Privacy Policy
Last updated · 2026-06-09
This notice explains what personal data Brieflings collects when you use the service, why we process it, who we share it with, and the choices and rights you have. It covers the web app, the briefs we prepare for you, your chats with the editor, and the emails we send. Your use of Brieflings is also governed by our Terms & Conditions.
Who we are
Brieflings is operated by Kirkton Labs Ltd, trading as Brieflings, a company registered in Scotland under company number SC890006, whose registered office is at 2 Thorne Road, Livingston, West Lothian, Scotland, EH54 7GL, United Kingdom. For any question about this notice or about your data, contact us at contact@brieflings.com .
What data we collect
We collect only what the service needs to work:
- Account data — your email address, display name, and a hashed password.
- Profile and preferences — the preferences and personality traits you set, and your email-digest settings.
- Your topics and briefs — the subjects you follow and their cadence settings, the briefs we prepare, and the findings within them.
- Chats — your conversations with the editor, and the working notes the editor builds up about you to personalise future briefs.
- Engagement signals — reactions, bookmarks, and similar signals used to tune what we surface.
- Notification settings — your per-channel notification preferences and any Web Push subscriptions.
- Records of agreement — when you accept this notice and our Terms at signup, we record that acceptance: the time, the document versions you agreed to, and your IP address.
- Technical data — sign-in cookies and server logs needed to run and secure the service.
Why we process it, and our legal bases
We may only use your personal data where the law gives us a basis to. Here is the basis we rely on for each thing we do:
| What we use your data for | Our lawful basis (UK GDPR) |
|---|---|
| Running your account, preparing and delivering your briefs, and powering chat with your editor | Performance of our contract with you (Article 6(1)(b)), set out in our Terms & Conditions |
| Taking payment for paid plans | Performance of our contract (Article 6(1)(b)) |
| Personalising your briefs, keeping the service secure, preventing abuse, and improving it | Our legitimate interests (Article 6(1)(f)) |
| Optional analytics and session replay, and advertising measurement | Your consent (Article 6(1)(a)), through the cookie banner |
| Meeting our legal and tax obligations | Legal obligation (Article 6(1)(c)) |
Who we share it with
We use a small set of trusted providers to operate the service. We do not sell your personal data. The only third-party advertising measurement we use is Meta's — the Meta Pixel on our public marketing pages and the Meta Conversions API for a few conversion signals from our side — and only with your consent. See the Advertising section below.
- AI providers — generate the research and writing in your briefs, review them for quality, and power chat with your editor. Based outside the UK (Singapore and the United States).
- A search and indexing provider — runs your editor's web searches and builds the index that personalises your briefs. Based in the United States.
- An email-delivery provider — delivers the emails we send you. Based in the United States.
- A logging provider — stores our operational logs. Based in the European Economic Area.
- A payment provider — processes card payments for paid plans. Based in the United Kingdom.
- PostHog (EU Cloud) — product analytics and session replay, only if you accept analytics on the cookie banner. See the section below.
- Meta Platforms Ireland — measures our advertising, only if you accept advertising on the cookie banner: the Meta (Facebook) Pixel on our public marketing pages, and the Meta Conversions API for conversion signals (such as a signup or subscription) sent from our servers. To help Meta match these to the right account, we share a limited set of identifiers — including a scrambled (hashed) version of your email address and your country. We never send Meta the topics you follow, the briefs you read, or your chats. See the Advertising section below.
- Web Push services (Mozilla, Google, Apple) — deliver browser push notifications, only if you enable them.
- Our hosting provider — runs the servers the service operates on. Based in the European Economic Area.
We can tell you the specific provider behind any of these categories — just ask at contact@brieflings.com .
Analytics and session replay
If you choose Accept on the cookie banner we send anonymised product-usage events and a session recording of your visit to PostHog (EU Cloud). We use this to understand how the site is used and to diagnose problems users report.
The recording captures pages you view and how you interact with them.
Form inputs (your password, signup details, account settings) are masked
before the recording leaves your browser, and the /ops operator
console is excluded entirely. We retain recordings for 30 days. If you
reject analytics on the banner, no events are sent and no recording is
made; you can also change your choice at any time through the banner.
