Privacy Policy

Last updated: 1 July 2026

This policy explains what personal data BriefSync.ai ("BriefSync", "we") collects, why, and your rights over it. The data controller is BriefSync.ai; you can reach us at hello@briefsync.ai for any privacy question or to exercise your rights.

Data we collect

We collect only what the product needs to work:

  • Account email — provided by Google when you sign in with Google OAuth.
  • Content you submit — the article URLs, uploaded documents, and text you add to your corpus, plus the RSS feeds you subscribe to.
  • Usage events — which articles you open, used to shape your feed and relevance.
  • Quiz responses — your answers to the retention quiz.

We do not collect payment data (there is no billing), and we do not run any web analytics.

How we use it

To provide the service: authenticate you, ingest and enrich the content you submit, group it into themes and synthesize summaries, power search, send your weekly email digest, and generate retention quizzes. We do not sell your data or use it for advertising.

AI / LLM processing

The content you submit is processed by a large language model to summarize and classify it. Today this runs on a self-hosted Mistral 7B model via Ollama on our own EU-hosted infrastructure. We are introducing a cloud-provider fallback for when the local model is unavailable, so in some cases your submitted content may be processed by a third-party LLM API; this page will be updated to name that provider as it goes live.

Where your data is stored and who processes it

Your corpus and account data are stored in a PostgreSQL database on EU-hosted infrastructure. We rely on the following processors, each only for the purpose listed:

  • Google — sign-in / OAuth authentication.
  • Cloudflare — DNS, proxy/CDN, and network protection.
  • Resend — delivery of the weekly email digest.
  • Vercel — hosting of the web frontend.

Some of these providers are established outside the EU and may process data (such as your email address) internationally under appropriate safeguards (e.g. Standard Contractual Clauses). [legal review: confirm the specific transfer mechanism for each processor.]

Legal basis (GDPR)

GDPR applies. We process your data to perform our contract with you (to provide the features you ask for) and, where relevant, on the basis of your consent or our legitimate interest in operating and improving the service. [legal review: confirm the precise legal-basis mapping per processing activity.]

Retention

We retain your account and content until you delete your account or ask us to erase your data, after which it is removed from our production systems (residual copies in encrypted backups age out on the normal backup cycle).

Your rights

Under GDPR you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, and the right to data portability. To exercise any of these, email hello@briefsync.ai. You also have the right to lodge a complaint with your local data-protection supervisory authority.

Cookies

We use only what's necessary to run the app: a session cookie set by our authentication library (Auth.js) to keep you signed in, and cookies set by Cloudflare for security and performance. We use no analytics, advertising, or third-party tracking cookies.

Children

BriefSync is not directed at children under 16 and we do not knowingly collect their data.

Changes

We may update this policy as the product evolves (for example, when the LLM fallback provider goes live). Material changes will be reflected here with a new "last updated" date.

Questions? hello@briefsync.ai.