Local Storage

We use cookies and similar technologies to maintain your session and authenticate your account. These are functional and necessary for the Service to work.

We use analytics tools (see Section 6) that may set their own cookies or collect anonymized usage data.

We do not use cookies for advertising or cross-site tracking.


6. Third-Party Services and Subprocessors

We rely on the following third-party services to operate the Service:

CategoryProviderPurpose
Authentication, Database & File StorageSupabaseUser accounts, session management, application data, and uploaded files
AI / Content GenerationOpenRouterRoutes prompts and attachments to foundation-model providers for text and image generation
eCommerce IntegrationShopifyOptional store connection, product data access, and product page creation you authorize
Social PublishingMeta (Instagram, Facebook)Optional OAuth and publishing posts you request to connected accounts
Email DraftsGoogle (Gmail API)Optional OAuth and creating email drafts in your Gmail account (compose only; no sending)
Analytics & TelemetryVercel AnalyticsAnonymized usage data and performance monitoring
Hosting & InfrastructureVercelApplication hosting and delivery
Transactional EmailGoogle WorkspaceAccount confirmation, password reset, and product notifications from Brüng

Each provider processes data only as necessary to perform their function and is bound by applicable data protection terms.


7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service.

  • Account and business profile data: Retained until you delete your account or request deletion.
  • Project and content data: Retained as part of your account until deletion.
  • Architect chat attachments: Removed automatically after about 24 hours.
  • Project file uploads: Retained with your project until you delete the file, project, or account.
  • Architect chat logs (project advisor): Retained with your account until deletion.
  • Technical and log data: Retained for a limited period consistent with operational and security needs.
  • Integration data (Shopify, Gmail, Meta): Retained while the integration is active; removed upon disconnection, uninstall, or account deletion.

We may retain certain data longer where required by law or to resolve disputes.


8. Data Security

We implement technical and organizational measures to protect your data, including encrypted storage, hashed credentials, and access controls. Supabase implements row-level security to restrict data access to authorized users.

No system is perfectly secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.


9. International Data Transfers

Brüng and some of its subprocessors operate in or may process data in countries outside your own, including the United States. By using the Service, you acknowledge that your data may be transferred to and processed in these countries.

Where required, we rely on appropriate safeguards (such as standard contractual clauses or the data processing terms of our subprocessors) to govern international transfers.


10. Your Rights and Choices

Depending on where you are located, you may have rights with respect to your personal data, including the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to certain processing activities
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at support@brung.studio. We will respond within a reasonable timeframe consistent with applicable law.

You may delete your account at any time from your account settings. Upon deletion, we will remove your personal data from active systems, subject to any legal retention obligations.


11. Children

The Service is not directed at children under the age of 13 (or 16 where applicable under local law). We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.


12. Third-Party Links

The Service may contain links to third-party sites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any information.


13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through a notice within the Service (for example, a prompt to review and accept the updated policy), and we will update the "Last updated" date at the top of this page.

Your continued use of the Service after any changes take effect constitutes your acceptance of the updated policy.


14. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, contact us at:

Brüng
Email: support@brung.studio