Briefit Privacy Policy
Effective and last updated: 23 June 2026
Briefit is provided by NEOLINXAI PTY LTD (ABN 89 679 104 182), trading as Briefit ("NeolinxAI", "Briefit", "we", "us", or "our").
At a glance
- What we collect. Depending on the features you use, we collect account details, prompts and conversations, files and media, voice audio and transcripts, data from services you connect, optional location and weather data, preferences and memories, and technical and usage information.
- Why we collect it. We use this information to operate Briefit, generate AI responses, run requested tools and agent actions, create briefings and automations, personalize your experience, secure the Services, provide support, and comply with law.
- AI model training. NeolinxAI does not use your private Content to train a general-purpose AI model owned by NeolinxAI. We do not authorize our AI service providers to use Content submitted through Briefit to train their general-purpose models unless we clearly disclose that practice and obtain any consent required by law. Providers may still process or retain limited data for service delivery, safety, abuse prevention, security, and legal compliance under their applicable business or API terms.
- No sale or behavioral advertising. We do not sell your personal information. We do not share it for cross-context behavioral advertising, and Briefit does not display third-party advertising.
- Your controls. You can manage chats, memories, connected accounts, notifications, device permissions, public share links, data access or export requests, and account deletion. Some controls depend on the version and platform you use.
- International processing. Briefit uses global cloud, AI, and connected-service providers. Personal information may be processed outside your country, including in the United States.
This summary is only a guide. The full Policy below explains our practices in more detail.
Contents
1. Who we are and what this Policy covers
2. Information we collect
3. How we use personal information
4. AI processing, memory, and agent actions
5. How we disclose personal information
6. Device permissions and feature-specific choices
7. Public sharing and communications
8. Your privacy controls
9. Retention and deletion
10. Security
11. International data transfers
12. Legal bases for processing
13. Your privacy rights
14. Australian privacy information
15. United States state privacy disclosures
16. Children and teenagers
17. Third-party services
18. Changes to this Policy
19. Contact us
1. Who we are and what this Policy covers
This Privacy Policy explains how NeolinxAI collects, holds, uses, discloses, and protects personal information when you use:
- the Briefit iOS application and any other Briefit application;
- Briefit websites, web experiences, APIs, and public share pages;
- Briefit chat, voice, briefing, memory, automation, skill, file, connected-account, search, browser, and agent features; and
- support, account, billing, and related communications.
Together, these are the "Services".
In this Policy:
- "Content" means information submitted to, created through, or stored in the Services, including prompts, messages, AI outputs, voice transcripts, files, images, generated media, connected-service data, briefings, memories, skills, automation instructions, tool results, approvals, and public share snapshots.
- "Connected Service" means a third-party account, application, website, or data source that you choose to connect to or use through Briefit, such as email, calendar, cloud storage, messaging, meetings, project-management, CRM, productivity, or other services.
- "Personal information" or "personal data" means information that identifies, relates to, describes, or can reasonably be linked with an individual, as defined by applicable law.
This Policy does not govern a third party's independent handling of information. Connected Services, websites opened by an agent, Apple, Google, and other third parties have their own terms and privacy practices. If you use Briefit under a separate business, enterprise, or developer agreement, that agreement and any applicable data processing addendum may also govern the relevant processing.
We may provide shorter, feature-specific notices when we request a device permission, connect an account, enable a new feature, or collect information in a context that requires additional explanation. Those notices supplement this Policy.
2. Information we collect
The information we collect depends on how you use Briefit, which permissions you grant, which accounts you connect, and which features are available to you.
2.1 Account and profile information
When you create or use an account, we may collect:
- your name, display name, email address, profile image, and other profile details;
- a Briefit user ID and authentication-related identifiers;
- the identity provider you use, such as Sign in with Apple, Google sign-in, or email authentication;
- account status, login timestamps, authentication events, and security information;
- language, locale, country or region, time zone, currency, measurement-system, and formatting preferences; and
- subscription status, plan, entitlements, and account settings.
Authentication providers may give us information permitted by you and their settings. For example, Apple may provide your name and a private relay email address. We generally do not receive your Apple or Google password.
