Privacy Policy

This Privacy Policy explains how Bright Wing LLC ("Bright Wing," "we," "us," or "our") collects, uses, discloses, stores, and protects information in connection with BAT, including BAT Brain, BAT Chat, content generation, crawlers, social media scheduling, websites, dashboards, integrations, and related services (the "Service").

By using the Service, you acknowledge that we process information as described in this Privacy Policy. If you use the Service on behalf of a business, agency, client, or other organization, you are responsible for ensuring that all necessary notices, consents, rights, permissions, and legal bases have been obtained.

1. Scope

This Privacy Policy applies to information collected through the Service, our website, user accounts, workspaces, connected integrations, support interactions, billing relationships, cookies, analytics tools, crawlers, and related communications. It does not apply to third-party websites, social platforms, ad platforms, AI providers, payment processors, or integrations that have their own privacy practices.

2. Who We Are

The Service is provided by Bright Wing LLC, a Wyoming limited liability company. Contact information appears at the end of this Policy.

Depending on the context, Bright Wing may act as a controller/business for account, billing, usage, security, analytics, product improvement, and business operations data. When a business customer uploads or connects personal data for processing through the Service, Bright Wing may act as a processor/service provider for that customer, and the customer remains responsible for the underlying data and instructions.

3. Age Restriction

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that a person under 18 has provided personal information, we may delete it and terminate the account.

4. Information We Collect

We may collect the following categories of information:

Account information, such as name, email address, company name, role, password or authentication information, workspace membership, account settings, and preferences.
Billing and subscription information, such as plan type, billing status, invoices, taxes, credit purchases, renewal history, and payment metadata. Payment card details may be processed by third-party payment processors rather than stored directly by us.
User Content, such as prompts, chat messages, uploaded files, internal documents, brand guidelines, marketing plans, social media assets, captions, posts, drafts, outputs, notes, client materials, and other data you submit, generate, store, connect, or import.
BAT Brain data, such as brand profiles, memory, embeddings, vector indexes, summaries, source records, competitor information, public web content, crawled content, metadata, inferred preferences, and derived insights.
Integration data, such as social media handles, page IDs, profile data, ad account metadata, OAuth tokens, permissions, refresh tokens, connected account settings, files, posts, comments, analytics, and other data made available through connected third-party services.
Crawler and public-source data, such as website text, metadata, public social media information, competitor pages, search results, source URLs, timestamps, and other publicly available or user-designated information.
Usage, device, and technical data, such as IP address, browser type, operating system, device identifiers, log files, session data, feature usage, clicks, pages viewed, referring URLs, timestamps, error reports, and diagnostic data.
Cookies and tracking data, such as authentication cookies, analytics cookies, preference cookies, advertising or retargeting pixels, and similar technologies.
Communications, such as support messages, emails, feedback, survey responses, sales communications, call notes, and other interactions with us.
Sensitive or confidential information, if you choose to submit it, such as personal data, internal business information, client information, financial information, or other sensitive materials. You are responsible for ensuring you have the right to provide such information.

5. Sources of Information

We may collect information directly from you; from your team members, collaborators, agencies, clients, or administrators; from connected integrations and third-party platforms; from payment, analytics, support, security, and infrastructure providers; from public websites and public sources; from cookies and similar technologies; and from automated processing within the Service.

6. How We Use Information

We may use information to:

Provide, operate, maintain, and improve the Service.
Create, maintain, and personalize accounts, workspaces, BAT Brain memories, brand profiles, and user settings.
Generate, summarize, classify, schedule, publish, analyze, and optimize content and campaigns.
Operate crawlers, retrieve public or user-designated information, build indexes, create embeddings, generate summaries, and improve marketing outputs.
Connect to social media, advertising, analytics, storage, and other third-party platforms at your direction.
Process subscriptions, credits, purchases, renewals, invoices, taxes, payment disputes, and account access.
Provide support, troubleshoot issues, monitor performance, communicate with users, and respond to requests.
Detect, prevent, investigate, and address fraud, abuse, spam, security incidents, policy violations, illegal activity, and misuse of the Service.
Develop, test, evaluate, train, fine-tune, monitor, debug, and improve our products, workflows, models, prompts, ranking systems, crawlers, analytics, safety systems, and AI features.
Analyze usage, measure performance, conduct research, produce aggregated or de-identified statistics, and improve user experience.
Send administrative, transactional, product, security, billing, and marketing communications, subject to available opt-outs.
Comply with legal obligations, enforce our Terms, protect rights and safety, resolve disputes, and respond to lawful requests.

7. AI Improvement and Training

We may use User Content, prompts, Outputs, BAT Brain data, usage data, crawler data, feedback, and derived data to improve, test, evaluate, train, fine-tune, monitor, and develop the Service and related AI systems, including internal models, workflows, retrieval systems, prompt systems, safety tools, evaluation datasets, and quality controls.

Where required by applicable law or a separate written agreement, we may provide additional controls, restrictions, or opt-out mechanisms. Deleting User Content may not remove aggregated data, de-identified data, backups, logs, evaluation records, derived insights, or model/system improvements already created from prior processing.

8. Cookies and Similar Technologies

We may use cookies, pixels, local storage, software development kits, analytics tools, and similar technologies to keep users signed in, remember preferences, secure accounts, measure usage, improve the Service, diagnose errors, personalize experiences, and conduct marketing or retargeting. You can control cookies through your browser settings and, where available, through our cookie banner or preference tools. Blocking cookies may affect Service functionality.

9. How We Share Information

We may disclose information to:

Service providers and subprocessors, including cloud hosting, AI infrastructure, model providers, payment processors, analytics providers, customer support tools, email providers, security vendors, data storage providers, authentication providers, and engineering contractors.
Third-party integrations you connect, such as social media platforms, ad platforms, analytics platforms, storage services, and publishing tools.
Workspace users, collaborators, team members, administrators, clients, contractors, and other people you invite or authorize.
Public audiences and third-party platforms when you use the Service to publish, schedule, distribute, or share content publicly.
Professional advisers, such as attorneys, accountants, auditors, insurers, and financial advisers.
Authorities, courts, law enforcement, regulators, or third parties where we believe disclosure is required or appropriate for legal, safety, security, enforcement, or compliance reasons.
Parties involved in a merger, acquisition, financing, restructuring, bankruptcy, sale of assets, or similar business transaction.
Affiliates, successors, and assigns.
Other parties with your consent, at your direction, or as otherwise permitted by law.
Recipients of aggregated, anonymized, or de-identified information that does not reasonably identify you.

We may share information with third parties to improve, secure, operate, analyze, and develop the Service. Some third-party providers may process information under their own terms and privacy policies.

10. Social Media, Public Posts, and Integrations

When you connect or use third-party platforms, information may flow between BAT and those platforms. The platform may collect, use, store, or disclose information according to its own terms and privacy policy. Content you publish through the Service may become public and may be copied, indexed, reshared, archived, or retained by third parties. We cannot control how third parties use publicly posted content.

11. Data Retention

We may retain information for as long as needed or permitted for the purposes described in this Privacy Policy, including to provide the Service, maintain accounts, preserve BAT Brain functionality, improve and train systems, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent abuse, support business operations, and retain backups or logs.

Unless a separate written agreement or applicable law requires otherwise, we may retain certain information indefinitely, including account records, billing records, logs, security records, analytics, derived data, aggregated or de-identified data, public-source records, model/system artifacts, and backups. After account deletion, some information may remain in backups, archives, logs, legal records, analytics systems, third-party platforms, public posts, and derived or de-identified datasets.

12. Account Deletion and Export

Users may request account deletion or export where supported by the Service or by contacting us. Deletion or export may be limited by legal requirements, technical feasibility, security needs, billing obligations, backup retention, ongoing disputes, anti-fraud obligations, and third-party platform limitations. We are not responsible for retrieving content from third-party platforms or removing content already published publicly or shared with others.

13. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission, storage, platform integration, cloud service, AI system, or authentication system is completely secure. We cannot guarantee that information will be secure, uninterrupted, error-free, or protected from unauthorized access, loss, misuse, disclosure, alteration, or destruction.

14. International Transfers

Bright Wing is based in the United States. Information may be processed, stored, and transferred in the United States and other countries where we or our service providers operate. These countries may have privacy laws different from those in your jurisdiction. Where required by law, we may use appropriate safeguards for international transfers, such as standard contractual clauses or other lawful mechanisms.

15. Your Privacy Choices and Rights

Depending on your location and applicable law, you may have rights to request access to, correction of, deletion of, portability of, restriction of, or objection to certain processing of personal information. You may also have the right to withdraw consent, opt out of marketing emails, opt out of certain sales or sharing, limit certain sensitive personal information uses, or lodge a complaint with a supervisory authority.

To exercise rights, contact us at [email protected]. We may verify your identity and may deny or limit requests where permitted by law, including where compliance would be impossible, disproportionate, technically infeasible, harmful to security or rights of others, or inconsistent with legal obligations.

16. California Privacy Notice

If California privacy laws apply to our processing of your personal information, this section provides additional information. In the preceding 12 months, we may have collected, used, and disclosed the following categories of personal information:

Category	Examples	Purposes
Identifiers	Name, email, IP address, account IDs, device identifiers, social handles.	Account, authentication, support, billing, security, integrations, analytics, marketing.
Commercial information	Plans, subscriptions, invoices, purchases, credits, payment status.	Billing, account management, fraud prevention, tax and accounting.
Internet or network activity	Usage logs, pages viewed, clicks, feature use, device data, referral URLs.	Security, analytics, product improvement, troubleshooting, personalization.
Professional or business information	Company, role, agency/client relationships, workspace information.	Account setup, collaboration, support, billing, personalization.
Content and communications	Prompts, chats, uploads, posts, drafts, outputs, support communications.	Service delivery, AI generation, BAT Brain, support, product improvement, training.
Sensitive personal information	Only if you submit it, such as confidential data, client data, or sensitive personal data.	Service delivery at your direction, support, security, legal compliance, and other disclosed purposes.
Inferences	Brand preferences, workflow patterns, marketing interests, derived insights.	Personalization, BAT Brain, content generation, analytics, product improvement.

We may disclose these categories to the recipients described in Section 9. We do not knowingly sell personal information of individuals under 18. We may use or disclose personal information for targeted advertising or analytics in a way that may be considered a "sale" or "sharing" under California law. If applicable, you may opt out through our cookie controls or by contacting us.

California residents may have rights to know/access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights, subject to legal exceptions.

17. EEA, UK, and Similar International Privacy Rights

Where GDPR, UK GDPR, or similar laws apply, our legal bases may include performance of a contract, legitimate interests, consent, compliance with legal obligations, and protection of rights and security. Legitimate interests may include providing and improving the Service, securing systems, preventing abuse, analyzing usage, developing AI features, communicating with users, and supporting business operations.

You may have rights to be informed, access, correct, erase, restrict, port, object, and withdraw consent, subject to exceptions. You may also have the right to lodge a complaint with your local data protection authority.

18. Sensitive and Confidential Information

The Service may allow you to upload or store confidential, sensitive, personal, or proprietary information. You are solely responsible for determining whether you have the right to provide such information and whether the Service is appropriate for it. Unless we sign a separate written agreement, we do not commit to special handling for sector-specific regulated data such as protected health information, payment card data, student records, financial regulatory data, or similar regulated information.

19. Marketing Communications

We may send administrative, transactional, security, billing, product, and marketing communications. You may opt out of marketing emails using the unsubscribe link or by contacting us. Even if you opt out of marketing, we may still send non-marketing communications such as account, security, legal, or billing notices.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be effective when posted or otherwise communicated unless a later date is stated. Your continued use of the Service after the update means you acknowledge the updated Policy.

21. Contact Us

Bright Wing LLC
30 N Gould St Ste R, Sheridan, WY 82801, United States
Website: https://www.usebat.ai
Contact: [email protected]

Appendix A: LinkedIn Community Management API

This Appendix A governs all data that Bright Wing LLC receives, accesses, processes, caches, or derives through the LinkedIn Community Management API and related LinkedIn application programming interfaces (collectively, "LinkedIn data"), including basic member profile data and member social activity data associated with the LinkedIn Page(s) that the authenticated user administers. Notwithstanding Section 7 (AI Improvement and Training), Section 9 (How We Share Information), and Section 11 (Data Retention), and notwithstanding any broader, more permissive, or more general statement, license, or grant appearing elsewhere in this Policy or in the Terms, the stricter, narrower, and more protective commitments set out in this Appendix A control with respect to LinkedIn data, and prevail over those sections to the extent of any conflict, ambiguity, or inconsistency. Where this Appendix A imposes a shorter retention period, a narrower permitted use, a stronger deletion obligation, or a more restrictive limitation than any other provision, this Appendix A governs.

A.1 Purpose Limitation. Bright Wing LLC uses LinkedIn data solely and exclusively to let the authenticated user manage the LinkedIn Page(s) they administer, and for no other purpose. That permitted use is limited to publishing posts, scheduling content, reading engagement metrics, and responding to comments on content the user owns. LinkedIn data is accessed only on behalf of, and at the direction of, the authorized Page admin who connected the relevant LinkedIn account, and only to render the management functions that admin has requested within BAT. Bright Wing LLC does not access, process, or use LinkedIn data for any objective, feature, analysis, product, or business activity outside this approved LinkedIn Community Management use case.

A.2 No Data Mixing and No AI Training. LinkedIn member data is never combined, joined, enriched, correlated, or cross-referenced with external datasets, third-party data sources, data brokers, other Bright Wing LLC users, or other connected platforms, and is kept logically segregated from all such data at all times. LinkedIn member data (including member profiles, posts, comments, reactions, shares, messages, and follower information) is never ingested, retained, embedded, vectorized, indexed for retrieval, transformed into technical artifacts such as vectors or metadata, fine-tuned on, or otherwise used to train, retrain, evaluate, benchmark, monitor, develop, or improve any artificial intelligence, machine learning, or large language model, whether developed, operated, or commissioned by Bright Wing LLC or by any third party. LinkedIn data is not sent to AI providers for training, fine-tuning, or model-improvement purposes. Any transient processing of LinkedIn data by an AI provider exists only to render the specific response that the authorized Page admin requested, occurs strictly in the moment of fulfilling that request, and is performed only under provider terms that impose zero-retention or no-training obligations.

A.3 Strict Data Retention Limits (LinkedIn Data Storage Requirements). Bright Wing LLC adheres to LinkedIn's Data Storage Requirements and enforces the following maximum retention windows for LinkedIn data, which apply notwithstanding any longer retention period stated in Section 11 (Data Retention). Purging under this Section A.3 is permanent and irreversible and is not a soft-delete, archival, or recoverable-state operation:

Member social activity data (posts, comments, reactions, and shares) is stored for a maximum of 48 hours.
Basic member profile data (name, headline, profile picture, and public identifier) is stored for a maximum of 24 hours.
After the applicable window elapses, the data is automatically and permanently purged from active systems without requiring any user action.
Authorization tokens (including OAuth access and refresh tokens) are retained only for as long as the connection remains active, and are deleted immediately upon disconnection or revocation.
Where LinkedIn data must be re-displayed inside BAT after its retention window has elapsed, it is re-fetched live from LinkedIn at the time of display rather than served from storage.

A.4 Data Minimization and Approved Purpose. Bright Wing LLC collects, accesses, and retains only the minimum LinkedIn data necessary for the approved LinkedIn Community Management use case described in Section A.1, and prohibits, both as a matter of internal policy and contractually, the use of LinkedIn data for any of the following:

Advertising, ad targeting, retargeting, or building, modeling, or enriching advertising audiences.
Lead generation, prospecting, sales intelligence, or identifying, ranking, or scoring sales prospects.
Surveillance, monitoring of individuals, background checks, or employment, credit, insurance, or other eligibility decisions.
Resale, licensing, syndication, brokering, or transfer of LinkedIn data to any third party.
Training, evaluating, or improving artificial intelligence or machine learning models (see Section A.2).

A.5 Immediate Deletion on Revocation or Request. If the user revokes Bright Wing LLC's access to LinkedIn (whether through LinkedIn's permitted applications page or through BAT's Integrations settings), closes their account, or requests deletion, all LinkedIn-derived data associated with that user, including cached profile data, cached engagement data, authorization tokens, and any derived records, is purged from active systems immediately. Any residual copies persisting in time-limited, encrypted backups are overwritten on the ordinary backup rotation schedule, are inaccessible for production use in the interim, are not used in production in the interim, and are not read, restored, queried, or otherwise used in production at any point before they are overwritten.

A.6 Compliance. Bright Wing LLC's access to and use of LinkedIn data is subject to the LinkedIn API Terms of Use and the LinkedIn Developer Agreement. To submit a deletion request for LinkedIn-derived data, or to ask any question about this Appendix A, contact [email protected].

