BrandonBrandon

Privacy Policy

Last updated: 2026-06-18

This Privacy Policy explains how L4Forge SAS, operating as What Brandon Thinks(“we”, “us”), collects, uses, and protects information when you use whatbrandonthinks.com(the “Service”). We are established in France and act as the data controller for the personal data described below.

1. Information we collect

  • Account information: email address.
  • Contact information for delivery: email address and, if you choose WhatsApp delivery or authentication, your WhatsApp phone number.
  • Chat exports you upload: the WhatsApp or iMessage chat exports you submit for analysis. We process them only to generate your report.
  • Generated reports: the analysis we produce from your chat export.
  • Payment information: processed by Stripe. We do not store your card details.
  • Usage and technical data: standard server logs, error reports, and pseudonymized product analytics events (page views, funnel steps). This is usage data — it describes how the Service is used, not anything personal about you.
  • Transactional message data: delivery, read, failure, and opt-out metadata for emails and WhatsApp messages we send about your account, authentication, payment, or report.

2. How we use your information and our legal basis

Under the EU/UK General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to generate and deliver the report you purchased, to authenticate you via one-time passcodes, and to send the transactional notification containing your report link by email or WhatsApp.
  • Legitimate interests (Art. 6(1)(f)) — to detect and prevent fraud and abuse, to maintain the security of the Service, to keep pseudonymized product analytics, and to keep a pseudonymized audit record of deletion requests for dispute defense (see Section 4).
  • Legal obligation (Art. 6(1)(c)) — to retain payment and invoice records as required by French accounting law.

3. How we share information

We share information only with the following categories of recipients:

  • Subprocessors hosted in the European Union: Supabase (database and authentication) and Sentry (error monitoring) both store the data they process for us within the EU.
  • Subprocessors hosted outside the EU: Stripe (payments), Resend (transactional email), Vercel (hosting and analytics), Meta/WhatsApp (transactional WhatsApp messaging), and Anthropic (AI report generation). See International transfers below.
  • Legal authorities when required by applicable law or to protect our legal rights.

Anthropic processes your chat content under a zero-retention API contract: they do not use it to train their models and delete it from their systems within 7 days. Our server makes the request on your behalf, so Anthropic does not receive your account identity alongside the chat content.

International transfers.The subprocessors listed above as hosted outside the EU process some personal data in the United States. For those transfers, we rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

We do not sell your personal information.

4. WhatsApp transactional messages

If you choose to receive messages through WhatsApp, we use WhatsApp Business Platform to send transactional messages such as login codes, payment or processing updates, and report links. We do not use WhatsApp messages for advertising unless you separately opt in to marketing messages.

WhatsApp messages are processed by Meta/WhatsApp under their own terms and privacy practices. We receive delivery status and message metadata from WhatsApp so we can confirm whether important transactional messages were delivered or failed. You can opt out of WhatsApp delivery or ask us to use email instead by contacting support@whatbrandonthinks.com.

5. Data retention

You're in control of your data. You can delete any report, or your entire account, at any time directly from your dashboard — no need to contact us, no questions asked. Different categories of data follow these lifecycles:

  • Chat exports you upload: deleted as soon as your report is generated, or within 24 hours if you abandon onboarding before the report completes. Held encrypted on our servers only while processing.
  • Generated reports: retained until you delete the report or your account.
  • Account data (email): retained while your account is active; removed as soon as you delete your account.
  • WhatsApp phone numbers and message metadata: retained only as long as needed to provide transactional delivery, support, security, and abuse-prevention records, then deleted or anonymized unless we must retain related records for legal or accounting reasons.
  • Payment records: retained for 10 years as required by French accounting law.
  • Server logs and error reports: retained for up to 90 days for security and debugging.
  • Pseudonymized product analytics: usage events that describe how the Service is used. After you delete a report or your account, any analytics events tied to them are stripped of identifiers and retained only in aggregate form.
  • Deletion audit record: when you delete your account, we keep a pseudonymized audit row (a hashed identifier and per-account counts only — no email, no IP) so we can defend against deletion disputes and fraud claims.

For any other privacy request — access, correction, portability, or to object to certain processing — email us at support@whatbrandonthinks.com.

6. Cookies and analytics

We use a small number of strictly necessary cookies for authentication and session management. We also collect pseudonymized product analytics events (page views, funnel progression) through Vercel Analytics to understand how the Service is used. This usage data tells us nothing personal about you and is never used for advertising.

7. Your rights

You have the right to access, correct, port, or delete your personal data, to object to or restrict certain processing, and to withdraw consent at any time. Deletion of reports and your account is self-serve from your dashboard. For any other right, email us at support@whatbrandonthinks.com.

If you are in the European Union and believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the French data protection authority (CNIL — www.cnil.fr) or your local supervisory authority.

8. Security

We use industry-standard safeguards to protect your information, including encryption in transit (TLS) and encryption at rest for chat content during processing. No method of transmission over the internet is completely secure, but we work to protect your data using reasonable technical and organizational measures.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email.

10. Contact

Questions about this policy or your data? Email us at support@whatbrandonthinks.com. We have not appointed a Data Protection Officer; this address is our designated privacy contact.

11. Legal information (Mentions légales)

L4Forge SAS
222 rue de Brétigny, 01210 Ornex, France
SIREN: 999 235 385 — SIRET: 999 235 385 00013
RCS Bourg-en-Bresse — EUID: FR0101.999235385
VAT: FR28999235385
Contact: support@whatbrandonthinks.com