2.2 Prompts, conversations, outputs, and other Content
We collect the Content you choose to submit or create, including:
- text prompts, chat messages, follow-up instructions, and search requests;
- AI-generated responses, summaries, plans, citations, generated files, and other outputs;
- conversation titles, timestamps, previews, session identifiers, thread state, and message history;
- approval decisions, tool-status messages, agent progress, and task results;
- edits, ratings, reports, or feedback you provide; and
- personal information about you or other people that appears in Content.
Briefit is a general-purpose assistant and does not require you to provide sensitive information. However, Content can contain health, financial, employment, legal, political, religious, biometric, or other sensitive information if you choose to include it or if it appears in a Connected Service. Please avoid providing sensitive or confidential information that is not needed for your request.
You are responsible for ensuring that you have the right to submit Content and connect accounts, including information about other people. Do not use Briefit to access or disclose information that you are not authorized to use.
2.3 Voice and audio information
If you use voice features, we may process:
- microphone audio streamed in real time for speech recognition and AI response generation;
- transcripts of what you say and text generated from those transcripts;
- AI-generated speech and related playback data;
- voice session identifiers, timestamps, duration, usage, language, and technical information; and
- conversation-derived memories or preferences if Memory or Auto-learn is enabled.
Normal Briefit chat history is designed to retain transcripts and conversation records rather than raw microphone recordings. Raw audio may nevertheless be processed, buffered, or temporarily retained by Briefit or an AI or speech provider as needed to deliver the feature, prevent abuse, maintain security, troubleshoot a problem, or comply with law. A feature that intentionally stores a recording will provide additional notice.
2.4 Files, photos, camera content, and generated media
If you attach, capture, upload, create, or download content, we may collect:
- documents, images, photos, videos, audio files, spreadsheets, presentations, archives, and other files;
- camera captures and items selected through the iOS photo or document picker;
- file names, types, sizes, checksums, upload status, storage references, timestamps, and related metadata;
- session, thread, user, and feature identifiers associated with an attachment; and
- generated images, documents, code, or other artifacts produced through the Services.
Briefit may resize, compress, convert, scan, extract text from, summarize, or otherwise process files to provide the feature you request. Some file metadata may reveal information such as the creator, creation date, or location. Consider removing metadata you do not want to share before uploading.
2.5 Connected Services and third-party account data
When you connect a third-party account, we may collect and process:
- the provider name, account identifier, connection identifier, connection status, scopes or permissions, and connection timestamps;
- authentication tokens or credentials needed to maintain the connection, which may be held by our connector provider or in a secured backend environment;
- information available within the permissions you approve, such as email messages and metadata, calendar events, contacts, files, documents, messages, channels, meeting details, tasks, project records, CRM records, and other account content;
- instructions, queries, filters, and results associated with reading from or acting in a Connected Service; and
- records of actions, approvals, errors, and outcomes.
Briefit only accesses a Connected Service after you initiate or authorize a connection. The available data and actions depend on the permissions you grant and the provider's APIs. Briefit may use connected information to answer a request, create a briefing, personalize a result, maintain context, or perform an action you request.
Disconnecting an account stops future access through that connection, but it does not automatically delete Content that was already copied into a chat, briefing, memory, file, output, log, or public share. You can separately delete those items or your Briefit account. Disconnecting also does not undo an action already completed in a Connected Service.
2.6 Briefings, memories, skills, automations, and preferences
To provide personalized and proactive features, we may collect and store:
- saved memories, learned notes, personal preferences, and instructions;
- Memory and Auto-learn settings and records of memory creation, editing, use, and deletion;
- briefing preferences, importance rules, watch lists, muted topics or people, sender rules, working hours, scheduling context, location labels, and generated briefing snapshots;
- user-created skills, knowledge notes, uploaded skill files, custom instructions, and usage settings;
- automation names, schedules, time zones, triggers, instructions, linked accounts, run history, status, outputs, and errors; and
- approval requests and your approve or deny decisions.
When Auto-learn is enabled, Briefit may derive concise memories from chats, voice transcripts, agent tasks, or other interactions so future responses can be more useful. Turning Auto-learn off stops new automatic memories from being created, but does not delete existing memories. You can review, edit, disable, or delete stored memories through the available Memory controls.
