GDPR & BrandBowl
How we handle your data and comply with GDPR regulations.
What is Data Protection Law?
In the UK, your privacy is protected by the UK GDPR and the Data Protection Act 2018. These laws give you clear rights over your personal information and hold us to high standards of transparency and security. Our goal is to ensure your data is handled ethically, allowing you to engage with our platform with total confidence.
Is this relevant to you?
If you are located in the UK, these laws protect you by default. Because our services are digital, we also maintain compliance standards that meet the requirements of the EU GDPR, ensuring that our users are protected regardless of whether they are joining us from London, Tallinn, or anywhere else in the European area.
How is BrandBowl GDPR Compliant?
We take a Privacy by Design approach to satisfy both UK GDPR and EU GDPR standards:
- We only collect the specific data necessary to provide our services. Nothing more.
- We use industry standard encryption and security measures.
- We store your data on secure servers located within the UK and the European Economic Area (EEA).
- We have a DPA available for you at all times.
- We maintain comprehensive Records of Processing Activities (RoPA) as required by the ICO.
- We give you full control over the data you collect, store, and manage with us
For more details on how we protect your rights, please refer to our privacy policy.
Data Processing Agreement (DPA)
Under the UK GDPR, businesses must have a formal agreement in place when processing data.
To make this easy, our Terms of Use include integrated data processing obligations that apply as soon as you create a BrandBowl account. This ensures your company is compliant from your very first login, with no separate signature required.
Our DPA is meticulously drafted to meet both UK and EU GDPR standards, providing clear instructions on data security, breach notification, and your rights as a Data Controller.
How do you use my personal data?
At BrandBowl, we handle your personal information responsibly. When you sign up, we act as a data controller for your account details (such as your name and email) to provide the service, manage your subscription, and keep your account secure. For any content or assets you upload or sync to BrandBowl, we act as a data processor, handling that information strictly according to your instructions and our service agreement.
We never sell your data, use it for marketing, or serve third-party ads. Furthermore, we do not use your personal data or uploaded content to train artificial intelligence or machine learning models.
The only time we share your information is with trusted service providers who help us run BrandBowl and they're required to follow strict UK and EU GDPR protections to keep your data safe.
Subprocessors
| Company | Purpose | Country | GDPR Info |
|---|---|---|---|
| Google Cloud Platform | Hosting, data processing and storage and AI provider | 🇧🇪 Belgium | More info |
| Amazon Web Services | Hosting, data processing and storage | 🇮🇪 Ireland | More info |
| Vercel | Hosting | 🇪🇺 EU | More info |
| Cloudflare | DNS and storage | 🇪🇺 EU | More info |
| PlanetScale | Database hosting | 🇧🇪 Belgium | More info |
| Stripe | Billing and payments | 🇺🇸 United States | More info |
| Better Stack | Error tracking and monitoring | 🇺🇸 United States | More info |
| PostHog | Product analytics and feature flag management | 🇩🇪 Germany | More info |
| OpenAI | AI provider | 🇺🇸 United States | More info |
| Brevo | Email delivery | 🇫🇷 France | More info |
| Hubspot | Marketing automation | 🇺🇸 United States | More info |
| Gleap | Customer support | 🇦🇹 Austria | More info |
Exercising Your GDPR Rights
To exercise your GDPR rights or for any data protection inquiries, please contact us anytime: