Privacy Policy

Unbriefd collects the information needed to create, review, pay for, and deliver your project brief.

• Account and session data: email address, authentication records, session tokens, and basic session metadata such as IP address and user agent. Sessions are managed using secure httpOnly cookies that are not accessible to browser scripts.
• Brief input data: transcript text that you paste into the app, or text extracted from uploaded .txt and .docx files.
• Generated brief data: structural findings, extracted brief JSON, review edits, flag state, status history, and the final PDF file key.
• Payment data: amount, currency, and Stripe payment intent identifiers. We do not store full payment card numbers or any other card data.
• Sharing data: a public share token used to create the final client-facing brief link.

We use your data to operate the service you requested and to protect the product from abuse.

• To authenticate you by one-time email code and maintain your session.
• To run a structural pass on transcript input and create draft briefs.
• To generate and refine structured project briefs from your transcript text.
• To process payment, generate the final PDF, and deliver it through a share link.
• To troubleshoot failures, prevent misuse, and provide support.
• To collect optional product feedback when you choose to submit it via our feedback form.

We do not sell your data, share it with advertisers, or use it for any purpose beyond operating and improving Unbriefd.

When you use Unbriefd, transcript text and related brief context are sent to third-party AI infrastructure to extract and structure your project brief.

• OpenAI is used for extraction and structured brief generation. Transcript data is transmitted to OpenAI servers, which may be located outside the European Union. See openai.com/policies/privacy for details on how they handle this data.
• Trigger.dev is used to run long-running extraction and PDF generation jobs.

AI output may be incomplete or incorrect. We recommend reviewing all generated content carefully before paying, approving, sharing, or relying on it. You are responsible for the accuracy of the final brief you share with clients.

Unbriefd is designed around brief generation, not source file hosting.

• Uploaded source files: uploaded .txt and .docx files are used for text extraction during intake. The extracted text is stored in your brief record. The original uploaded file is not retained after text extraction completes.
• Transcript text: once you save a draft or create a brief, the transcript text is stored in our database so you can continue the workflow. You may request deletion at any time.
• Final PDF: approved PDFs are stored in Cloudflare R2 and made available through a share token link.
• Public share links: anyone with the final share link can view and download the brief PDF. Treat that link as confidential. If a link is exposed unintentionally, contact us and we can deactivate it.

Unbriefd stores data on infrastructure located in the European Union.

• Application database: Neon, EU region.
• PDF storage: Cloudflare R2, EU bucket.
• Email delivery: Resend, EU infrastructure.

Exceptions: the following providers may process data on infrastructure outside the EU:

• OpenAI: transcript text sent for extraction
• Stripe: payment data during transaction processing. Stripe is certified under the EU-U.S. Data Privacy Framework and incorporates Standard Contractual Clauses as an additional transfer safeguard. See stripe.com/legal/data-privacy-framework for details.
• Tally: feedback form submissions

For each, please refer to their respective privacy policies for details on data handling and residency.

We retain your data for as long as your account is active and you have briefs in your workspace.

• Brief records and transcript text: retained until you delete the brief or request account deletion.
• PDF files: retained in Cloudflare R2 until the brief is deleted or you request deletion.
• Email address and session data: retained until you request account deletion.
• Deleted briefs: removed from our systems immediately upon deletion. This action is permanent and cannot be undone.
• Payment records: retained for 7 years as required by applicable financial regulations.

Billing and transactional messaging are handled by specialist providers.

Stripe processes payments for paid briefs. Your card details are entered directly into Stripe's interface and are handled by Stripe, not stored by Unbriefd. See stripe.com/privacy.

Resend is used to send sign-in codes and service emails such as delivery confirmations.

We use third-party infrastructure to operate Unbriefd. Depending on the feature you use, your data may be processed by one or more of the following:

• Neon — application database hosting (EU)
• Cloudflare R2 — final PDF storage (EU)
• OpenAI — transcript-to-brief extraction (may process outside EU)
• Trigger.dev — asynchronous extraction and PDF jobs (EU)
• Stripe — payment processing (may process outside EU)
• Resend — email delivery (EU)
• Tally — feedback collection form (may process outside EU)

We do not share your data with any provider beyond those listed above.

Unbriefd is intended for professional use by individuals aged 16 and over. We do not knowingly collect data from anyone under 16. If you believe a person under 16 has created an account, contact us and we will delete it.

If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, correct, or delete personal data we hold about you, and the right to object to or restrict certain processing.

To exercise any of these rights, or if you believe a share link was exposed unintentionally, contact us at support@unbriefd.com.

We will respond to requests within 30 days. For complex requests we may extend this by a further 60 days and will notify you if we do so.