Privacy Policy

This Privacy Policy explains how PiBrief (“PiBrief,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our website, applications, and AI-powered personalized newsletter service (collectively, the “Service”). By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Policy.

PiBrief generates briefings using large language models and third-party AI providers. Because of this, we treat data minimization, transparency, and user control as core operating principles. If anything in this Policy is unclear, please contact us at support@pibrief.com.

1. Who we are

PiBrief is operated by the PiBrief team. References to “PiBrief” in this Policy refer to that operating entity. For privacy-related inquiries, data subject access requests, and deletion requests, you can reach us at support@pibrief.com.

2. Information we collect

We collect information that you provide directly, information created as you use the Service, and information from third-party providers we rely on to deliver the Service.

2.1 Information you provide

• Account information – name, email address, and authentication identifiers managed by our authentication provider (Clerk).
• Profile information – optional details such as your city, occupation, date of birth, and interests used to personalize your briefings.
• Newsletter configuration – the topics, schedule, delivery time, format preferences, and source choices you save.
• Billing information – payment method, billing address, and subscription details. Card numbers and bank account information are collected and stored directly by Stripe; we only receive limited tokens and metadata.
• Communications – messages you send to support, feedback, and any content you submit through forms.

2.2 Information collected automatically

• Usage data – pages viewed, features used, edition open and click events, and timestamps.
• Device and connection data – IP address, browser type and version, operating system, device type, and approximate location derived from your IP address.
• Acceptance audit metadata – when you accept the Terms of Service and this Privacy Policy, we record the date and time of acceptance, your IP address, your user-agent string, and the approximate country, region, city, and timezone derived from that IP address. This metadata provides a defensible audit trail of consent.
• Cookies and similar technologies – strictly necessary cookies are used by Clerk for session management. We do not use third-party advertising cookies.

2.3 Information from third parties

When you sign in through Clerk, we receive your email address, name, and any social profile fields you authorized. When you purchase a subscription, Stripe shares billing-status events and non-sensitive customer metadata with us.

3. How we use your information

• Provide, operate, personalize, and improve the Service, including generating, scheduling, and delivering your newsletters.
• Authenticate you and protect your account against abuse, fraud, or unauthorized access.
• Process payments, manage subscriptions, and prevent payment fraud.
• Send transactional communications such as billing receipts, account changes, security alerts, and delivery notifications.
• Comply with legal obligations and enforce our Terms of Service.
• Maintain a defensible audit log of legal-consent events (Section 2.2).

We do not sell your personal information, and we do not use it for cross-context behavioral advertising.

4. AI-generated content and third-party AI providers

PiBrief produces newsletter content using third-party large language models and AI services, which currently include Google Gemini, Perplexity, xAI Grok, and ElevenLabs (for audio briefings). To generate your briefings, we send these providers prompts that may include the topics, sources, and preferences you configured, but we do not send credit-card numbers, passwords, government identifiers, or other sensitive identifiers.

These providers process information under their own terms and privacy policies and act as our subprocessors. Output is programmatically reviewed and assembled into your newsletter. Because AI models can produce inaccurate, incomplete, or out-of-date statements (commonly called “hallucinations”), we surface citations to source URLs whenever practical and you should independently verify any material claim. You agree that you understand and accept these limitations as a condition of using the Service.

5. Service providers and recipients

We share information with the following categories of providers, only as necessary to operate the Service:

• Authentication – Clerk (account creation and session management).
• Payments – Stripe (subscription billing and payment processing).
• Hosting and storage – Google Cloud Platform for application hosting, Google Cloud Storage for generated audio assets, and MongoDB Atlas for primary application data.
• AI generation – Google Gemini, Perplexity, xAI Grok, and ElevenLabs (Section 4).
• Email delivery – SendGrid and our SMTP provider via Nodemailer.

We may also disclose information when required by applicable law, in response to lawful requests by public authorities, to enforce our Terms, to protect the rights or safety of our users, or in connection with a corporate transaction such as a merger or asset sale (in which case we will provide notice through the Service).

6. International transfers

The Service is operated from the United States, and we use providers in the United States and the European Union. By using the Service, you understand that your information will be transferred to and processed in jurisdictions that may have different data-protection laws than your jurisdiction of residence. Where required by law, we rely on standard contractual clauses or other lawful transfer mechanisms.

7. Data retention

We retain account and profile information for as long as your account is active. We retain newsletter editions, delivery logs, and acceptance audit metadata for as long as needed to operate the Service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, we delete or anonymize personal information within a reasonable timeframe unless we are required to retain it by law.

8. Your rights

Depending on where you live, you may have rights under the GDPR, UK GDPR, CCPA/CPRA, or similar laws, including:

• The right to access personal information we hold about you.
• The right to rectify inaccurate or incomplete information.
• The right to delete your information.
• The right to restrict or object to certain processing, including a right to opt out of any “sale” or “sharing” (PiBrief does not sell or share for cross-context advertising).
• The right to data portability.
• The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, email support@pibrief.com. We will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling the request.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, restricted production access, and reputable cloud infrastructure. No system is completely secure, however, and we cannot guarantee the security of any information you transmit to us.

10. Children's privacy

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verifiable parental consent, we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Last updated” date and, where appropriate, provide additional notice through the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

12. Contact us

Questions, concerns, or requests regarding this Privacy Policy can be sent to support@pibrief.com.