2.7 Location, weather, and time context
If you grant location permission or use a location-aware feature, we may process:
- precise GPS coordinates or approximate device location;
- city, region, country, time zone, and a human-readable location label;
- reverse-geocoding results;
- local weather conditions, forecasts, timestamps, and freshness information; and
- location or weather preferences and locally cached location data.
Precise coordinates may be sent to weather or geocoding providers and, where required by the feature, to Briefit's backend. Briefit may include a derived location label, time zone, local time, or weather summary in the context used to answer a request or prepare a briefing. The app may cache location and weather information on your device to reduce repeated requests.
We may also infer a coarse location from an IP address for security, fraud prevention, regional settings, or service operation. You can deny or revoke location permission in iOS. Where practical, Briefit may allow manual location entry or may continue with reduced location functionality.
2.8 Device, technical, usage, and diagnostic information
When you use the Services, we may automatically receive:
- IP address, network and connection information, request timestamps, and server or WebSocket connection data;
- device type, operating system, app version, browser type, language, locale, time zone, UTC offset, region, currency, text direction, and measurement or time-format preferences;
- user, session, thread, request, connection, and correlation identifiers;
- feature interactions, task states, voice usage duration, token or credit usage, notification interactions, app state, active-screen or presence information, and other product activity;
- push notification tokens and platform information;
- crash, performance, error, security, fraud, and troubleshooting information; and
- limited operational logs. Where reasonably necessary to investigate a problem, enforce our terms, protect safety, or respond to a support request, logs may include relevant portions of Content.
Some settings, authentication information, caches, recent data, push tokens, and preferences may be stored locally on your device using storage made available by iOS or the application framework.
Our websites may use cookies, local storage, and similar technologies for authentication, security, preferences, support, and operation. Any optional analytics or marketing technology will be described through an appropriate notice or consent control where required.
2.9 Notifications
If you enable notifications, we may collect and use:
- an Apple or Expo push token;
- your notification preference and permission status;
- app version, platform, account identifier, and notification delivery or interaction information;
- app-state and limited presence information used to avoid unnecessary or duplicate notifications; and
- notification content, which may include a chat title, message preview, agent-completion summary, or briefing summary.
Notification previews may be visible on your lock screen or to anyone who can view your device. You can disable Briefit notifications in the app or iOS settings and can control preview visibility through iOS settings.
2.10 Purchases and subscriptions
If paid features are offered, Apple, Stripe, or another payment provider may process your payment details. Briefit may receive and store information such as:
- a transaction, customer, or subscription identifier;
- plan, entitlement, renewal, cancellation, refund, and payment status;
- purchase history and billing-related timestamps; and
- limited contact and tax information where required.
We generally do not receive full payment-card details when payment is processed by Apple or a hosted payment provider.
2.11 Support, surveys, and feedback
If you contact us or participate in research, testing, a survey, or a support interaction, we may collect your contact details, message content, attachments, device or diagnostic information you provide, and records of our response. If you deliberately submit feedback about an AI response or feature, the relevant conversation or Content may be reviewed with that feedback.
2.12 Information from other sources
We may receive information from:
- Apple, Google, Supabase, or another authentication provider;
- Connected Services and connector providers you authorize;
- payment providers;
- public websites, search services, news sources, and web pages used to answer your requests;
- safety, fraud-prevention, security, or abuse-monitoring providers; and
- an organization that provides your access to Briefit under a separate business arrangement.
3. How we use personal information
We use personal information for the following purposes:
3.1 Provide and operate the Services
- create, authenticate, secure, and administer accounts;
- receive prompts and Content and generate AI responses;
- transcribe speech, generate audio, process files, create artifacts, and maintain conversation history;
- connect to third-party services and retrieve, organize, summarize, or act on information at your direction;
- run searches, browser tasks, code or document tools, and multi-step agent workflows;
- create briefings, memories, skills, automations, and personalized context;
- sync content across devices and restore prior sessions; and
- deliver notifications, public share pages, and requested exports.
3.2 Personalize Briefit
We use account settings, saved memories, preferences, prior conversations, location or weather context, Connected Service data, and feature history to tailor responses, briefings, suggestions, timing, and user experience. You can control many personalization sources as described in Section 8.
