Privacy Policy

BriefOps is operated by Vrexis Technologies ("we," "our," or "us"). This Privacy Policy explains what information we collect, how we use it, and how we protect it when you use briefops.app. By using BriefOps, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address. If you sign up via Google or Microsoft OAuth, we receive your name and email from those providers. We do not store your OAuth provider password. If you sign up with email and password, your password is hashed and never stored in plain text.

Profile Information

You may optionally provide a company name and upload a logo. These are used to brand your generated PDF briefs. This information is stored in your account and is never shared with third parties.

Client Intake Data

When your clients fill out your intake form, we collect their name, email address, and their answers to your intake questions. This data is stored in your account and is accessible only to you. Your clients do not need to create a BriefOps account.

Usage Data

We collect basic usage information including the number of briefs generated and your intake link activity. This data is used solely to operate the service and enforce free tier limits. We do not use third-party analytics tools.

Payment Information

We use Stripe to process payments. We do not store your credit card details. Stripe handles all payment data under their own PCI-compliant infrastructure. We only receive a customer ID and subscription status from Stripe.

2. How We Use Your Information

We use your information to provide and operate the BriefOps service, process AI-generated project briefs, send transactional emails such as account confirmation, password reset, and subscription notifications, enforce subscription limits, and improve the product over time. We do not sell your data to third parties. We do not use your data for advertising.

3. AI Processing

Client intake responses are sent to Anthropic's Claude API to generate project briefs. This processing happens entirely server-side — your data never passes through the browser. Anthropic processes this data under their enterprise API terms and does not use API-submitted data to train their models. Your clients' intake responses are not used to train any AI system.

4. Data Storage and Security

Your data is stored in Supabase, which is SOC 2 Type II certified and encrypts all data at rest. All connections to BriefOps use TLS 1.2 or higher. Row-Level Security policies are enforced at the database level to ensure your data is strictly isolated from other users. API keys and secrets are never exposed to the browser.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, your profile, intake responses, briefs, and client data are scheduled for permanent deletion within 30 days. You may cancel a deletion request within that 30-day window by contacting us at support@briefops.app.

6. Team and Agency Accounts

Agency plan administrators may invite team members to their workspace. Team members can access the brief generation tools under the agency's account. Briefs generated by team members are visible only to that team member, not to other members. The agency administrator's company name and logo are applied to all team members' PDF output.

7. Third-Party Services

BriefOps uses the following third-party services to operate: Supabase for database and authentication, Anthropic for AI brief generation, Vercel for hosting and deployment, Stripe for payment processing, Resend for transactional email, and Upstash for rate limiting. Each provider operates under their own privacy policy. We share only the minimum data necessary with each provider.

8. Cookies

We use cookies solely for authentication — to keep you signed in to your account using secure, httpOnly session cookies. We do not use tracking cookies, advertising cookies, or third-party analytics. We do not use any cookies for marketing purposes.

9. Your Rights

You have the right to access the personal data we hold about you, correct any inaccurate information, request deletion of your account and associated data, and withdraw consent for data processing. To exercise any of these rights, contact us at privacy@briefops.app or submit a request through your account settings. We will respond within 30 days. If you are located in the European Economic Area, you may also have rights under GDPR including the right to data portability and the right to lodge a complaint with your local supervisory authority.

10. Children's Privacy

BriefOps is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately at privacy@briefops.app and we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. The date at the top of this page reflects when the policy was last updated. Continued use of BriefOps after changes take effect constitutes acceptance of the updated policy.