Building tools that deepen our connection to ourself, each other, and the nature we share.
© 2025 Cre8ive Origins. All rights reserved.
Updated: April 21st, 2026
Building tools that deepen our connection to ourself, each other, and the nature we share.
© 2025 Cre8ive Origins. All rights reserved.
Brand OS — Privacy Policy
Effective Date: April 21, 2026 | Last Updated: April 21, 2026
1. Introduction
Brand OS ("we," "our," or "us") is an AI-powered brand presentation platform that helps users
create, manage, and distribute branded content. This Privacy Policy describes how we collect,
use, store, and protect your information when you use our application and its integrations,
including the Pinterest API integration.
By using Brand OS, you consent to the practices described in this policy.
2. Information We Collect
Account Information: When you sign up, we collect your email address, display name, and
authentication credentials managed securely through our authentication provider.
Brand Data: Brand profiles you create, including brand names, color palettes, font preferences,
tone of voice, visual aesthetic descriptions, and uploaded brand assets (logos, images).
Presentation Data: Prompts, generated presentations, feedback ratings, and preference text you
provide to improve future outputs.
Pinterest Data (when connected): When you connect your Pinterest account via OAuth 2.0, we
access:
• Your Pinterest username and account identifier
• List of your Pinterest boards (board names and IDs)
• Pin creation and scheduling capabilities on your behalf
We do not collect or store your Pinterest password. Authentication is handled entirely through
Pinterest's secure OAuth 2.0 flow.
Children's Map Data: When a parent or legal guardian uses our gift certificate or children's map
features, they may provide their child's name and birth date. This information is provided solely by
the parent/guardian and is used only to generate the child's personalized map.
Usage Data: We may collect analytics on feature usage to improve the service.
3. How We Use Your Information
We use the information we collect to:
• Provide and operate the Brand OS platform and its features
• Generate AI-powered presentations tailored to your brand
• Connect to your Pinterest account to create and schedule pins on your behalf
• List your Pinterest boards so you can select where to publish pins
• Generate personalized children's maps when requested by a parent or guardian through gift
certificates
• Learn from your feedback to improve future presentation and content quality
• Communicate with you about your account and service updates
• Ensure security, prevent fraud, and comply with legal obligations
4. Pinterest API Usage
Brand OS integrates with the Pinterest API v5 to provide pin creation and scheduling features.
Specifically:
Scopes Requested: We request the following Pinterest API permissions: boards:read, pins:read,
pins:write, and user_accounts:read.
Data Access: We access your board listings to let you choose a target board, and we create or
schedule pins on your behalf using the content and images you provide within Brand OS.
Token Storage: Your Pinterest OAuth access and refresh tokens are stored securely in our
database, encrypted at rest, and scoped to your user account. Tokens are only used to perform
actions you explicitly initiate.
Token Refresh: Access tokens are automatically refreshed using your refresh token when they
expire, ensuring uninterrupted service without requiring you to re-authenticate.
No Selling of Data: We do not sell, rent, or share your Pinterest data with any third parties. Your
Pinterest data is used exclusively to provide the pin scheduling features within Brand OS.
Disconnection: You can disconnect your Pinterest account at any time from the Brands page.
Upon disconnection, we immediately delete your stored Pinterest tokens and associated
connection data.
5. Data Storage and Security
Your data is stored in secure, managed cloud infrastructure with the following protections:
• Encryption at rest for all stored data, including OAuth tokens
• Encryption in transit using TLS/HTTPS for all API communications
• Row-Level Security (RLS) policies ensuring users can only access their own data
• Secure authentication with session management and automatic token refresh
• Regular security reviews and updates to maintain data protection standards
6. Data Sharing
We do not sell or rent your personal information. We may share data only in the following
circumstances:
• Service Providers: With trusted infrastructure providers (cloud hosting, database services)
that process data on our behalf under strict data protection agreements
• Pinterest API: To perform pin creation and scheduling actions you explicitly request
• AI Providers: Prompt text (not personal data) may be sent to AI services for presentation
generation and feedback analysis
• Legal Requirements: When required by law, court order, or governmental request
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services:
• Account and brand data: Retained until you delete your account or specific brands
• Pinterest tokens: Retained while your Pinterest account is connected; deleted immediately
upon disconnection
• Presentation data: Retained until you delete individual presentations or your account
• Children's map data: Retained only as long as needed to deliver the map; parents may
request deletion at any time
• Feedback and preferences: Retained to improve service quality; deleted with your account
You may request deletion of your data at any time by contacting us.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data and account
• Disconnect: Remove your Pinterest connection at any time, which immediately deletes
stored tokens
• Portability: Request an export of your data in a machine-readable format
• Withdraw Consent: Withdraw consent for data processing at any time
• Parental Rights: Parents and legal guardians may review, modify, or request deletion of any
data provided about their child at any time
To exercise any of these rights, please contact us using the information in Section 11.
9. Children's Privacy
Brand OS is committed to protecting the privacy of children and complies with the Children's
Online Privacy Protection Act (COPPA) and applicable international laws regarding children's
data.
Our Services Involving Children. Brand OS offers gift certificates and a children's map feature
designed to be purchased and used by parents and legal guardians — for example, as gifts for
new parents or for a child's first birthday. These features allow a parent or guardian to generate a
personalized map for their child.
Children Do Not Use the Service Directly. Brand OS is not intended to be used by children
under the age of 13 (or the applicable age of digital consent in your jurisdiction). All data related to
a child is submitted by a parent or legal guardian on the child's behalf. Children do not create
accounts, log in, or interact with the platform.
Data We Collect About Children. When a parent or guardian uses the children's map feature,
they may provide limited information about their child, such as the child's first name and date of
birth. We collect only the minimum data necessary to generate the requested map.
How We Use Children's Data. Children's data is used solely to generate the personalized map
requested by the parent or guardian. We do not use children's data for marketing, advertising,
profiling, or any purpose other than delivering the requested service.
No Direct Marketing to Children. All marketing for gift certificates and children's map features is
directed exclusively at parents, guardians, and adult gift-givers — never at children.
Parental Consent and Control. By purchasing a gift certificate or using the children's map
feature, the parent or guardian provides verifiable consent for the limited collection and use of their
child's information as described above. Parents and guardians may at any time:
• Review the data we hold about their child
• Request correction of any inaccurate information
• Request deletion of all data related to their child
• Withdraw consent for further data collection or use
To exercise any of these rights, please contact us using the information in Section 11.
Data Retention. Children's data is retained only for as long as necessary to deliver the children's
map. Upon request by the parent or guardian, or upon account deletion, all children's data is
promptly and permanently deleted.
Accidental Collection. If we become aware that we have collected personal information from a
child without proper parental consent, we will take immediate steps to delete that information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will
notify you by updating the "Last Updated" date at the top of this policy and, where appropriate,
providing additional notice (such as an in-app notification or email).
Your continued use of Brand OS after changes are posted constitutes acceptance of the updated
policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices,
please contact us at:
Cre8ive Origins - DBA McGivney Media LLC
Email: [email protected]
Address: 15640 NE Fourth Plain Blvd, Ste 106 #630, Vancouver, WA 98682, United States
— End of Privacy Policy —