Your Privacy at BrieflyGo

Only what is needed to operate the service:

• Account data: your email address, used for authentication and service communications.
• Documents you analyze: PDFs, Word files, or text you upload for AI analysis. Processed transiently and not stored after your session unless you explicitly save a report.
• Analytics data: page URL, referrer, anonymized IP, browser type, OS, device type, and country code. No full IP address is ever stored in our first-party analytics store.
• Support messages: name (optional), email, and message content when you contact us via the contact form.
• Billing data: payment method details (card type, last 4 digits, expiry) are handled directly by Stripe — we never see or store your full card number.

We do not collect behavioral profiles, purchase history beyond your own subscription, or data from third party brokers.

For users in the European Economic Area (EEA), we rely on the following legal bases:

• Contract performance (Art. 6(1)(b)): processing your email and uploaded documents to deliver the service you subscribed to.
• Legitimate interests (Art. 6(1)(f)): first-party anonymized analytics to understand product usage, improve reliability, prevent abuse, and maintain security.
• Consent: optional third-party analytics tools only load after you explicitly allow them through the consent banner.
• Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax law.

Our AI analyzes your document on the fly to produce your report. Documents are processed transiently and we do not use your documents to train or fine-tune AI models. AI processing is performed through providers configured for customer-serving inference, not model training.

Our analysis does not constitute automated decision-making with legal or similarly significant effects under GDPR Art. 22. All conclusions in our reports require human review before any decision is made.

Our first-party analytics system never stores a complete IP address. Before data is written to storage, the last octet of IPv4 addresses is replaced with 0. For IPv6, the trailing bits are zeroed so the stored value is not directly identifying.

BrieflyGo uses a consent banner for optional analytics. Our first-party product analytics remain server-side, and Google Analytics only loads after you allow it via the banner.

• Optional analytics stay off until you give consent.
• No cross-site advertising or behavioral profiling.
• No third-party advertising networks.

Auth session tokens are stored in localStorage for Supabase auth, which is scoped to our domain.

• Account data: retained while your account is active. Deleted permanently within 30 days of account deletion.
• Uploaded documents: not stored beyond your active session unless you explicitly save a report.
• Analytics: retained for operational analysis and then purged on our standard retention schedule.
• Billing records: retained as required by applicable tax law.
• Support messages: retained for support and product quality follow-up, then removed on the normal retention cycle.

If you are in the EEA or UK, you have rights of access, rectification, erasure, restriction, portability, objection, and complaint to your local data protection authority.

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We may extend this period once by an additional 30 days where necessary, with written notice.

Contact [email protected] with the subject line Privacy Request.

California residents may request access, deletion, correction, and other rights provided by applicable California privacy law. We do not sell personal information.

To exercise a California privacy right, email [email protected] with the subject line California Privacy Request.

We use the following third-party sub-processors to deliver the service. Each is bound by a Data Processing Agreement (DPA) and appropriate transfer safeguards:

Privacy questions or data requests:

• Email: [email protected]
• Subject line: Privacy Request