Privacy Policy

Last updated: March 6, 2026

At BriefBop, we take your privacy seriously. This policy explains how we collect, use, store, and protect your personal information when you use our AI-powered creative intelligence platform.

Table of Contents

This Privacy Policy applies to all users of BriefBop's website, applications, and services (collectively, the “Service”). By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

When you create an account, use our Service, or communicate with us, we may collect the following information:

  • Account Information: Name, email address, password, company name, job title, and profile picture.
  • Billing Information: Payment card details (processed securely through our payment provider), billing address, and transaction history.
  • Content & Briefs: Advertising briefs, creative content, brand guidelines, campaign data, and any other materials you upload or create using the Service.
  • Communications: Messages you send to us via email, support tickets, or feedback forms.

1.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information:

  • Usage Data: Pages viewed, features used, actions taken, time spent on the Service, and interaction patterns.
  • Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Location Data: Approximate geographic location based on your IP address.

1.3 Information from Third Parties

We may receive information about you from third-party services you connect to BriefBop, such as single sign-on providers (e.g., Google), analytics platforms, or advertising networks. This information is governed by those third parties' respective privacy policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the BriefBop platform, including AI-powered brief generation, creative analysis, and campaign insights.
  • AI Model Improvement: To enhance the quality and accuracy of our AI models. You may opt out of having your content used for model training in your account settings.
  • Personalization: To tailor your experience, provide relevant suggestions, and customize features based on your usage patterns and preferences.
  • Communication: To send you service updates, security alerts, administrative messages, and, with your consent, marketing communications.
  • Analytics: To understand how our Service is used, identify trends, and make data-driven improvements.
  • Security & Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and abuse.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Data Storage & Security

Your data is stored on secure servers provided by Google Cloud Platform through Firebase. We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of data at rest using AES-256 encryption.
  • Regular security audits and vulnerability assessments.
  • Role-based access controls for internal systems.
  • Multi-factor authentication for administrative access.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and update our security practices.

4. Third-Party Services

BriefBop integrates with and relies on the following third-party services to deliver our platform. Each processes data in accordance with their own privacy policies:

Google Cloud Platform / Firebase

Infrastructure hosting, authentication, database (Firestore), file storage, and serverless compute. Data is processed in accordance with Google's Data Processing Terms.

AI Service Providers

We use multiple third-party AI models to power our creative intelligence features: Anthropic (Claude) for language analysis and brand compliance, OpenAI (GPT-4o, GPT Image 1) for visual analysis and image generation, and Google (Gemini) for cultural sensitivity analysis. Content submitted for AI processing is transmitted securely to each provider and is not used by any provider to train their general-purpose models. We maintain data processing agreements with all AI providers. Brand knowledge embeddings are generated via OpenAI and stored in Pinecone (vector database) with strict namespace isolation per brand profile.

Payment Processors

We use PCI DSS-compliant payment processors to handle billing transactions. We do not store your full credit card number on our servers.

Analytics & Monitoring

We use analytics tools to understand Service usage and performance. These tools may collect anonymized usage data, device information, and interaction patterns.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Service. The types of cookies we use include:

TypePurposeDuration
EssentialRequired for authentication, security, and basic functionality.Session / 1 year
FunctionalRemember your preferences and settings.1 year
AnalyticsHelp us understand how visitors interact with the Service.2 years
MarketingUsed to deliver relevant advertisements (with consent only).1 year

You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of the Service.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Restrict Processing: Request that we limit how we process your data.
  • Right to Object: Object to the processing of your data for certain purposes, including direct marketing.
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent as the legal basis for processing.

To exercise any of these rights, please contact us at privacy@briefbop.com. We will respond to your request within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for the duration of your account and for up to 30 days after account deletion.
  • Content & Briefs: Retained for the duration of your account. Permanently deleted within 90 days of account deletion or upon request.
  • Billing Records: Retained for 7 years to comply with tax and financial reporting regulations.
  • Usage & Log Data: Retained in identifiable form for up to 12 months, then anonymized or deleted.

8. Children's Privacy

BriefBop is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@briefbop.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data outside of the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms. For more details, see our GDPR Compliance page.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the “Last updated” date at the top of this page. For significant changes, we will provide additional notice, such as an email notification or an in-app alert. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BriefBop Privacy Team