Brief logoBack to home

Legal

Privacy Policy

Last updated June 6, 2026

Brief turns activity from your work tools into a daily briefing of actionable tasks. This policy explains what we collect, where it lives, and what control you have over it.

What we collect

Account information

When you sign in, we collect your email address and, if you provide it, your first name. Authentication is handled by Supabase using magic links. Session cookies keep you signed in on your device.

Connected tool data

When you connect integrations such as Gmail, Google Calendar, Jira, or Discord, Brief polls those services on your behalf. We fetch only what we need to surface tasks — for example, recent calendar events, unread or important email, and issues assigned to you. We do not store full inboxes, channel archives, or your entire work history.

Tasks and briefings

We store extracted tasks, short summaries, due dates, and small pieces of context (such as titles and timestamps) that appear in your feed. Source events from connected tools may be held temporarily while we process them into tasks.

OAuth tokens

Access and refresh tokens for your integrations are stored on our servers so connections stay active. These tokens are never sent to your browser.

Push notifications (optional)

If you enable notifications, we store a push subscription endpoint and encryption keys required to deliver alerts to your device. You can turn this off anytime in Settings.

Local device storage

Your browser may cache your feed in IndexedDB so you can view your last synced briefing when offline. This cache stays on your device and is cleared when you clear site data.

How we use your data

  • Authenticate you and maintain your account
  • Poll connected tools and build your daily briefing
  • Run AI task extraction on relevant content from your connected tools
  • Send push notifications you have opted into
  • Keep integrations connected and refresh OAuth tokens

We do not sell your personal data. We do not use your data for advertising.

Where your data is stored

Our servers

Account records, integration tokens, source events, extracted tasks, and push subscriptions are stored in a PostgreSQL database. OAuth tokens are encrypted with AES-256-GCM before they are written to the database.

Authentication

Sign-in credentials and session management are handled by Supabase Auth.

Your browser

Session cookies and an offline feed cache (IndexedDB) are stored locally on your device.

Third-party services

Brief relies on services that process data on our behalf:

  • Supabase — authentication and session management
  • Groq — AI task extraction from normalized work content
  • Google, Jira, Discord — connected work tools you authorize via OAuth

Before content is sent for AI extraction, we strip obvious secrets such as API keys, bearer tokens, JWTs, and private keys. Content is also truncated to limit what leaves our servers.

Each third-party provider has its own privacy policy governing how they handle data on their platform.

How we protect your data

  • OAuth tokens are encrypted at rest and only decrypted on the server when needed to sync your tools
  • API requests from the app require authentication — your tokens never reach the browser
  • Polling is scoped to recent, relevant activity rather than full account exports
  • Sensitive patterns are redacted from content before AI processing

Your choices

  • Disconnect integrations — revoke access for any provider from the Integrations page. Disconnecting stops future polling for that tool.
  • Turn off notifications — disable push alerts in Settings at any time.
  • Sign out — ends your session on the current device.
  • Request deletion — contact us to request deletion of your account and associated data.

Data retention

We keep account and task data for as long as your account is active and you use Brief. Source events used during task extraction may be retained after processing. When you disconnect an integration, we stop fetching new data from that provider.

Changes to this policy

We may update this policy as Brief evolves. When we make material changes, we will update the date at the top of this page. Continued use of the service after changes take effect means you accept the revised policy.

Contact

Questions about this policy or your data? Open an issue on our GitHub repository or reach out through brief.hanif.one.