3.3 Maintain safety, security, and integrity
We use information to authenticate users, issue short-lived connection credentials, prevent unauthorized access, detect abuse or fraud, enforce applicable terms, investigate incidents, protect users and third parties, maintain service availability, and comply with security obligations.
3.4 Support, debugging, and product improvement
We use information to respond to requests, diagnose errors, monitor reliability, understand feature performance, improve usability, develop new functionality, measure capacity and usage, and conduct internal testing and research. We may use aggregated or de-identified information for these purposes and will maintain it in de-identified form unless re-identification is permitted or required for security, fraud prevention, or law.
3.5 Communications
We use contact information to send service messages, security alerts, account notices, support responses, changes to terms or policies, and other transactional communications. We will send marketing messages only where permitted by law and subject to available opt-out controls.
3.6 Payments and business operations
We use information to administer subscriptions, process entitlements, prevent payment fraud, handle refunds or disputes, keep accounting and tax records, plan capacity, audit our systems, obtain professional advice, and manage our business.
3.7 Legal compliance and protection
We may use information to comply with law, lawful requests, court orders, regulatory obligations, and recordkeeping duties; establish, exercise, or defend legal claims; and protect the rights, safety, privacy, and property of NeolinxAI, users, and others.
We do not use personal information from Briefit to build advertising profiles for third parties.
4. AI processing, memory, and agent actions
4.1 How AI processing works
Briefit uses AI models and supporting tools provided by NeolinxAI and third-party providers. Depending on the feature, availability, safety, performance, and configuration, relevant Content may be sent to one or more AI, speech, search, image, document, browser, or code-execution providers.
A request may include more than the latest message. To respond coherently, Briefit may provide a model with selected prior messages, saved memories, user preferences, time and locale context, weather or location context, Connected Service data, tool results, files, or agent state. We seek to limit the information sent to what is reasonably relevant to the requested feature, but AI systems can process broad context and may infer information from it.
4.2 Model training and improvement
NeolinxAI does not use your private Content to train a general-purpose AI model owned by NeolinxAI.
We do not authorize an AI service provider to use Content submitted through Briefit to train that provider's general-purpose models unless we clearly disclose the practice and obtain any consent required by law. We use business or API services and provider controls intended to limit training use where those controls are available.
AI and infrastructure providers may process or retain limited Content or metadata for service delivery, abuse monitoring, safety, security, debugging, or legal compliance under their applicable business or API terms. Provider retention periods and exceptions can differ from Briefit's own retention practices.
We may use:
- aggregated or de-identified usage information;
- reliability, latency, error, and feature-performance data;
- Content you deliberately submit as feedback or in a support request; and
- test data that is not linked to an identifiable user,
to improve Briefit, evaluate safety, and develop features. We will provide additional notice and choice before materially expanding the use of identifiable private Content for AI model training.
4.3 Memory and Auto-learn
Memory is an optional personalization layer. When enabled, Briefit can save or derive notes about facts, preferences, instructions, and ongoing context. Auto-learn can create memories from conversations, voice transcripts, or agent activity. Memories may be included in later AI requests.
You can turn Memory or Auto-learn off, edit or delete individual memories, and clear all memories. Turning Memory off may stop its use in new responses, but existing memory records remain until you delete them. Deleting a chat does not necessarily delete a separate memory derived from that chat; delete the memory as well if you want it removed.
4.4 Agent actions and Connected Services
Briefit can perform multi-step tasks and, when authorized, take actions outside Briefit. Depending on the Connected Service and permissions, an action may send a message, create or modify a file, add or change an event, update a task or record, submit information, or otherwise affect a third-party account.
We process the information needed to understand the task, select tools, request approval where the product requires it, execute the action, and record the result. Some actions may be irreversible or may expose information to recipients. Review proposed actions and outputs carefully. You remain responsible for confirming that your instructions, permissions, recipients, and use of third-party data are lawful and appropriate.
Disconnecting a service prevents future access through that connection but does not retract sent communications, reverse completed actions, or delete information retained by the third party.
4.5 AI accuracy and automated decisions
AI outputs and tool results can be incomplete, inaccurate, or inappropriate. Do not rely on Briefit as the sole basis for high-impact decisions, and verify important information before acting.
