← Brandomica Lab

Privacy Policy

Last updated: April 11, 2026

Controller

Brandomica Lab is operated by its sole founder (“we”, “us”). For data-related inquiries contact support@brandomica.com.

Brandomica Lab is an early MVP offered free of charge. This policy describes our current data handling on a best-effort basis and may be updated as the product evolves.

Lawful basis for processing

  • Consent — analytics cookies (Google Analytics / GA4) are only enabled after you accept the consent banner
  • Legitimate interest (Art. 6(1)(f) GDPR) — rate limiting, abuse prevention, pseudonymized usage logging, and unique visitor counting. These are necessary to protect shared infrastructure and understand aggregate usage patterns. The processing is minimal (no brand names stored, hashes auto-deleted after 90 days) and does not override your rights

What we collect

Brandomica Lab uses Vercel Analytics and Google Analytics (GA4) to collect usage data. This includes:

  • Page URL and referrer
  • Browser type and screen size
  • Search events (that a search was performed; brand names are not stored)
  • Outbound link clicks (which external link was clicked)

Cookies and consent

Brandomica Lab uses a consent banner for analytics cookies. Google Analytics storage is denied by default and only enabled if you accept. If you decline, core site functionality still works.

What we don't collect

  • No user accounts
  • No passwords or payment information
  • No database of user identities linked to searches

Third-party services used for brand checks

When you search a brand name, Brandomica Lab may send the search term to these services:

  • Vercel Domains API (domain availability and pricing, primary provider)
  • WhoisXML API (domain availability fallback)
  • GitHub API (username availability via PAT)
  • Serper.dev Google Search API (web presence checks and social handle lookups for X/Twitter, TikTok, LinkedIn, and Instagram via Google site: queries)
  • Turso (hosted SQLite FTS5 — USPTO trademark search, ~850K marks)
  • EUIPO Trademark Search API (European trademark search, currently operating in sandbox mode while production credentials are pending)
  • iTunes Search API (App Store check)
  • npm, PyPI, crates.io, RubyGems, NuGet, Homebrew, Docker Hub (package registry checks)
  • ProductHunt GraphQL API v2 (when configured; manual link fallback otherwise)
  • Wiktionary REST API (linguistic screening — word existence only, no definitions stored)
  • Datamuse API (phonetic similar-word enrichment)

Social handle checks for X/Twitter, TikTok, Instagram, and LinkedIn use Serper.dev Google site: queries — not direct platform APIs. These checks may return null when a profile is not indexed by Google. Google Play returns a manual search link only (automated checks are disabled for ToS compliance).

Each service has its own privacy policy. Brandomica Lab does not control how these services handle the data.

Data sharing

Brandomica Lab does not sell, rent, or share your data with third parties for marketing or advertising purposes. Brand names you search are sent only to the third-party services listed above for the sole purpose of performing availability and safety checks. No user data is shared beyond what is required to return check results.

Data retention

Search requests and checker responses may be cached in memory for about 5-30 minutes depending on endpoint (most checks are 5-10 minutes; Google web-presence checks can be up to 30 minutes).

Brandomica Lab maintains an operational log of API requests that records channel (web, API, MCP, CLI), check mode, timestamp, and a pseudonymized client fingerprint (one-way SHA-256 hash derived from IP address, user-agent string, primary accept-language tag, and infrastructure provider hint — used for rate limiting and unique visitor counting, not to identify individuals). Brand names are not stored in this log. Log entries are automatically deleted after 90 days. Analytics data retention follows Vercel and Google's policies.

As an MVP, providers, integrations, and retention details may change as we improve reliability and coverage.

International data transfers

Brandomica Lab and most of its third-party service providers operate in the United States. If you are located in the EU/EEA, your data may be transferred to and processed in the US. Where applicable, these transfers rely on adequacy decisions (such as the EU-US Data Privacy Framework) or appropriate safeguards such as standard contractual clauses maintained by the respective service providers.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or object to the processing of your data, as well as the right to data portability. Because Brandomica Lab does not maintain user accounts, we may be unable to verify your identity or locate specific records linked to you. The pseudonymized operational log is automatically deleted after 90 days.

To exercise any of these rights, or if you have concerns about how your data is handled, email support@brandomica.com. EU/EEA residents also have the right to lodge a complaint with their local data protection supervisory authority.

Contact

Questions? Email support@brandomica.com or open an issue on GitHub. For security vulnerabilities, use security@brandomica.com and do not post details publicly before a fix is available.