Privacy Policy

Your Privacy at BrieflyGo

Your privacy is the foundation of trust. Here is what we collect, how we use it, and how we protect it.

GDPR-ready workflows California privacy requests supported Consent-first analytics No Data Sold Ever

What We Collect

Only what is needed to operate the service:

  • Account data: your email address, used for authentication and service communications.
  • Documents you analyze: PDFs, Word files, or text you upload for AI analysis. Processed to generate your requested output. If you use workspace features, editor flows, or saved reports, the files and related output may be stored in your account until you delete them or they are removed under our retention rules.
  • Analytics data: page URL, referrer, anonymized IP, browser type, OS, device type, and country code. No full IP address is ever stored in our first-party analytics store.
  • Support messages: name (optional), email, and message content when you contact us via the contact form.
  • Billing data: payment method details (card type, last 4 digits, expiry) are handled by third-party payment providers or merchant-of-record partners — we never see or store your full card number.

We do not collect behavioral profiles, purchase history beyond your own subscription, or data from third party brokers.

Legal Basis for Processing (GDPR Art. 6)

For users in the European Economic Area (EEA), we rely on the following legal bases:

  • Contract performance (Art. 6(1)(b)): processing your email and uploaded documents to deliver the service you subscribed to.
  • Legitimate interests (Art. 6(1)(f)): first-party anonymized analytics to understand product usage, improve reliability, prevent abuse, and maintain security.
  • Consent: optional third-party analytics tools only load after you explicitly allow them through the consent banner.
  • Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax law.

No Selling

We have never sold and will never sell your data to third parties, data brokers, or advertising companies. Your documents and personal information belong to you.

How We Use AI

Our AI analyzes your document on the fly to produce your report. Documents are processed transiently and we do not use your documents to train or fine-tune AI models. AI processing is performed through providers configured for customer-serving inference, not model training. Saved workspace artifacts are used only to deliver product features you requested, such as reopening a report, continuing editing, or resuming a send flow.

Our analysis does not constitute automated decision-making with legal or similarly significant effects under GDPR Art. 22. All conclusions in our reports require human review before any decision is made.

IP Address Anonymization

Our first-party analytics system never stores a complete IP address. Before data is written to storage, the last octet of IPv4 addresses is replaced with 0. For IPv6, the trailing bits are zeroed so the stored value is not directly identifying.

Cookies & Tracking

BrieflyGo uses a consent banner for optional analytics. Our first-party product analytics remain server-side, and Google Analytics only loads after you allow it via the banner.

  • Optional analytics stay off until you give consent.
  • No cross-site advertising or behavioral profiling.
  • No third-party advertising networks.

Authentication and product state may use browser storage, cookies, and similar session mechanisms that are scoped to BrieflyGo features and account access.

CookiePurposeDuration
brieflygo_consentStores your cookie consent choice12 months
brieflygo_auth / session cookiesAuthentication and account session stateSession / 7 days
_ga, _ga_*Google Analytics (only after consent)2 years

Data Retention

  • Account data: retained while your account is active. Deleted permanently within 30 days of account deletion.
  • Uploaded documents: may be retained only as long as needed for the specific feature you used, unless you explicitly save them into a workspace, report, template, or related product flow.
  • Analytics: retained for operational analysis and then purged on our standard retention schedule, which may vary by tool or provider.
  • Billing records: retained as required by applicable tax law.
  • Support messages: retained for support and product quality follow-up, then removed on the normal retention cycle unless a longer retention period is required to resolve abuse, fraud, or legal issues.

Some exact retention periods depend on the feature you use, whether content was explicitly saved, and our fraud-prevention or legal obligations at the time.

Your Rights (GDPR Art. 15-22)

If you are in the EEA or UK, you have rights of access, rectification, erasure, restriction, portability, objection, and complaint to your local data protection authority.

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We may extend this period once by an additional 30 days where necessary, with written notice.

Contact [email protected] with the subject line Privacy Request.

California Privacy Rights (CCPA / CPRA)

California residents may request access, deletion, correction, and other rights provided by applicable California privacy law. We do not sell personal information.

To exercise a California privacy right, email [email protected] with the subject line California Privacy Request.

Data Transfers

BrieflyGo operates online and may process data on infrastructure located in the United States. Where required, cross-border transfers from the EEA or UK are handled under Standard Contractual Clauses (SCCs) pursuant to GDPR Art. 46(2)(c), or equivalent mechanisms recognised by the European Commission.

Sub-processors

We use the following third-party sub-processors to deliver the service. Each is bound by a Data Processing Agreement (DPA) and appropriate transfer safeguards:

Sub-processorPurposeLocationSafeguard
Cloud database and storage providersDatabase, account services, and file storageVaries by providerContractual safeguards
AI inference providersTransient AI analysis and generationVaries by providerContractual safeguards and no-training commitments where offered
Transactional email providersAccount and workflow email deliveryVaries by providerContractual safeguards
Payment providers / merchant-of-record partnersSubscription billing and checkoutVaries by providerContractual safeguards
Google AnalyticsOptional analytics (consent-gated)USA / EUSCCs, consent-only

Contact

Privacy questions or data requests:

Last updated: April 2026. Applies to BrieflyGo (brieflygo.com).

Never sign without understanding every clause.

BrieflyGo reviews your contracts in plain English — instantly.

Try for free →