Appendix B: Meta Platform APIs (Facebook Pages and Instagram Graph API)

This Appendix B governs all Platform Data that Bright Wing LLC receives from, or processes through, the Meta Graph API and related Meta platform endpoints in connection with BAT, including the Facebook Pages API and the Instagram Graph API for Instagram Business and Creator accounts, together with associated Business assets ("Meta Platform Data"). Notwithstanding Section 7 (AI Improvement and Training), Section 9 (How We Share Information), and Section 11 (Data Retention), and notwithstanding any other broader, more permissive, or more general statement anywhere else in this Policy or in the Terms, the stricter and more specific commitments set out in this Appendix B control with respect to Meta Platform Data to the extent of any conflict, and no provision of Section 7, Section 9, or Section 11, and no other provision of this Policy or the Terms, shall be read to expand, dilute, override, qualify, or create an exception to the limitations stated here.

B.1 Purpose Limitation. Meta Platform Data is used solely to let the authenticated user manage the Facebook Pages, Instagram Business and Creator accounts, and Business assets that the user administers. The approved purposes are limited to publishing content, scheduling content, reading first-party engagement and insights, and reading and responding to comments on content the user owns. Bright Wing LLC does not access, request, derive, or use Meta Platform Data for any purpose beyond enabling the authenticated administrator to operate the Pages, accounts, and Business assets under that administrator's own control, and does not use Meta Platform Data to provide any service to, or for the benefit of, any person other than the administrator who authorized the connection.

B.2 Scope and Permissions. Bright Wing LLC requests only the Meta permissions strictly necessary to deliver the approved use case for the features the user has enabled, and requests no permission that is not strictly necessary for that approved use case. The permissions are the following:

pages_show_list
pages_read_engagement
pages_read_user_content
pages_manage_posts
pages_manage_engagement
pages_manage_metadata
read_insights
instagram_basic
instagram_content_publish
instagram_manage_comments
instagram_manage_insights
business_management

B.3 No Data Mixing and No AI Training. Meta Platform Data is never combined, joined, enriched, or cross-referenced with external datasets, third-party data sources, data brokers, other BAT users, or any other platform. Meta Platform Data is never ingested, retained, embedded, vectorized, fine-tuned on, transformed into technical artifacts such as vectors or metadata for model purposes, or otherwise used to train, retrain, evaluate, or improve any artificial intelligence, machine learning, or large language model, whether developed or operated by Bright Wing LLC or by any third party. Meta Platform Data is not sold, licensed, or shared with any third party except as strictly required to operate the service for the authorizing administrator, and is not sent to any AI provider for training, fine-tuning, or evaluation purposes. Any transient processing of Meta Platform Data by an AI provider occurs solely to render the specific response requested by the authorized Page, account, or Business administrator, is limited to that immediate request, and is governed by the provider's zero-retention or no-training contractual terms, with no copy, derivative, vector, embedding, or model improvement created or retained from that processing.

B.4 Data Retention (Meta Platform Terms). Consistent with the Meta Platform Terms requirement to retain Platform Data only as long as necessary for the approved use case, Bright Wing LLC applies the following limits:

Third-party engagement events, meaning comments, reactions, mentions, and replies authored by persons other than the administrator on a managed Page or account, are stored for a maximum of 30 days, after which they are automatically purged from active systems.
Profile data of non-admin commenters or engagers (name, username, profile picture, and Meta user identifier) is stored for a maximum of 30 days, after which it is automatically purged.
Insights and analytics are retained only as aggregated, de-identified metrics, with no raw user-level breakdowns retained beyond the 30-day engagement window.
Content authored by the administrator through BAT (drafts, scheduled posts, and posts published through BAT) is workspace data that the administrator owns, is retained for the lifetime of the workspace, and is deletable by the administrator at any time.
OAuth tokens, Page tokens, and System User tokens are retained only while the connection remains active and are deleted on disconnection or token revocation.
Where Meta Platform Data must be re-displayed inside BAT after any of these windows, it is re-fetched live from the Meta Graph API rather than served from a stored copy.

B.5 Data Minimization and Approved Purpose. Meta Platform Data is used strictly for the approved purpose of helping the authenticated user manage the Facebook Pages, Instagram Business and Creator accounts, and Business assets the user administers. Bright Wing LLC does not use Meta Platform Data for, and contractually prohibits the use of Meta Platform Data for, any of the following:

Advertising, ad targeting, custom audience building, or lookalike modeling outside Meta's own Ads APIs as explicitly authorized by the user.
Lead generation, prospecting, sales intelligence, or identifying or scoring prospects.
Surveillance, monitoring of individuals, background checks, or employment, credit, insurance, housing, or other eligibility decisions.
Resale, licensing, syndication, or transfer of Meta Platform Data to any third party.
Training, evaluating, or improving any artificial intelligence or machine learning model (see Section B.3).
Any use prohibited by the Meta Platform Terms or the Meta Developer Policies.

