← Back to BrandSwitch

Privacy Policy

Last Updated: April 17, 2026

Table of Contents

Overview

BrandSwitch ("we," "our," "us"), operated by PM Project Change Pty Ltd, provides a document rebranding platform that transforms documents from one brand identity to another. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at brandswitch.io.

Company Information

Legal Entity: PM Project Change Pty Ltd

ABN: 83 692 182 479

Product: BrandSwitch

Website: brandswitch.io

Location: Sydney, NSW, Australia

Contact: info@brandswitch.io

Information We Collect

Personal Information

  • Email address (for account creation, authentication, and service communications)
  • Password (encrypted and hashed - we never see your actual password)
  • Name (optional, for personalisation)

Documents You Upload

  • Source documents submitted for rebranding (Word documents, PDFs, and other supported formats)
  • Brand assets you provide (logos, colour palettes, style guides)
  • Output documents generated by the platform
DOCUMENT HANDLING: Documents you upload are processed for the purpose of delivering the rebranding service. We do not read, review, or analyse the content of your documents beyond what is technically necessary to perform the transformation. Your documents are isolated per session and are not shared with other users.

Technical Information

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information
  • Usage analytics (pages visited, features used)
  • Error logs (to improve app stability)
WE DO NOT COLLECT:
  • Bank account information
  • Credit card details (handled by our payment processor, not stored by us)
  • Government IDs or tax identification numbers
  • Your physical address (unless you choose to provide it)

How We Use Your Information

We use your information to:

  • Provide the core service: Process and transform your documents according to your brand specifications
  • Account management: Create and maintain your account
  • Transactional emails: Welcome emails, password resets, payment confirmations
  • Service improvements: Analyse usage patterns to improve features
  • Legal compliance: Comply with Australian laws and regulations
  • Security: Detect and prevent fraud, unauthorised access, or violations of terms
We do NOT:
  • Sell your data to third parties
  • Share the content of your documents with anyone
  • Use your data for advertising or marketing to third parties
  • Train AI models on your uploaded documents

Data Storage and Security

Where Your Data is Stored

  • Application hosting: Railway (cloud infrastructure)
  • Database: Supabase (PostgreSQL)
  • DNS and security: Cloudflare

Security Measures We Implement

1. Data Isolation
  • Session-based isolation: Uploaded documents are processed in isolated sessions
  • User-level isolation: Database-level security policies ensure each user can only access their own data
  • Automatic enforcement: You cannot accidentally see another user's documents
2. Encryption
  • In transit: All data transmitted using TLS/SSL encryption (HTTPS)
  • At rest: Database encrypted at rest
  • Passwords: Hashed using bcrypt (industry-standard, one-way encryption)
3. Access Controls
  • Authentication required to access any data
  • Sessions expire after inactivity
4. Infrastructure Security
  • Regular security patches applied promptly
  • DDoS protection via Cloudflare
  • Automated alerts for suspicious activity
IMPORTANT SECURITY LIMITATION: Despite all these measures, NO system is 100% secure. While we implement industry-leading security practices, we cannot guarantee absolute security against all possible threats. We recommend you retain copies of any documents you upload to BrandSwitch.

Your Control Over Your Data

You Own Your Data

Critical principle: You retain full ownership of all documents and data you upload. We are a processing and transformation service - we do not claim ownership of your content.

Document Downloads

You can download your transformed documents at any time during your active session. We recommend downloading your output files promptly after processing.

Data Retention

Demo Sessions

  • Uploaded documents are retained only for the duration of processing
  • Transformed output files are available for download for a limited period after processing
  • Session data (email, timestamp) is retained for analytics and fraud prevention

Registered Accounts

  • Account data retained while your account is active
  • You may request deletion of your account and associated data at any time
YOUR RESPONSIBILITY: Always download and retain your own copies of transformed documents. We do not guarantee indefinite storage of processed files.

Your Data Rights (Australian Privacy Principles)

Under the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs), you have the right to:

1. Access (APP 12)

  • Request a copy of all personal information we hold about you
  • Download your processed documents during active sessions
  • Request account activity logs

2. Correction (APP 13)

  • Update or correct inaccurate information
  • Update your email or profile information

3. Deletion

  • Request deletion of your account and all associated data
  • Request deletion of specific uploaded documents

4. Complaint Rights

  • Lodge a complaint with us (we must respond within 30 days)
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
  • Seek legal remedies for privacy breaches

To exercise these rights: Contact us at info@brandswitch.io

International Users (GDPR Compliance)

If you are in the European Economic Area (EEA) or UK:

Legal Basis for Processing

  • Contract performance: Processing necessary to provide the service you signed up for
  • Consent: You explicitly agree to data processing by using the service
  • Legitimate interests: Fraud prevention, service improvement

Additional GDPR Rights

  • Right to be forgotten: Request complete data deletion
  • Data portability: Receive data in structured, commonly used format
  • Object to processing: Object to data processing for marketing purposes
  • Restrict processing: Request limitation on how we use your data

Data Transfers

Your data may be transferred to and processed in countries outside the EEA (including Australia and USA where our service providers are located). We ensure appropriate safeguards through standard contractual clauses with service providers and service providers certified under relevant data protection frameworks.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR.

Cookies and Tracking

1. Essential Cookies (Required)
  • Authentication: Keep you logged in
  • Session management: Maintain your app session
  • Security: Cloudflare Turnstile bot protection

These cookies are necessary for the service to function.

2. Analytics Cookies (Optional)
  • Usage tracking: Understand how users interact with features
  • Performance monitoring: Detect slow pages or errors

You can disable these in your browser settings.

Third-Party Services

We share data with these trusted service providers:

Supabase (Database)

  • Purpose: Store user account data and session records
  • Privacy: supabase.com/privacy
  • Security: ISO 27001 certified, SOC 2 Type II compliant

Railway (Application Hosting)

Cloudflare (DNS and Security)

WE DO NOT SELL YOUR DATA TO THIRD PARTIES. The service providers above are contracted to protect your data and use it only for the specific purposes stated.

Children's Privacy

BrandSwitch is intended for use by adults (18+ years) who are business professionals. We do not knowingly collect information from children under 18.

If you believe a child has provided us with personal information, contact us immediately at info@brandswitch.io and we will delete the account.

Changes to This Policy

We may update this Privacy Policy from time to time.

How We Notify You

  • Email notification to your registered email
  • In-app notification banner
  • Updated "Last Updated" date at top of this policy
  • 7 days notice before significant changes

Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact Us

Privacy Inquiries

  • Email: info@brandswitch.io
  • Legal Entity: PM Project Change Pty Ltd (ABN 83 692 182 479)
  • Response Time: Within 30 days (as required by Australian Privacy Principles)

Data Breach Notifications

If we experience a data breach that affects your personal information, we will notify you as required by Australian law (typically within 72 hours of becoming aware).

Complaints Process

  1. Contact us at info@brandswitch.io
  2. We will investigate and respond within 30 days
  3. If unsatisfied, you may escalate to the OAIC

Australian Information Commissioner

← Back to BrandSwitch View Terms of Service →