Advertising
We advertise Brieflings on platforms such as Facebook and Instagram. To measure whether those ads work and to reach people who may find Brieflings useful, our public marketing pages — our home page, the pricing page, and the signup page — use the Meta Pixel. It loads only if you accept the Advertising category on the cookie banner, and you can change that choice at any time.
If you accept advertising, we also send Meta a set of conversion signals from our own servers — for example that an account was created, a free trial started, or a subscription began. This is the Meta Conversions API: it lets us measure which ads bring people who go on to find Brieflings useful, even when a browser blocks the Pixel. To help Meta match a signal to the right account, each one carries a limited set of identifiers: a scrambled (hashed) version of your email address and your country, a scrambled internal account reference, the reference our payment provider uses for your account, your IP address, basic browser details, and Meta's own advertising cookies. The email and country are hashed — turned into an irreversible code — before they are sent, so Meta can match you to an account it may already have without reading your actual details.
On our marketing pages, the Meta Pixel also uses Meta's advanced matching: when you enter contact details there (such as your email on the signup page), it hashes them in your browser and sends the hashed value to Meta for the same matching purpose. In all cases we never send Meta the topics you follow, the briefs you read, or your chats with the editor — that stays between you and us.
When advertising measurement is active (the Pixel and the Conversions API), the information described above is shared with Meta Platforms Ireland. For this, Brieflings and Meta act as joint controllers, and our legal basis is your consent. Meta's own use of this data is governed by Meta's data policy. You can withdraw consent at any time through the cookie banner; when you do, we stop sending these signals.
International transfers
Most of the providers that handle your data operate in the UK or the European Economic Area (EEA) — the servers that run the service, our logging provider, and (where you consent) PostHog and Meta. Transfers to the EEA are covered by the UK's adequacy regulations, so your data keeps the same protection it has in the UK. Meta may transfer the limited advertising identifiers described above onward outside the UK and EEA (including to the United States) under the safeguards set out in its own data policy.
Some of our providers are based outside the UK in countries that do not have full UK adequacy — our AI providers (Singapore and the United States) and our email-delivery and search providers (United States). For those transfers we rely on the standard data-protection clauses (the UK Addendum to the EU Standard Contractual Clauses) in each provider's data-processing terms; you can ask us for a copy by emailing contact@brieflings.com .
What we send to our AI providers is the material they need to prepare and discuss your briefs — your topics, the notes we use to personalise them, and your chat messages. We do not attach your name, email address, or account identifier to it.
AI and model training
Your briefs and chat replies are produced by our AI providers, which process what we send them only to generate that output for you. We do not use your content — your topics, your chats, or your briefs — to train AI models, and our providers are contractually bound not to use it to train theirs.
How long we keep it
We keep your account data and content for as long as your account is open, and when you delete your account the removal is immediate. Other records have their own lifetimes:
| Data | How long we keep it |
|---|---|
| Your account, topics, briefs, chats, and the notes the editor builds up about you | While your account is open; deleted immediately when you delete your account |
| A small record that you accepted our policies | Kept after deletion as proof of agreement, with your IP address removed |
| Detailed logs kept while preparing a brief | Up to 72 hours |
| Background-job records | Up to 24 hours |
| Analytics session recordings (only if you consent) | 30 days |
| Backups | Up to about five weeks, then deleted; never used to restore a deleted account |
A couple of records sit with our providers and roll off on their schedules rather than the moment you delete your account: the operational logs held by our logging provider and the delivery records held by our email provider, each kept for that provider's retention period.
Your rights
You can access, correct, export, and delete your data, and object to certain processing. You can delete your account yourself at any time from Settings; some preferences and topic settings are editable there too. To exercise any other right, contact us at contact@brieflings.com — some requests are currently handled manually, and we will respond within one month, as the law requires. You also have the right to complain to the UK Information Commissioner's Office (ICO).
Automated decision-making
We personalise your briefs based on the topics you follow and the signals you give us. We do not make any decision that produces a legal or similarly significant effect about you solely by automated means.
Cookies
Brieflings uses first-party cookies, plus the third-party Meta Pixel on our public marketing pages (only with your consent). The full inventory and how to manage your choice are set out in our cookie policy.
Children
Brieflings is not directed at children and we do not knowingly collect data from them.
Changes to this notice
If we make material changes we will update the date shown above and, where appropriate, tell you directly.