B.6 Immediate Deletion and Deauthorization. If the user revokes access (via the Business Integrations or Apps and Websites settings on Facebook or Instagram, or via the BAT Integrations settings), uninstalls the app, closes the account, or requests deletion, all Meta Platform Data associated with that user, including cached profile and engagement data, OAuth and Page tokens, and any derived records, is purged from active systems immediately and in any case within the time required by the Meta Platform Terms. Bright Wing LLC implements and honors Meta's deauthorization callback and Data Deletion Request Callback, so that Meta's notification that a user has removed the app or requested deletion triggers the same deletion routine automatically, without requiring any further action by the user, and returns the confirmation that Meta requires. Residual copies in encrypted, time-limited backups are overwritten on the backup rotation schedule and are not accessible for production use in the interim.

B.7 Data Deletion Instructions. Meta requires that we give users explicit instructions for requesting deletion of their data. You may request deletion of all Meta Platform Data associated with your BAT account at any time, whether or not you currently have BAT installed, by either of the following methods: (a) remove BAT from your Business Integrations or Apps and Websites settings inside Facebook or Instagram, which triggers automatic deletion on our side through Meta's deauthorization and Data Deletion Request callbacks; or (b) email [email protected] from the email address associated with your BAT account, using the subject line Meta Data Deletion Request, so that we can verify your identity against the authorizing account before we act. Bright Wing LLC confirms completion of the deletion within the time window required by Meta and provides a confirmation reference where Meta requires one.

B.8 Compliance. Bright Wing LLC's use of the Meta Graph API is subject to the Meta Platform Terms, the Meta Developer Policies, and the product-specific policies for Facebook Login, the Pages API, the Instagram Graph API, the Marketing API (where applicable), and the Messenger Platform (where applicable). See the Meta Platform Terms and the Meta Developer Policies. The same data-handling commitments stated in this Appendix B extend to any other Meta-owned Graph endpoints that BAT may connect to, including the WhatsApp Business Platform and Threads, if and when the user authorizes them.

Appendix C: Pinterest API

This Appendix C governs all data that Bright Wing LLC receives, accesses, processes, caches, or derives through the Pinterest API and related Pinterest application programming interfaces (collectively, "Pinterest data"), including the authenticated user's profile data, the boards and Pins they own, and first-party engagement and analytics on that content. Notwithstanding Section 7 (AI Improvement and Training), Section 9 (How We Share Information), and Section 11 (Data Retention), and notwithstanding any broader, more permissive, or more general statement, license, or grant appearing elsewhere in this Policy or in the Terms, the stricter, narrower, and more protective commitments set out in this Appendix C control with respect to Pinterest data, and prevail over those sections to the extent of any conflict, ambiguity, or inconsistency. Where this Appendix C imposes a shorter retention period, a narrower permitted use, a stronger deletion obligation, or a more restrictive limitation than any other provision, this Appendix C governs.

C.1 Purpose Limitation. Bright Wing LLC uses Pinterest data solely and exclusively to let the authenticated user manage the Pinterest account they own, and for no other purpose. That permitted use is limited to (a) reading the user's own boards, Pins, and basic profile data so the user's existing Pinterest content can be indexed into their BAT workspace as a strategy and inspiration source alongside the other platforms they have connected, (b) creating and scheduling Pins on boards the authenticated user owns, on the user's behalf and only at times the user scheduled, and (c) reading first-party analytics on the user's own Pins and boards so the user can see how their Pinterest content is performing inside BAT's unified calendar and analytics view. Pinterest data is accessed only on behalf of, and at the direction of, the authorizing account holder, and only to render the management functions that account holder has requested within BAT. Bright Wing LLC does not access, process, or use Pinterest data for any objective, feature, analysis, product, or business activity outside this approved use case, does not post to accounts the user does not own, does not run ads through Pinterest, and does not act on behalf of any party other than the authorizing account holder.

