Privacy Policy

Last updated May 29, 2026

This policy describes what data we collect and how we use it. EU, UK, and Swiss residents can exercise GDPR rights from the Profile page, including data export and account deletion.

1. Who we are

The Berchtold Group (“Berchtold,” “we,” “us”) operates the brand-operations platform at app.berchtold.ai (the “Service”). For privacy questions, contact [email protected].

2. Information we collect

Account data. When you sign up we collect your name, email address, password (hashed by Firebase Auth), and the organization and brand names you provide. You can edit most of this in your Profile and Organization settings.

Billing data. If you subscribe to a paid plan, Stripe processes your payment method and billing address. Berchtold never sees your card number — only the safe-to-display fields (brand, last 4, expiration). Stripe retains card data under its own privacy policy and PCI DSS Level 1 controls.

Usage data. We log endpoint hits, agent runs, and MCP tool calls to enforce rate limits, compute monthly usage for billing, and debug errors. Logs include IP address, user agent, and the org/brand identifier involved.

Customer Content. Brand configurations, memory entries, precedents, tasks, and other workspace data you create or upload. We process this on your behalf as part of operating the Service.

Connected integrations. If you connect Google Analytics, Stripe, Buffer, Mailchimp, WordPress, Facebook, Instagram, or other platforms, we store the access tokens (encrypted via Cloud KMS) and any data those tools return when you invoke them.

Facebook & Instagram (Meta). When you connect a Facebook Page or Instagram Business account through Berchtold Studio, we receive — via the Meta Graph API and with your authorization — your Pages and linked Instagram accounts, long-lived access tokens (encrypted via Cloud KMS), and, for content your team publishes through Berchtold, first-party per-post performance metrics (reach, impressions, engagement). We use this solely to publish on your behalf and to report on your own content's performance. We do not use it for advertising or share it with third parties. You can disconnect at any time from the Studio Connections screen, and removing the app in your Facebook settings triggers immediate deletion of the associated tokens and channels.

3. How we use information

To provide, maintain, and improve the Service.
To process payments, send invoices, and handle disputes via Stripe.
To send transactional emails (account verification, invoice receipts, trial reminders, dispute alerts).
To enforce platform rate limits and detect abuse or fraud.
To respond to support requests.
To comply with legal obligations.

We do not sell personal data, share it with advertisers, or train external AI models on Customer Content.

4. Legal bases (GDPR)

If you are in the EU, UK, or Switzerland, we rely on:

Contractual necessity for account, billing, and core Service functionality.
Legitimate interests for rate-limit enforcement, fraud prevention, and product improvement.
Legal obligation for tax records and dispute response.
Consent for optional features (e.g., marketing emails); withdrawable at any time.

5. Sub-processors

We use the following sub-processors to deliver the Service:

Google Firebase (Auth, Firestore, Cloud Functions, Cloud KMS) — primary application and identity infrastructure.
Netlify — web hosting and edge delivery for the Next.js application.
Stripe — payment processing, invoicing, tax calculation, dispute handling.
Resend — transactional email delivery.
Anthropic and OpenAI — large language model providers for agent and validation features. Customer Content sent to these providers is processed under their respective enterprise-grade data-handling commitments (no training on input).
Adobe (Adobe Fonts / Typekit) — web font delivery for the dashboard. Each font request sends your IP address and User-Agent to Adobe; no account data is included.
Meta Platforms (Facebook, Instagram) — when you connect a Page or Instagram Business account through Berchtold Studio to publish content and read its first-party performance metrics.
Third-party platforms you connect (Google Analytics, Ahrefs, Buffer, Mailchimp, WordPress, etc.) — only when you explicitly authorize them.

A current list of sub-processors and their roles is published in our Data Processing Addendum. Customers subject to GDPR / UK GDPR / Swiss FADP can request a counter-signed DPA from [email protected].

6. International transfers

We are headquartered in the United States, and our primary infrastructure runs on US-based Google Cloud regions. Personal data of non-US users is transferred to the US under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework (where applicable). Specific transfer mechanisms are documented in our DPA.

7. Data retention

We retain account and usage data for the duration of your subscription plus 90 days after termination, to handle disputes and meet tax-record obligations. Invoices and billing records are retained for 7 years per US tax law. When you delete your organization or account, all Customer Content is erased immediately, with the limited exceptions stated above.

8. Your rights

Depending on your jurisdiction, you may have the right to:

Access your personal data — use the “Download data export” button on your Profile page.
Rectify incorrect data — most fields are editable in Profile and Organization settings.
Erase your data — use the “Delete my account” button on your Profile page, or contact us. To delete data obtained from Facebook or Instagram specifically, disconnect the account in Studio, remove the Berchtold app from your Facebook business-integrations settings (which automatically erases the stored tokens and channels), or email [email protected].
Restrict or object to processing, withdraw consent, or request data portability.
Lodge a complaint with your local data protection authority.

To exercise any right that isn't available as a self-serve action, email [email protected]. We respond within 30 days.

9. Cookies and local storage

We use a small number of first-party cookies and localStorage keys for authentication state and UI preferences (e.g., theme, onboarding-checklist dismissal). We do not use third-party advertising cookies. Analytics are opt-in per organization.

10. Security

We protect personal data with TLS in transit, AES-256 at rest, Cloud KMS-managed encryption keys for integration credentials, and role-based access controls on every API endpoint. Stripe handles PCI scope; we never store card numbers.

Report a security issue to [email protected].

11. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from children.

12. Changes

Material changes to this policy will be announced via email and in-app at least 14 days before they take effect. The version in force when you accept is recorded in our audit log.

13. Contact

Privacy questions: [email protected]
Data Processing Addendum: /legal/dpa or counter-signed copy from [email protected]