NeolinxAI does not use personal information to make solely automated decisions about you that produce legal or similarly significant effects, unless we provide a specific notice and the safeguards required by applicable law. Briefit's generation of responses, personalization, routing, safety checks, and execution of user-directed tasks are automated processes, but they are not intended to determine your eligibility for employment, housing, credit, insurance, education, health care, or another comparable right or service.
5. How we disclose personal information
We disclose personal information only as described in this Policy, at your direction, or as otherwise permitted by law.
5.1 Service providers and contractors
We use providers for cloud hosting, authentication, database services, storage, security, AI and speech processing, search, browser and code execution, connected-account authorization, workflow automation, notifications, payments, communications, and support.
Depending on the feature, examples may include Amazon Web Services, Supabase, OpenAI, xAI, Google Cloud or Vertex AI, Composio, Apple, Expo, Open-Meteo, Tavily, Browserbase, E2B, n8n, and Stripe. Not every provider is used for every request, and providers may change as the Services evolve.
When a provider processes personal information on our behalf, we require it to use the information for the contracted service and to provide safeguards consistent with this Policy and applicable law. We seek to limit provider access to information reasonably necessary for its role. Independent third-party services that you choose to connect may also process information for their own purposes under their own policies.
5.2 AI, search, and tool providers
We disclose relevant Content and context to AI, speech, image, search, browser, document, or execution providers to generate outputs and perform requested tasks. This may include prompts, files, voice audio, transcripts, connected data, memory, prior messages, and tool instructions.
5.3 Connected Services and recipients you choose
At your direction, Briefit may send information to a Connected Service or to a person or organization you select. For example, Briefit may send an email, post a message, update a calendar event, create a file, or submit information to a third-party service. The recipient and service may retain, copy, forward, or use the information under their own policies.
5.4 Other users and public sharing
If you create a public share link or otherwise share Content, we disclose the selected Content and related presentation metadata to people who receive or access the link. Section 7 explains the associated risks.
5.5 Legal, safety, and security disclosures
We may disclose information to courts, law-enforcement agencies, regulators, government authorities, security researchers, industry partners, or other third parties when we reasonably believe disclosure is necessary to:
- comply with law, legal process, or a valid government request;
- protect the rights, property, privacy, or safety of NeolinxAI, users, or the public;
- investigate or prevent fraud, abuse, security incidents, unlawful conduct, or violations of applicable terms;
- respond to an emergency involving risk of death or serious physical harm; or
- establish, exercise, or defend legal claims.
Where legally permitted and appropriate, we seek to review requests for validity and limit disclosures to what is required.
5.6 Corporate transactions
If NeolinxAI is involved in a financing, due diligence process, merger, acquisition, reorganization, sale of assets, insolvency, or transfer of the Services, personal information may be disclosed to advisers, counterparties, and a successor. We will require recipients to protect the information and will provide notice where required by law.
5.7 Professional advisers and affiliates
We may disclose information to lawyers, accountants, auditors, insurers, investors, and corporate affiliates where reasonably necessary for professional advice, compliance, risk management, or business operations and subject to appropriate confidentiality obligations.
5.8 Aggregated or de-identified information
We may disclose statistics or information that has been aggregated or de-identified so it no longer reasonably identifies an individual. We do not attempt to re-identify such information except as permitted for security, fraud prevention, validation of de-identification, or law.
5.9 No sale or cross-context behavioral advertising
We do not sell personal information. We do not share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined by applicable United States state privacy laws. Briefit does not use third-party advertising networks to display ads in the app.
6. Device permissions and feature-specific choices
Briefit requests iOS permissions only when relevant to a feature. Permission availability and wording can vary by iOS version.
- Microphone. Used for live voice input, transcription, and spoken AI interactions.
- Location. Used for local weather, time-zone context, and location-aware responses or briefings.
- Camera. Used when you choose to capture an attachment.
- Photos or media library. Used when you choose to select, upload, or save media.
- Notifications. Used to alert you about replies, agent completion, briefing updates, security, or account events.
- Sign in with Apple or other sign-in providers. Used to authenticate your account and receive the profile information you authorize.
- Connected-account permissions. Used to access or act in a service you choose to connect. The authorization screen describes the requested scopes.
