Privacy policy

Branding Pioneers is a healthcare-only marketing firm headquartered in Gurugram, India, with offices in La Mesa, CA and Tampa, FL. We operate under ISO 27001 information-security certification and sign HIPAA Business Associate Agreements (BAAs) where engagements involve protected health information (PHI).

On our website. Standard analytics (anonymised IP, referrer, page-views, device, country) via GA4. Conversion-tracking pixels on form submissions (Google Ads, Meta, LinkedIn). Cookie consent is enforced — see our cookie policy at the foot of every page.

From form submissions. Name, email, phone (if you share it), the company you represent, the message you typed, and the page you submitted from. We do not collect health information through public forms.

During engagements. Whatever your contract authorises us to access — typically Google Ads, Meta Business Suite, GA4, GSC, your CRM, your CMS. PHI access is rare; when present, it is governed by a signed BAA and segregated access logs.

• Respond to your inquiry within one business day.
• Match you with the right senior strategist for a first call.
• Send you the materials you asked for (dossier, audit, case files).
• Run your campaigns under the scope your engagement authorises.
• Aggregate (anonymised) reporting for our client-portfolio benchmarks.

We do not sell or rent your data. We do not retarget mental-health-condition site visitors. We do not share PHI with third parties beyond the platforms your engagement requires.

Data is stored in encrypted form on AWS infrastructure (us-east-1, ap-south-1) and Google Cloud (us-central1). Customer-relationship data lives in HubSpot (BAA-cleared tier). Marketing automation lives in our in-house WaCRS / Convi.AI stack (ISO 27001-audited).

• Marketing inquiries: 24 months from last engagement, then deleted.
• Active client data: duration of engagement + 7 years (statutory record-keeping).
• Anonymised aggregate analytics: indefinite.
• PHI: as defined in your BAA — typically deleted on termination plus 6-year HIPAA window.

• Access — email privacy@brandingpioneers.com for a data export. We respond within 30 days.
• Correction — same channel, same SLA.
• Deletion — same channel. We honour deletion requests except where statutory record-keeping requires retention; we will explain why.
• Portability — JSON export of your data on request.
• Opt-out of marketing — unsubscribe link in every email; or email us directly.
• Lodge a complaint — contact your local data-protection authority (GDPR), the Information Commissioner of India, or the Federal Trade Commission (US).

We use a strict-by-default consent model. No tracking cookies fire until you opt in. Strictly-necessary cookies (auth, CSRF) always fire — without them the site doesn't work.

We use the following sub-processors. Each is reviewed annually for compliance posture: AWS, Google Cloud, HubSpot, Twilio, Calendly, Cloudflare, Vercel, GitHub, Notion. Full list with purposes available on request.

We update this policy when our practices change. The effective date at the top of this page is the date of the most recent change. Material changes are notified via email to active clients and the website.

privacy@brandingpioneers.com — for everything in this policy.

dpo@brandingpioneers.com — for GDPR / India DPDPA-specific matters.

security@brandingpioneers.com — to report a vulnerability or incident.

We respond same business day during business hours (Mon–Fri 09:00–19:00 IST).