C.2 No Data Mixing and No AI Training. Pinterest data is never combined, joined, enriched, correlated, or cross-referenced with external datasets, third-party data sources, data brokers, other Bright Wing LLC users, or other connected platforms, and is kept logically segregated from all such data at all times. Pinterest data (including profile data, boards, Pins, captions, alt text, board sections, Pin analytics, and any engagement signals) is never ingested, retained, embedded, vectorized, indexed for retrieval, transformed into technical artifacts such as vectors or metadata, fine-tuned on, or otherwise used to train, retrain, evaluate, benchmark, monitor, develop, or improve any artificial intelligence, machine learning, or large language model, whether developed, operated, or commissioned by Bright Wing LLC or by any third party. Pinterest data is not sent to AI providers for training, fine-tuning, or model-improvement purposes. Any transient processing of Pinterest data by an AI provider exists only to render the specific response that the authorizing account holder requested, occurs strictly in the moment of fulfilling that request, and is performed only under provider terms that impose zero-retention or no-training obligations. Indexing the user's own Pinterest content into their BAT workspace brain for the user's own retrieval inside their own workspace is not, and shall not be construed as, AI training under this Section C.2.

C.3 Scope and Permissions. Bright Wing LLC requests only the Pinterest permissions strictly necessary to deliver the approved use case for the features the user has enabled, and requests no permission that is not strictly necessary for that approved use case. The permissions are the following:

Read-level access to the authenticated user's profile, boards, Pins, and first-party analytics, used to display the user's own Pinterest content and performance inside BAT and to index that content into the user's BAT workspace brain.
Write-level access to create, schedule, edit, and delete Pins and boards that the authenticated user owns, used only to publish content the user has authored or approved inside BAT.

C.4 Data Retention. Bright Wing LLC retains Pinterest data only as long as necessary for the approved use case and applies the following limits, which apply notwithstanding any longer retention period stated in Section 11 (Data Retention):

Authorization tokens (OAuth access and refresh tokens) are retained while the connection remains active and are deleted within 24 hours of revocation, disconnection, account deletion, or token rotation.
Cached profile, board, and Pin metadata for the connected account are retained while the connection is active so the user's workspace and calendar render without per-request fetches, and are deleted within 30 days of disconnection or account deletion.
First-party analytics snapshots used to render BAT's calendar and analytics views are retained for the period necessary to display historical trends to the authenticated user, and are deleted within 30 days of disconnection or account deletion.
Where Pinterest data must be re-displayed inside BAT after its retention window has elapsed, it is re-fetched live from Pinterest at the time of display rather than served from storage.

C.5 Data Minimization and Approved Purpose. Bright Wing LLC collects, accesses, and retains only the minimum Pinterest data necessary for the approved use case described in Section C.1, and prohibits, both as a matter of internal policy and contractually, the use of Pinterest data for any of the following:

Advertising, ad targeting, custom audience building, lookalike modeling, or audience segmentation of any kind.
Building, training, fine-tuning, evaluating, or benchmarking any artificial intelligence, machine learning, or large language model, whether developed by Bright Wing LLC or any third party.
Resale, licensing, syndication, brokering, or transfer of Pinterest data to any third party.
Operating any analytics, observability, or business-intelligence product for any party other than the authorizing account holder.
Any use prohibited by the Pinterest Developer Guidelines, the Pinterest API Terms of Service, or the Pinterest Acceptable Use Policy.

C.6 Immediate Deletion on Revocation or Request. If the user revokes Bright Wing LLC's access to Pinterest (whether through Pinterest's connected-apps settings or through BAT's Integrations settings), closes their account, or requests deletion, all Pinterest-derived data associated with that user, including cached profile data, cached board and Pin metadata, cached analytics, authorization tokens, and any derived records, is purged from active systems immediately. Any residual copies persisting in time-limited, encrypted backups are overwritten on the ordinary backup rotation schedule, are inaccessible for production use in the interim, are not used in production in the interim, and are not read, restored, queried, or otherwise used in production at any point before they are overwritten.

C.7 Data Deletion Instructions. You may request deletion of all Pinterest data associated with your BAT account at any time, whether or not you currently have BAT connected to Pinterest, by either of the following methods: (a) disconnect Pinterest from inside BAT's Integrations settings, or revoke BAT from your Pinterest connected-apps settings, which triggers automatic deletion on our side; or (b) email [email protected] from the email address associated with your BAT account, using the subject line Pinterest Data Deletion Request, so that we can verify your identity against the authorizing account before we act.

C.8 Compliance. Bright Wing LLC's access to and use of Pinterest data is subject to the Pinterest Developer Guidelines, the Pinterest API Terms of Service, and the Pinterest Acceptable Use Policy. To submit a deletion request for Pinterest-derived data, or to ask any question about this Appendix C, contact [email protected].

BAT Privacy Policy