You can deny or later revoke device permissions through iOS Settings. You can disconnect Connected Services through Briefit and, where available, through the third party's own account settings. Revoking permission generally stops future collection or access, but it does not delete information already collected or undo prior actions.
Some features will not work without the relevant permission. We do not require microphone, camera, photo, location, or notification access merely to use unrelated features. Where practical, we provide reduced-functionality alternatives, such as text input or manual location selection.
7. Public sharing and communications
7.1 Public share links
When you create a Briefit share link, the selected response, conversation excerpt, briefing, image, or other snapshot may become accessible to anyone who has the link. Depending on the implementation, a share page may include a title, preview text, image, source links, or other metadata used by browsers and messaging platforms.
Before sharing:
- review the entire shared snapshot for personal, confidential, copyrighted, or third-party information;
- do not share information unless you are authorized to disclose it; and
- assume that a recipient can copy, forward, screenshot, archive, or republish it.
You may be able to disable or delete a share through the relevant control. Deactivation cannot remove copies already made by others or immediately clear cached previews held by browsers, search engines, social platforms, or recipients.
7.2 Messages and actions sent through Connected Services
A message, file, event, post, or other action sent through a Connected Service is governed by that service and the recipient's handling. Deleting the related Briefit chat or disconnecting the account does not retract the communication or delete it from the recipient's systems.
7.3 Service and marketing communications
You cannot opt out of essential service, security, legal, or account messages while maintaining an account. You can opt out of marketing emails by using the unsubscribe control or contacting us. Notification settings are described in Sections 2.9, 6, and 8.
8. Your privacy controls
The controls available to you may vary by version, platform, account type, and feature.
8.1 Profile and account information
You can review or update available profile information in Settings. Some identity information, such as an email address provided by an authentication service, may need to be updated through that provider or through a verified support request.
8.2 Chats and conversation history
You can delete individual chats or use available data controls to delete all chats. Deletion removes the selected history from your active account, subject to Section 9. Separate memories, shared snapshots, connected-service actions, and data retained for legal or security reasons may remain until separately deleted or no longer required.
8.3 Memory controls
You can turn Memory or Auto-learn off, disable a memory, edit or delete individual memories, or clear all memories. Delete both a chat and any separate memory derived from it when you want both removed.
8.4 Connected accounts
You can review and disconnect linked accounts. You may also revoke Briefit's access from the third party's own security or connected-app settings. Disconnecting stops future access through that connection but does not delete copied Content or reverse actions already taken.
8.5 Device permissions and location
Manage microphone, location, camera, photos, media, and notification permissions in iOS Settings. Clearing the app cache or deleting the app may remove some local data, but deleting the app does not delete your Briefit account or server-side information.
8.6 Notifications and previews
You can disable Briefit notifications in the app or iOS Settings. You can control whether notification previews appear on the lock screen through iOS notification settings. Disabling notifications causes us to stop using the push token for new Briefit notifications after the change is processed, subject to short operational delays and security records.
8.7 Access, correction, and export
You may request access to, correction of, or an export of personal information held by Briefit. Available self-service export tools may include account, conversation, automation, billing, memory, skill, and connected-account metadata. An export may not include information held only by a Connected Service, OAuth secrets, passwords, security data, or information we cannot disclose without affecting the rights of others.
8.8 Account deletion
You can initiate deletion through Settings > Profile > Delete Account or another in-app deletion control made available in your version of Briefit. We may require reauthentication or another reasonable verification step.
Account deletion is intended to remove your Briefit account and associated personal information that we are not required or permitted to retain. We normally complete a verified deletion request within 30 days. We will explain if additional time is reasonably necessary because of legal obligations, fraud or security investigation, active disputes, financial recordkeeping, backup cycles, or technical dependencies.
Important consequences:
- deleting the app from your device does not delete your account;
- deleting your Briefit account does not delete information held independently by Connected Services or recipients;
- completed external actions cannot necessarily be reversed;
- deleting a Briefit account does not automatically cancel an Apple App Store or other third-party subscription unless the purchase flow expressly states otherwise; manage the subscription through the relevant provider; and
- we may retain a minimal record of the deletion request and information needed to prevent fraud, enforce legal rights, or demonstrate compliance.
