Privacy Policy
This policy explains what Bromley.ai collects, why, and the choices you have. We keep it short and concrete on purpose.
Who we are
Bromley.ai ("Bromley", "we", "us") provides AI specialists that audit how your website appears in AI answers and search, grounded in data you choose to connect. This policy covers bromley.ai and the Bromley app.
What we collect
- Account information — your email and, if you sign in with single sign-on, the identifier your provider returns.
- Data from tools you connect — when you authorize a connector (for example Google Search Console or your analytics), we read the data needed to run your audit. We request read-only access wherever the provider offers it.
- Audit content — the domains, queries, and findings produced when you run an audit.
- Usage and device data — basic logs (pages requested, timestamps, IP address) needed to operate and secure the service.
How we use it
- To run your audits and produce your reports.
- To operate, secure, and improve the service.
- To communicate with you about your account and support requests.
Who we share it with
We share data only with service providers that help us run Bromley, under contract and only as needed:
- Hosting and infrastructure — to run the application and database.
- Connector authorization — Composio, to broker the OAuth connections you approve.
- Payments — Stripe, which processes billing. We never receive or store your full card number.
- Authentication — Clerk, if your workspace uses single sign-on.
- AI providers — to generate parts of your report. We send the evidence needed for the analysis, not your credentials.
We may also disclose data if required by law or to protect the rights and safety of our users.
Google user data
When you connect a Google service (such as Google Search Console), Bromley's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We request only the read-only Google data needed to run your audit.
- We use Google user data solely to provide the audit features you connected it for.
- We do not transfer or sell Google user data, except as needed to provide the service to you, for security, or to comply with law.
- We do not use Google user data for advertising, and we do not use it to train generalized AI or machine-learning models.
- You can revoke our access at any time from your Google account or from within Bromley.
International users
Bromley is operated from, and your data is processed in, the regions where our infrastructure providers run. If you use Bromley from outside those regions, you consent to processing your data there to provide the service.
Security
We encrypt data in transit, restrict access to your data to what is needed to operate the service, and store credentials and tokens securely. No system is perfectly secure, but we work to protect your information and to limit what we hold.
Data retention
We keep your account and audit data while your account is active. You can ask us to delete your data or disconnect a tool at any time; revoking a connector from the provider also cuts off our access going forward.
Your choices
- Access, correct, or delete your data — email us and we will help.
- Disconnect any connected tool at any time, from Bromley or from the provider.
- Close your account, which removes your workspace data.
Cookies
We use a small number of strictly necessary cookies to keep you signed in and to keep the app working. We do not use advertising cookies.
Children
Bromley is a business tool and is not directed to children under 16.
Changes
If we make material changes to this policy, we will update the date above and, where appropriate, notify you. Continued use of Bromley after a change means you accept the updated policy.
Contact
Questions about privacy? Email hello@bromley.ai.