Privacy Policy
Last updated: July 1, 2026
What we collect
When you order a brief, we collect: the brief inputs you provide (topic, decision, context, audience, timeline), your email address (to deliver the brief), and basic order metadata (date, plan tier, amount). When you create an account, we store your email and a hashed password. When you browse the site, we log standard server access logs (IP, user agent, requested path) for security and debugging.
What we do NOT collect
We do not collect payment card numbers. Payments are processed by Stripe; we only see the last 4 digits and the card brand. We do not run third-party advertising trackers. We do not sell your data.
How we use your data
We use the brief inputs to generate your brief. We use your email to deliver the brief and (if you opted in) to send product updates. We use the access logs to detect abuse and debug issues. We do not use your data to train any AI model.
Who can see your data
Only the YourBrief.io team. We do not share your data with third parties except: Stripe (payment processing), Resend (email delivery), and Vercel (hosting). Each is contractually obligated to protect your data. We may disclose data if required by law.
Data retention
We keep your briefs for as long as your account is active. You can delete your account and all associated data at any time from your dashboard. We delete inactive accounts after 24 months of no login activity.
Your rights
You can: access your data, correct it, download it, or delete it. Email privacy@yourbrief.io for any of these. We respond within 7 days.
Cookies
We only use first-party cookies that are strictly necessary for the site to function. We do not use advertising cookies, analytics cookies, or any third-party cookies — so there is nothing to opt in or out of.
| Cookie | Purpose | Lifetime |
|---|---|---|
| csrf | Protects forms against cross-site request forgery | 1 day |
| next-auth.session-token | Keeps you signed in after using a magic link | 30 days |
| next-auth.csrf-token | Protects the sign-in flow against forgery | Session |
| next-auth.callback-url | Returns you to the right page after signing in | Session |
Security
We use HTTPS everywhere. Sign-in is passwordless — single-use magic links sent to your email, so there is no password to store or leak. Payment data is handled by Stripe (PCI-DSS Level 1). We perform regular security reviews. If you find a vulnerability, please email security@yourbrief.io (do not open a public issue).
Changes to this policy
If we change this policy materially, we will email active customers at least 30 days before the change takes effect.
Contact
Questions? Email privacy@yourbrief.io.