If the in-app control is unavailable because of a technical issue, contact us using Section 19. We will not require a support-only deletion process where platform rules require in-app initiation.
8.9 Consent withdrawal
Where processing is based on consent, you can withdraw consent through the relevant setting, device permission, disconnection control, or by contacting us. Withdrawal does not affect processing that occurred before withdrawal and may prevent the relevant feature from working.
9. Retention and deletion
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain security, resolve disputes, meet legal obligations, and protect our rights. Retention depends on the data's nature, sensitivity, purpose, risk, account settings, and legal requirements.
Retention schedule
Account and profile information. Retained while the account is active. Following verified account deletion, active records are normally removed or de-linked within 30 days, subject to the exceptions below.
Chats, outputs, briefings, memories, skills, automations, approvals, and preferences. Retained until you delete the relevant item, clear the category, or delete your account, unless a shorter period or feature-specific setting applies.
Files, attachments, generated artifacts, and media. Retained while associated with an active item or account, until removed, or until account deletion. Temporary processing copies may be deleted sooner. Backup copies may remain until overwritten in the ordinary backup cycle.
Connected-account metadata and authorization material. Retained while the connection is active and then deleted, revoked, or deactivated following disconnection or account deletion, subject to security, audit, and provider requirements.
Connected content copied into Briefit. Retained according to the Briefit item into which it was copied, such as a chat, briefing, memory, file, or public share. Disconnecting alone does not delete that copy.
Voice audio and transcripts. Live audio is generally processed in real time and is not intended to be kept as ordinary chat history. Transcripts, messages, usage records, and derived memories follow the retention of the related chat, account, memory, or security record. Providers may apply separate limited retention.
Location and weather data. Device caches remain until refreshed, cleared, the app is removed, or the operating system removes them. Server-side location labels, weather context, or logs are retained with the related Content or operational record. Weather and geocoding providers apply their own retention.
Push tokens and notification data. Retained while notifications are enabled and the token remains valid, then deleted or deactivated after disablement, logout, invalidation, or account deletion, subject to short operational and security records.
Support and feedback. Retained as reasonably necessary to resolve the issue, improve the Services, maintain an audit trail, and meet legal obligations.
Billing and transaction records. Retained for the periods required for accounting, tax, fraud prevention, disputes, refunds, and other legal obligations.
Security, abuse, and technical logs. Retained for a period reasonably necessary to protect the Services, investigate incidents, prevent repeated abuse, debug issues, and comply with law. Relevant records may be kept longer during an incident, dispute, or legal hold.
Public share pages. Retained until disabled, deleted, expired, or removed with account deletion, subject to cached copies and copies made by recipients.
Aggregated or de-identified information. May be retained for longer where it no longer reasonably identifies you and is maintained in de-identified form.
Deletion from active systems may not immediately remove data from encrypted or access-restricted backups. Backup data is not ordinarily restored except for disaster recovery, and if restored, deletion instructions are re-applied where reasonably practicable.
We may retain information longer when required by law, subject to a preservation order, necessary to investigate abuse or security incidents, needed to resolve a dispute, or required for financial records. We may also retain information that has been de-identified so it no longer reasonably identifies you.
Third-party providers and Connected Services have their own retention practices. A deletion from Briefit does not require an independent third party to delete information it holds under its own relationship with you.
10. Security
We use administrative, technical, and organizational measures designed to protect personal information against loss, misuse, unauthorized access, alteration, disclosure, and destruction. Depending on the system, these measures include encryption in transit, access controls, authentication and short-lived connection credentials, separation of environments, secure secrets management, monitoring, logging, backups, vendor assessment, and incident-response procedures.
Access to production personal information is limited to personnel and providers who need it for authorized duties and are subject to confidentiality and security obligations.
No service, network, storage system, or transmission method is completely secure. You should use a strong device passcode, protect your sign-in account, keep iOS and Briefit updated, review connected-account permissions, and avoid submitting information that is not necessary. Contact us promptly if you suspect unauthorized account access.
If we identify a data breach, we will investigate and notify affected individuals and regulators where required by applicable law.
