Privacy Policy
Last updated: 2026-06-11
Encoded Brands runs the Encoder, a paid brand-interview app that takes your inputs (your domain, your documents, your answers) and produces a Brand Context Protocol: a structured definition of your brand that you and your agents can use.
This policy says what we collect, what we do with it, who else sees it, and how to make us forget you.
It is plain on purpose. If anything below is unclear, write to us at the contact address at the end.
1. Who we are
The Encoder is operated by Estuary Group LLC, doing business as Encoded Brands ("we," "us"). We are based in the United States.
2. What we collect
Account data. Your name, email address, and any OAuth identifiers from the provider you signed in with. Handled on our behalf by Clerk.
Payment data. Your card details go directly to Stripe. We never see or store them. We receive only a transaction reference and payment status.
Brand and session data. The substance of the work: the domain you submit, the URLs you point us at, the documents you upload, the answers you give during the encoding interview, the interview dialog itself, and the BCP the Encoder produces from all of it.
Usage data. Basic analytics about how the Encoder and our website are used: pages viewed, broad device and referrer information, and aggregate engagement. We use two tools. Vercel Web Analytics is cookieless and collects no personal identifiers. Google Analytics sets cookies, so it loads only if you accept them in our cookie banner (see Cookies, below).
We do not run ad pixels, session replay tools, or third-party advertising analytics. We do not buy data from third parties to enrich your profile.
Categories under California law
For California residents, the categories of personal information we collect, as defined by the CCPA, are:
| CCPA category | What we collect | Source |
|---|---|---|
| Identifiers | Name, email, OAuth identifiers | You |
| Commercial information | Subscription status, transaction references | You, Stripe |
| Internet activity | Aggregate usage analytics (Vercel cookieless; Google Analytics only with consent) | Your device |
| Professional information | Brand and company information you submit | You |
We collect these to provide and improve the service, as described in Section 3. We do not collect sensitive personal information as defined by the CCPA. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
3. How we use it
To deliver the service. We run the interview, do the extraction, produce your BCP, deliver it to you, and let you come back to your work later.
To communicate with you. We send email tied to your work: a confirmation when you subscribe or publish, billing and renewal notices, and occasional reminders if you start an encoding and do not finish. You can opt out of non-essential reminders at any time using the unsubscribe link in those emails or by writing to us. Essential account, billing, and transaction messages still apply.
To review sessions and improve the Encoder. Members of our team may read your encoding session, including your uploaded documents, the interview dialog, and the BCP the Encoder produced. We do this to see where the interview works and where it fails, to tune our prompts, scoring, and pushback, to diagnose errors, to develop new features, and to handle your support requests. Access is limited to authorized personnel under confidentiality obligations. What we generalize from review, such as patterns, counters, and refinements to our methodology, is stripped of anything that identifies you or your brand before it is reused. Your identifiable content is never shown to another customer and never used in another customer's session.
Model training. We do not use customer-identifiable content to train machine-learning models. If we ever intend to, we will ask for your separate consent first. Anonymized and aggregated signals, which carry no identifier pointing back to you, are not customer-identifiable content.
To understand usage. We use the analytics described above to understand what is working and where the Encoder is confusing.
Our lawful bases, where the GDPR applies, are performance of contract (delivering the service), legitimate interests (reviewing sessions to improve and secure the service), and consent where required.
4. Who we share it with
We share data only with the service providers we need to run the Encoder. None of them may use your data for their own marketing or resell it. As of the date above:
- Clerk — authentication and account management
- Stripe — payments
- Supabase — database and file storage (United States)
- Vercel — application hosting and cookieless web analytics (United States)
- Google Analytics — cookie-based web analytics, loaded only if you accept cookies in our banner (United States)
- Cloudflare — DNS, edge delivery, and Registry hosting for published BCPs
- Anthropic — language-model API calls that power the interview and compile your BCP. API traffic is governed by Anthropic's commercial terms, which prohibit using customer prompts for training.
- Resend — delivery of account and lifecycle email
We do not sell your data. We do not share it with advertisers or marketing partners. If we are required to disclose data to comply with a lawful legal request, we will narrow what we hand over and tell you where the law allows.
5. How long we keep it
We retain your account and session data for as long as your account exists. We do not auto-expire it. Your BCP is meant to live with you.
When you publish your BCP, it becomes a public file at your domain and in our Registry, readable by anyone or any agent that fetches it. That is by design: the protocol works by being readable. A published BCP stays public until you unpublish or delete it.
You can delete your account and its data at any time. When you do, we remove your account, sessions, uploaded files, interview dialogs, and generated BCP from the systems we control within 30 days.
One honest carve-out: anonymized and aggregated learnings already absorbed into our methodology and internal systems (for example, a counter that says "x percent of brands ship a sans-serif heading face," or a refinement to an interview question informed by past sessions) are not individually reversible. Those learnings carry no identifier that points back to you, and they survive deletion of your account.
6. Your rights and choices
Wherever you live, you can:
- See your data. Ask and we will tell you what we have.
- Export your data. Your BCP is yours. We will deliver it in machine-readable form on request.
- Delete your data. Delete your account in the app, or write to us and we will do it for you.
- Correct your data. Most of it you can edit in the app. For anything else, write to us.
- Manage emails. Opt out of non-essential lifecycle emails at any time.
California residents have rights under the CCPA, including the right to know, correct, and delete personal information, and the right not to be discriminated against for exercising those rights. We do not sell or share personal information as those terms are defined by the CCPA, so no opt-out is required. To exercise any right, email the address below. We will verify your identity, acknowledge your request within 10 business days, and respond within 45 calendar days. You may designate an authorized agent to make a request on your behalf.
EEA and UK residents have rights under the GDPR and UK GDPR, including access, rectification, erasure, restriction, portability, and objection, including the right to object to processing based on legitimate interests. You may lodge a complaint with your supervisory authority.
7. Security
We host the Encoder on Vercel and store data on Supabase. Data is encrypted in transit (TLS) and at rest. Service-role credentials never reach the browser. Our team uses single sign-on with hardware-key second factors.
No system is perfectly secure. If we discover a breach affecting your data, we will tell you promptly and tell you what we know.
8. Cookies
Strictly necessary cookies. A session cookie from Clerk so you stay signed in, transient cookies from Stripe during checkout, and Supabase auth cookies. These are required for the service to function and are always on.
Analytics cookies. Vercel Web Analytics is cookieless and always on. Google Analytics sets cookies and loads only if you accept them in the cookie banner shown on your first visit. You can decline, and you can change your choice at any time by clearing the banner's stored preference. We do not use advertising or cross-site tracking cookies.
9. Children
The Encoder is a business product. It is not directed at children and we do not knowingly collect data from anyone under 16.
10. International users
Your data is processed in the United States. Where the GDPR or UK GDPR requires a transfer mechanism, transfers of personal data from the EEA or UK to us rely on Standard Contractual Clauses in our capacity as data importer, or on another valid transfer mechanism in effect at the time. We will sign a Data Processing Agreement, incorporating the SCCs where applicable, on request.
11. Changes to this policy
We will update this policy when our practices change. The "Last updated" date at the top will move. If a change is meaningful, such as a new category of data, a new use, or a new subprocessor that materially changes the risk picture, we will email account holders before it takes effect.
12. Contact
Privacy questions, deletion requests, DPA requests, and anything else covered above:
Estuary Group LLC d/b/a Encoded Brands 1005 Northgate Drive, #193 San Rafael, CA 94903