What you're trusting us with, honestly.
Agencies running multiple clients through Brandflux carry the brand-isolation promise downstream. This page documents what we hold true today, what is on the roadmap, and what is still pending verification. We would rather under-claim and ship the page than puff it up.
Per-brand isolation, not just per-tenant.
All Brandflux endpoints are HTTPS-only with TLS 1.2+ enforced. HSTS headers prevent downgrade attempts.
Customer assets and generated outputs are stored at rest with provider-managed encryption. Specifics on KMS provider and key rotation will be published once confirmed.
Every Brand DNA is scoped to its workspace. There is no shared library by default and no cross-brand reads at render time. Brand bleed is a product failure mode, not a configuration concern.
Brandflux does not feed customer uploads or generated outputs back into shared model training. Generation runs scoped to the workspace.
On the roadmap, not the homepage.
We are an early-stage product. We have not earned the right to put compliance badges on the site yet. When we do, this section will name the framework, the auditor, and the report availability path. Today: GDPR-aligned data handling, DPA available on request.
Target window will be published after the audit window is finalised.
EU customer data is handled under GDPR principles. Reach out for the data-processing details relevant to your DPIA.
Email trust@brandflux.ai for a Data Processing Agreement. We will reply within one business day.
Status page in flight.
We will link a public status page from this section as soon as it is live. Studio plans include a contractual SLA negotiated alongside the order form. Reach out if you need availability commitments before the public page ships.
The full list, once verified.
We will publish the full sub-processor list (hosting, billing, AI providers, email) alongside the data-residency notes once each provider is confirmed by engineering. In the meantime, the categories below show what to expect. Email trust@brandflux.ai for the current concrete list.
| Category | Purpose | Provider |
|---|---|---|
| Hosting / CDN | Static delivery, edge compute | Pending |
| Billing | Subscriptions, invoices, tax remit | Pending |
| AI providers | DNA-scoped generation | Pending |
| Transactional email | Account, billing, review notifications | Pending |
Public listings ship when they are real.
We do not embed third-party review badges that have no reviews behind them. When the G2, Capterra, and Product Hunt listings hit a real review count, the badges will appear here and across the pricing page. For now: read the customer stories the team published with real metrics.
Found something? Tell us first.
Email security@brandflux.ai with a description and reproduction steps. We acknowledge within one business day, keep you posted while we fix, and credit you in our changelog if you would like the attribution.
Questions buyers ask before they sign.
Is each client brand isolated from every other client brand?
Yes. Each Brand DNA scopes its own assets, prompts, and outputs. There is no shared library by default and no cross-brand reads when we render variations. Cross-brand bleed is a brand-promise failure mode, not just a data-residency concern, so it is a first-class boundary in the product.
Do you train models on customer content?
No. Customer content (uploads, generations, brand assets) is not used to train shared models. DNA-anchored generation runs against the customer scope only.
How do guest reviewer magic links work safely?
Guest reviewer links are per-campaign scoped. They cannot list other campaigns, other clients, or settings. Owners can revoke any link at any time from the workspace settings.
Where is data stored?
Customer data is hosted on Cloudflare-backed infrastructure with standard at-rest encryption. Region pinning is available on Enterprise plans.