Privacy Policy

Last updated: April 10, 2026

BriefStack ("we," "us," "our") operates the website briefstack.io and related services. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

As a privacy compliance service, we hold ourselves to the same standards we help our subscribers meet.

1. Data We Collect

Information you provide

  • Account information: email address, name (optional), company name (optional) when you sign up
  • Subscription preferences: which states you want to track, your business type
  • Payment information: processed by our payment provider — we do not store credit card numbers, bank account details, or other financial information on our servers

Information collected automatically

  • Usage data: pages viewed, features used, email open/click rates
  • Device information: browser type, operating system, screen size
  • Log data: IP address, access times, referring URLs

Information we do not collect

  • We do not use third-party advertising trackers
  • We do not sell personal data to third parties
  • We do not collect biometric data
  • We do not collect precise geolocation data

2. How We Use Your Data

  • Deliver the service: send briefs, alerts, and weekly summaries to your email
  • Manage your account: authenticate logins, process subscriptions, manage billing
  • Improve the service: understand which content is most useful, identify technical issues
  • Communicate with you: respond to inquiries, send service updates, deliver welcome sequences

We do not use your data for targeted advertising. We do not share your data with advertisers.

3. Data Sharing

We share personal data only with the following categories of service providers, solely to operate BriefStack:

  • Supabase (database and authentication hosting)
  • Vercel (website hosting)
  • Resend (email delivery)
  • Payment processor (subscription billing)

Each provider processes data only as necessary to provide their service to us. We do not sell, rent, or trade your personal information to any third party.

4. Data Retention

  • Active accounts: we retain your data for as long as your account is active
  • Cancelled accounts: we retain your email and subscription history for 90 days after cancellation, then delete it
  • Email logs: delivery and engagement data is retained for 12 months for service quality purposes
  • Server logs: automatically purged after 30 days

5. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your personal data
  • Portability: request your data in a machine-readable format
  • Opt-out: unsubscribe from marketing emails at any time via the link in any email

To exercise any of these rights, email us at hello@briefstack.io. We will respond within 30 days.

6. Cookies and Tracking

BriefStack uses only essential cookies required for authentication and session management. We do not use third-party tracking cookies, advertising pixels, or cross-site tracking technologies.

Our email service provider may track email opens and link clicks to measure engagement. You can opt out of email tracking by disabling remote image loading in your email client.

7. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS on all connections)
  • Encryption at rest for database storage
  • API keys hashed with SHA-256 before storage
  • Row-level security policies on all database tables
  • Service role separation between public and administrative access

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you within 72 hours in accordance with applicable law.

8. Children

BriefStack is a business-to-business service not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. State-Specific Disclosures

California (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at hello@briefstack.io.

Other States

If you reside in Virginia, Colorado, Connecticut, Texas, Oregon, or any other state with comprehensive privacy legislation, you may have additional rights under your state's law. We honor all applicable state privacy rights. Contact us to exercise them.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify existing subscribers of material changes via email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy inquiries, data requests, or questions about this policy:

Email: hello@briefstack.io
Web: briefstack.io