Do Good Brands LLC
Privacy Policy
Effective date: May 5, 2026 · Last updated: May 5, 2026
This Privacy Policy describes how Do Good Brands LLC ("Do Good Brands," "we," "us," or "our") collects, uses, and shares information in connection with the Do Good Dashboard service available at https://dashboard.dogoodbrands.biz (the "Service").
The Service is a private, internal analytics tool that aggregates data from the digital platforms our clients use — including social media, podcast hosting, email marketing, website analytics, video hosting, live streaming, donation and giving platforms, review platforms, and similar services — and presents that data in unified dashboards and reports. The Service is not offered to the general public; access is provisioned by Do Good Brands directly to authorized client representatives.
1. Who this policy applies to
This policy applies to two groups:
- Authorized Service users — Do Good Brands staff and designated client representatives who log in to the Service via Google to view dashboards.
- Client organizations — businesses, churches, nonprofits, and other entities that engage Do Good Brands and whose accounts on supported platforms are connected to the Service.
This policy does not apply to end users of our clients' social media pages, podcasts, email lists, websites, video channels, livestreams, donation pages, or review listings. Those individuals interact with our clients directly, and our clients' own privacy policies and the policies of the underlying platforms govern the collection and use of their information by those platforms.
2. Information we collect
2.1 Information from authorized Service users
When an authorized user signs in to the Service through Google OAuth, we receive:
- Name
- Email address
- Google account ID
- Profile picture URL
We use this information solely to authenticate the user and control access to the dashboard.
2.2 Information from connected platform accounts
When a client representative connects an account to the Service, the connecting user authorizes the Service through that platform's OAuth flow (or, where OAuth is not offered, by providing an API key). We receive the credentials issued by the platform, and we use those credentials to retrieve the data the client has authorized us to access.
The Service is designed to work with a wide range of platforms our clients use to communicate with their audiences. The categories of platforms we currently support or may support in the future include:
- Social media platforms — including but not limited to Facebook, Instagram, TikTok, YouTube, LinkedIn, Pinterest, Threads, Bluesky, and X (Twitter)
- Podcast hosting platforms — including but not limited to Podbean, Spotify for Podcasters, Buzzsprout, Anchor, and Transistor
- Email marketing platforms — including but not limited to Mailchimp, Constant Contact, ConvertKit, ActiveCampaign, and Klaviyo
- Website and product analytics platforms — including but not limited to Google Analytics 4, Plausible, Fathom, and Adobe Analytics
- Video hosting platforms — including but not limited to YouTube, Vimeo, Wistia, and Loom
- Live streaming platforms — including but not limited to Twitch, StreamYard, and Restream
- Donation, giving, and fundraising platforms — including but not limited to Tithely, Pushpay, and GivingFuel
- Review and local-listing platforms — including but not limited to Google Business Profile and Yelp
The data we retrieve depends on the specific platform and the scope the client has authorized. In general, we retrieve aggregate analytics data such as:
- Account or page identifiers and public profile information (name, handle, profile image, account creation date)
- Audience size metrics (followers, subscribers, list members, channel members)
- Reach and engagement metrics (impressions, views, plays, downloads, opens, clicks, reactions, comments, shares, saves)
- Performance data for individual posts, videos, episodes, or campaigns (publication date, title, view counts, engagement counts, audience retention where available)
- Aggregate audience demographics where the platform exposes them (age range, gender, geography, device — never tied to identifiable individuals)
- Aggregate giving or revenue totals where the platform exposes them, for clients who connect donation or e-commerce platforms
We do not retrieve, download, or store the content of direct messages, private comments, contact records of individual subscribers or donors (such as names, email addresses, phone numbers, or payment details of an individual donor), or any non-public personal information of the connected accounts' followers, subscribers, donors, or audience members.
If we add support for a new platform that requires materially different data categories from those described above, we will update this Privacy Policy before that integration becomes available to clients.
2.3 Information generated by the Service
In the normal course of operation, the Service generates and stores:
- OAuth tokens, refresh tokens, and API keys for connected platform accounts
- Cached snapshots of analytics data, used to render dashboards and to compute period-over-period comparisons
- Application logs, including request timestamps, error messages, and IP addresses, used for debugging and abuse prevention
- Audit records of administrative actions taken within the Service
3. How we use information
We use the information described in Section 2 to:
- Authenticate authorized users and protect the Service from unauthorized access
- Retrieve and display analytics from connected platforms in client dashboards
- Generate periodic reports (PDF, slide deck, and editorial summaries) for client review
- Calculate aggregate and historical trends across reporting periods
- Operate, maintain, secure, and improve the Service
- Comply with applicable legal obligations
We do not use information collected through the Service to train machine learning models or for advertising purposes. We do not sell, rent, or trade personal information.
