Legal

Privacy Policy

Last updated: 4 May 2026

BriefWorks (“we”, “us”, “our”) operates briefworks.io. This Privacy Policy explains what personal data we collect, why we collect it, the legal basis under which we process it, and your rights regarding that data. We are committed to handling your data responsibly and in compliance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

BriefWorks is the data controller for personal data collected through briefworks.io. If you have questions about this policy or wish to exercise your rights, contact us at hello@briefworks.io.

2. Information We Collect

Information you provide directly

  • Email address, collected when you register interest, create an account, or contact us.
  • Brief inputs, keywords, topics, and URLs you enter to generate content briefs.
  • Payment information, if you subscribe to a paid plan, payment is processed by PayPal. We do not store your card details.

Information collected automatically

  • Usage data, pages visited, features used, session duration, and actions taken within the product.
  • Technical data, IP address, browser type and version, operating system, and referring URLs.
  • Performance data, page load times and error reports collected via Vercel Analytics and Speed Insights.

Information we do not collect

We do not collect sensitive personal data (e.g. health, financial, or biometric data). We do not sell data to advertisers.

3. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR Article 6):

  • Contract performance, to provide you with the Service, process your subscription, and send transactional communications.
  • Legitimate interests, to monitor and improve the Service, ensure security, and send relevant product updates to existing users. We balance these interests against your rights.
  • Consent, where we send marketing communications to early-access registrants. You may withdraw consent at any time by unsubscribing.
  • Legal obligation, to comply with applicable laws, including tax and accounting obligations.

4. How We Use Your Data

  • To create and manage your account and deliver the BriefWorks service
  • To process payments and send billing receipts
  • To notify early-access registrants when the product launches
  • To send transactional emails (account activity, password resets, billing alerts)
  • To monitor uptime, performance, and security
  • To improve the product using aggregated, anonymised analytics
  • To respond to your support requests and enquiries
  • To comply with legal obligations

5. Brief Inputs and AI Processing

Keywords and topics you submit are sent to Anthropic's API to generate your brief output. Anthropic processes this data under its own privacy policy and API usage policies. We do not use your brief inputs to train AI models without your explicit consent. We may use anonymised, aggregated input data (e.g. common keyword categories) to improve our own prompting and product features.

6. Third-Party Services and Sub-Processors

We share data with the following sub-processors, each operating under its own data processing agreement with us:

  • Vercel Inc. (USA), hosting, edge delivery, and analytics
  • Supabase Inc. (USA), database and authentication
  • Anthropic PBC (USA), AI brief generation via API
  • PayPal Holdings Inc. (USA), subscription billing and payment processing
  • Inngest Inc. (USA), background job processing
  • Reddit, Inc. (USA), advertising pixel and conversion measurement (hashed email only)

Several of these providers are based in the United States. We rely on Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Agreement (IDTA) to ensure your data is protected when transferred internationally.

7. Cookies and Advertising Pixels

We use strictly necessary cookies required for authentication and secure session management. We also use the Reddit Ads pixel and Conversion API to measure the performance of our paid acquisition campaigns; this stores a small advertising cookie and sends hashed (non-reversible) email addresses to Reddit for conversion attribution. You can control cookies through your browser settings, though disabling session cookies will prevent you from logging in.

8. Data Retention

  • Account data, retained for the duration of your account. Deleted within 30 days of account closure upon request.
  • Brief inputs and outputs, retained to provide the Service; deleted with your account.
  • Billing records, retained for 7 years as required by UK tax law.
  • Server logs, retained for up to 90 days for security and debugging purposes.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), access controls, and regular security reviews. However, no system is completely secure. If you believe your account has been compromised, contact us immediately at hello@briefworks.io.

10. Children's Privacy

The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Your Rights

Under UK GDPR, you have the following rights:

  • Access, request a copy of the personal data we hold about you.
  • Rectification, ask us to correct inaccurate or incomplete data.
  • Erasure, request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction, ask us to limit processing of your data in certain circumstances.
  • Portability, receive your data in a structured, machine-readable format.
  • Objection, object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent, where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email hello@briefworks.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

12. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. We will notify registered users of material changes by email at least 14 days before they take effect, and update the “Last updated” date above. Your continued use of the Service after that date constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at hello@briefworks.io.