BramforthSocial← Back to home

Privacy Policy

Last updated: 23 May 2026

Version 1.0

1. Who we are

Bramforth Social is a product operated by Jimeny Enterprises Ltd(trading as "Bramforth AI"), a company registered in England and Wales. References to "we", "us", or "our" in this policy refer to Jimeny Enterprises Ltd as the data controller for Bramforth Social.

Registered office: 86-90 Paul Street, London, EC2A 4NE, United Kingdom

Service URL: social.bramforth.ai

Data protection contact: privacy@bramforth.ai

We are committed to protecting your personal data in line with UK GDPR and the Data Protection Act 2018.

2. What information we collect

Account information

  • Email address (used for sign-in via magic link)
  • Display name (optional)
  • Timestamps for account creation and last sign-in

Platform connection data

When you connect a social media account (TikTok, LinkedIn, Meta, X/Twitter, YouTube), we store:

  • OAuth access tokens and refresh tokens issued by the platform
  • The platform user ID and basic profile fields (e.g. username, display name, avatar URL) returned during the OAuth flow
  • The scopes you granted
  • Token expiry timestamps

Tokens are stored encrypted and used only to perform actions you initiate within Bramforth Social.

Content you create

  • Post text, captions, hashtags, and metadata you enter
  • Media you upload (images, video files) — stored temporarily during upload and then forwarded to the destination platform
  • The IDs and URLs of posts you have published
  • Scheduling information (publish times, status)

Technical data

  • IP address and approximate location (country level)
  • Browser and device type
  • Service logs (error logs, API call records) for diagnostics and abuse prevention

3. Data accessed from connected platforms

When you connect a social media account to Bramforth Social, we request only the permissions necessary for the features you use. Data accessed via these connections includes:

  • Profile data: your platform user ID, username, display name, avatar — used to label connected accounts in the dashboard.
  • Post publishing endpoints: used to upload media and create posts on your behalf, only when you explicitly publish from Bramforth Social.
  • Post metrics: view counts, likes, comments, shares, follower counts, and other publicly-available engagement data — used to populate the analytics dashboard.
  • Post lists: the IDs and metadata of posts on your account — used to back-fill analytics history when you first connect.

We do not access your private messages, your followers' personal data, or any content you have not chosen to share through Bramforth Social. We do not use platform data for advertising, profiling, or sale to third parties.

4. TikTok-specific data handling

Where you connect a TikTok account, Bramforth Social interacts with TikTok's APIs in line with the TikTok Developer Terms of Service and the TikTok Privacy Policy. Specifically:

  • Scopes we request: user.info.basic, user.info.profile, user.info.stats, video.publish, video.upload, and video.list. We request these only after you click "Connect TikTok" in the dashboard.
  • How TikTok data is used: to publish videos you compose in Bramforth Social, to label your connected TikTok account in the dashboard, and to fetch metrics for the posts you have published. TikTok data is never used for advertising, profiling, sale to third parties, or any purpose other than providing the Bramforth Social service to you.
  • How TikTok data is stored: TikTok access and refresh tokens are encrypted at rest in our database (hosted by Supabase). Cached metrics and post identifiers are stored alongside your account record. Uploaded video files are stored only transiently for the duration of the upload to TikTok and are deleted immediately after.
  • How TikTok data is shared: we do not share TikTok user data with any third party. The only parties involved in processing TikTok data are our infrastructure sub-processors listed in Section 6.
  • How to revoke access: you can disconnect TikTok at any time from the Bramforth Social dashboard. Doing so deletes the stored TikTok tokens and stops any further access to your TikTok account. You can also revoke access directly from TikTok's connected applications page.
  • How to delete your TikTok data from Bramforth Social: contact privacy@bramforth.ai and we will erase all TikTok-derived data associated with your account within 30 days. See Section 8 for the full deletion process.

5. How we use your information

We use your information for the following purposes:

PurposeLegal basis (UK GDPR)
Providing the Bramforth Social service (sign-in, posting, scheduling, analytics)Performance of contract (Art. 6(1)(b))
Storing OAuth tokens and acting on your behalf on connected platformsPerformance of contract (Art. 6(1)(b))
Service security, abuse prevention, and diagnosticsLegitimate interests (Art. 6(1)(f))
Meeting legal and regulatory obligations (e.g. accounting records)Legal obligation (Art. 6(1)(c))

6. Who we share information with

We do not sell personal data. We share data only with the infrastructure sub-processors that operate Bramforth Social:

  • Supabase (database, authentication) — UK/EU and US regions, GDPR-compliant.
  • Vercel (web hosting for the dashboard) — global edge network.
  • Render (backend posting service) — US-hosted, GDPR-compliant.
  • The connected social platforms themselves — TikTok, LinkedIn, Meta (Facebook / Instagram), X (Twitter), YouTube — when you publish posts or fetch metrics.

We may also disclose data where required to do so by law, court order, or to protect our rights, property, or safety.

7. How long we keep data

  • Account data: retained while your account is active and for 30 days after account deletion.
  • OAuth tokens: retained until you disconnect the platform or delete your account, whichever is sooner.
  • Content you have published: the references and IDs we hold are retained while your account is active; you can delete them individually at any time.
  • Uploaded media: deleted from our infrastructure immediately after upload to the destination platform completes.
  • Service logs: retained for up to 90 days for diagnostics and abuse prevention.

8. Data deletion and disconnection

You have two routes to delete data we hold about you:

Disconnect a single platform

From the Bramforth Social dashboard, choose "Disconnect" on the connected platform. We delete the stored OAuth tokens immediately and cease all further access to that platform. Cached profile data and metrics for posts published via Bramforth Social will be retained until account deletion (see below) unless you ask us to remove them sooner.

Delete your full account

Email privacy@bramforth.ai from the address associated with your account. We will:

  • Confirm your identity
  • Delete all OAuth tokens immediately
  • Delete all personal data, content references, and metrics within 30 days
  • Send written confirmation when deletion is complete

Deletion of your account in Bramforth Social does not delete content you have already published on the connected platforms — those remain under your control on each platform.

9. Security

  • All traffic between your browser and our service is encrypted with TLS.
  • OAuth tokens are encrypted at rest in our database.
  • Database access is restricted by Supabase Row Level Security policies — your data is only accessible to your authenticated session.
  • Access to production systems is restricted to authorised personnel.

10. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Have your data erased (see Section 8)
  • Restrict or object to certain processing
  • Receive a portable copy of your data
  • Withdraw consent at any time
  • Complain to the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, contact privacy@bramforth.ai.

11. International transfers

Some of our sub-processors (notably Vercel and Render) operate in the United States. Where personal data is transferred outside the UK, we rely on adequacy decisions, Standard Contractual Clauses, or other safeguards permitted under UK GDPR. The social platforms themselves process data globally according to their own privacy policies.

12. Children's data

Bramforth Social is not directed at children under 18 and we do not knowingly collect personal data from anyone under 18. If you believe a child has provided data to us, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. Material changes will be notified to you by email or by an in-app notice. The "Last updated" date at the top of this page reflects when the policy last changed.

14. Contact us

For any privacy-related question, request, or complaint:

Email: privacy@bramforth.ai

Post: Jimeny Enterprises Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom