Legal

Privacy Policy

Last updated: 16 June 2026

Brytic (“Brytic”, “we”, “us”) helps marketing teams measure how AI engines mention their brand. This policy explains what we collect, why we collect it, and the choices you have. We aim for plain language; if anything is unclear, write to us at hello@brytic.com.

1. Information we collect

We collect only what we need to run the service.

  • Account information. Your email address and name when you sign up. Authentication is handled through a trusted third-party identity provider.
  • Brand information you provide. The company name, domain, aliases, description, competitors, and the prompts you choose to monitor.
  • Scan results. The AI responses returned by ChatGPT, Gemini, Perplexity, Copilot, Grok, and similar engines for the prompts you track, together with the citations and metrics we derive from those responses.
  • Site audit content. If you ask Brytic to audit a website you own, we crawl publicly available pages and store their rendered content and screenshots.
  • Usage data. Basic technical information such as your IP address, browser, and timestamps of requests. We use this to diagnose problems and stop abuse.
  • Optional integrations. If you connect Google Analytics 4, we store the OAuth refresh token needed to read the metrics you authorise. We do not have access to anything outside the property you connect.

2. How we use information

  • To operate Brytic and run scans on the prompts you have set up.
  • To authenticate you and keep your account secure.
  • To send transactional email (sign-in links, invitations, billing receipts).
  • To diagnose errors, improve performance, and prevent abuse.
  • To comply with legal obligations.

We do not sell your personal information. We do not use it to train AI models.

3. Service providers

We rely on a small number of trusted third-party service providers to operate Brytic. The categories of providers we use include:

  • Authentication and identity management.
  • Cloud hosting and content delivery.
  • Database and storage infrastructure.
  • Transactional email delivery.
  • Large language model providers and search-data partners that power the scans we run on your behalf.
  • Error monitoring and performance diagnostics.

Each provider processes personal information only on our instructions and only for the purposes described in this policy. We require them to apply security and confidentiality standards consistent with our own. We will provide a current list of named sub-processors on request for customers who need one for procurement or compliance purposes.

4. Cookies and tracking

We use a small number of strictly necessary cookies to keep you signed in. We do not use third-party advertising cookies and we do not run a marketing analytics suite on the authenticated dashboard.

On our public marketing pages we use privacy-first, cookieless analytics (PostHog and Cloudflare Web Analytics) to understand aggregate traffic and referrals. They set no cookies, store nothing on your device, and cannot identify you or track you across sites or from one day to the next — which is why we do not show a cookie banner. They never run on the authenticated dashboard.

5. Data retention

We keep your brand information and scan history for as long as your account is active. If you archive a brand it remains recoverable until you choose to permanently delete it. Permanent deletion removes the brand and every associated row — prompts, scan history, audits, screenshots — and is irreversible. If you delete your entire account, we remove your personal data within thirty days, except where law requires us to keep specific records longer.

6. Your rights

You can access, correct, export, or delete your information at any time from within the dashboard or by writing to hello@brytic.com. If you are in the EEA, the UK, or California, you have additional rights under GDPR / UK GDPR / the CCPA — we will honour requests of those rights at no charge.

7. Security

Brytic uses TLS in transit, encryption at rest on our managed database, and short-lived authentication tokens. We restrict employee access to production data to the people who need it to operate the service. No service is perfectly secure; if we ever detect a breach that affects you, we will notify you without undue delay.

8. International data transfers

Brytic and several of our sub-processors are based in the United States. Your data may be processed in the US, the EU, or other regions where our providers operate. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

9. Children’s Data

Brytic is built for businesses and is not directed at children under sixteen. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take prompt steps to delete it.

10. Changes to this policy

If we make material changes we will notify you by email or via an in-app banner before they take effect. The “last updated” date at the top of this page always reflects the current version.

11. Contact

Questions, requests, or concerns: hello@brytic.com.