4. How we share information
We share information only as described below:
4.1 With clients
We display retrieved analytics data within the Service to authorized representatives of the client whose accounts are connected. Analytics from one client's accounts are not shown to other clients.
4.2 With service providers
We use third-party infrastructure providers to operate the Service. These providers process data only on our instructions and are subject to confidentiality and data protection obligations. They include:
- Hosting and infrastructure — Vercel (application hosting and serverless function execution); Supabase (database and authentication infrastructure)
- Authentication and identity — Google (Google OAuth)
- Connected platform APIs — the platforms listed in Section 2.2 above, accessed only on behalf of clients who have authorized the connection
- Generative AI providers — Anthropic, PBC and Google (Gemini API), used to generate summary text in editorial sections of dashboards; only aggregate, non-personal analytics data is sent to these providers
We may engage additional service providers as the Service evolves. Any new provider will be subject to substantially equivalent confidentiality and data protection obligations.
4.3 For legal reasons
We may disclose information if required to do so by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, the safety of users, or the integrity of the Service.
4.4 Business transfers
If Do Good Brands LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to the same protections described in this policy.
5. Data retention
We retain information for as long as it is needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements:
- OAuth tokens and API keys are retained until the connection is revoked by the client, by the underlying platform, or by us, or until the client's engagement with Do Good Brands ends.
- Cached analytics snapshots are retained for up to 36 months to support historical comparisons. Older snapshots may be aggregated or deleted.
- Authorized user account records are retained for the duration of the user's authorization and for a reasonable audit period thereafter.
- Application logs are retained for up to 90 days unless required for longer for security or legal reasons.
When a client engagement ends, we will, on the client's request, delete or return information associated with that client's connected accounts within 30 days, subject to legal retention obligations.
6. How to disconnect an account or request deletion
A client representative may disconnect a connected platform account at any time from within the Service or by revoking the Service's access in that platform's connected-apps settings. Once disconnected, we will:
- Cease retrieving new data from the platform
- Invalidate stored credentials for that connection
- Delete or anonymize cached data on the timeline described in Section 5
To request deletion of all data associated with your client account or your authorized user account, contact us at dogoodbrands@gmail.com with the subject line "Data deletion request." We will acknowledge requests within 7 business days and complete deletion within 30 days, except where retention is required by law.
6.1 Meta-specific data deletion
If you previously connected a Facebook Page or Instagram account through the Service and want your data deleted, you may:
- Email dogoodbrands@gmail.com with the subject line "Meta data deletion request"
- Remove the Service from your Meta connected apps at facebook.com/settings?tab=business_tools
We will delete the associated OAuth tokens and cached data within 30 days of receiving the request.
7. Data security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest for stored credentials, access controls limiting who can access production systems, and routine security reviews.
No security measure is perfect. We cannot guarantee that information transmitted to or stored by the Service will never be subject to unauthorized access.
8. International users
The Service is operated from the United States. If you access the Service from outside the United States, you understand that information will be transferred to, processed in, and stored in the United States, where data protection laws may differ from those in your jurisdiction.
9. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.
10. Your rights
Depending on where you live, you may have rights under applicable data protection laws (such as the GDPR in the European Economic Area or the CCPA in California), including the rights to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your information
- Object to or restrict certain processing
- Receive your information in a portable format
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at dogoodbrands@gmail.com. We will respond within the timelines required by applicable law.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we will provide additional notice (such as by email to authorized users or by an in-Service notification). Continued use of the Service after a change indicates acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy or our data practices, contact us at:
Do Good Brands LLC
Email: dogoodbrands@gmail.com
This Privacy Policy reflects the current operation of the Do Good Dashboard and is written to accommodate the platforms our clients commonly use. It is provided for transparency and to support compliance with platform requirements (including those of Meta, Google, TikTok, Podbean, Mailchimp, and similar services). It is not legal advice. Clients with specific legal or regulatory questions should consult qualified counsel.