11. International data transfers
NeolinxAI is an Australian company, but Briefit relies on global providers. Personal information may be processed in Australia, the United States, the United Kingdom, the European Economic Area, Singapore, and other countries where our providers, Connected Services, or their subprocessors operate. Some core cloud and AI processing currently occurs in the United States.
Privacy laws in another country may differ from those in your country, and foreign authorities may have lawful access to information under local law. Where required, we use contractual commitments, data processing terms, standard contractual clauses, adequacy decisions, access controls, and other safeguards intended to protect transferred information.
When you direct Briefit to interact with a Connected Service or recipient in another country, the transfer may also occur at your direction and be governed by that service's relationship with you.
12. Legal bases for processing
This section applies where a law such as the GDPR or UK GDPR requires us to identify a legal basis.
Purpose and legal basis
Create and administer your account; provide chat, voice, files, briefings, memory, automations, agents, and connected features. Legal basis: Performance of our contract with you or steps requested before entering that contract
Process optional precise location, microphone, camera or photo access, notifications, certain Connected Services, or marketing. Legal basis: Consent, where consent is required; you may withdraw it at any time
Secure the Services, prevent fraud and abuse, maintain reliability, debug, support users, improve non-training product features, and use de-identified analytics. Legal basis: Our legitimate interests in operating a safe, reliable, useful, and sustainable service, balanced against your rights
Maintain records, respond to legal process, and meet regulatory, tax, accounting, safety, or data-protection obligations. Legal basis: Compliance with legal obligations
Protect a person's life or physical safety in an emergency. Legal basis: Vital interests, where applicable
Establish, exercise, or defend legal claims. Legal basis: Legitimate interests and legal claims, as permitted by law
Where applicable law treats information as special-category or sensitive data, we process it only when a valid additional condition applies - for example, your explicit consent where required, information you have manifestly made public, protection of vital interests, establishment or defense of legal claims, or another condition permitted by law. Merely using Briefit does not authorize unrelated use of sensitive data.
You may object to processing based on legitimate interests. We will stop or restrict that processing where required unless we demonstrate compelling grounds or need the information for legal claims.
13. Your privacy rights
Depending on where you live, you may have the right to:
- know whether and how we process your personal information;
- access personal information and receive a copy in a portable format;
- correct inaccurate or incomplete personal information;
- delete personal information;
- restrict or object to processing;
- withdraw consent;
- opt out of sale, targeted advertising, or certain profiling;
- appeal a decision concerning a privacy request;
- use an authorized agent; and
- complain to a privacy or data-protection authority.
You can exercise many rights through the controls described in Section 8. For another request, contact us using Section 19 and write "Privacy Request" in the subject line.
We may ask you to verify your identity and account ownership before acting. An authorized agent may need to provide proof of authority, and we may still verify the request directly with you. We will not discriminate against you for exercising a privacy right.
Rights are subject to legal exceptions. For example, we may need to protect another person's privacy, preserve security information, retain financial records, comply with legal process, or decline a request we cannot verify. We will explain a refusal where required.
AI-generated text may be factually inaccurate. We can correct account records and, where technically and legally feasible, remove or annotate stored Content. We may not be able to alter information embedded in a third-party model's parameters or information held independently by another service.
You may lodge a complaint with the data-protection authority where you live or work. We encourage you to contact us first so we can investigate and respond.
14. Australian privacy information
Where the Australian Privacy Act 1988 and Australian Privacy Principles apply, NeolinxAI handles personal information in accordance with those requirements.
You may request access to or correction of personal information by contacting our Privacy Lead at the email in Section 19. Please describe the information or issue and how you would like us to resolve it. We may verify your identity and will respond within the period required by law.
To make a privacy complaint, email us with "Privacy Complaint" in the subject line and include enough detail for us to investigate. We aim to acknowledge the complaint promptly and provide a substantive response within 30 days. If you are not satisfied after giving us a reasonable opportunity to respond, you may contact the Office of the Australian Information Commissioner.
As explained in Section 11, we are likely to disclose personal information to overseas recipients, primarily in the United States and, depending on the provider or Connected Service, in the United Kingdom, European Economic Area, Singapore, Australia, and other countries where those providers operate.
15. United States state privacy disclosures
This section supplements the rest of the Policy for residents of California and other United States states with applicable consumer privacy laws.
15.1 Categories collected
In the preceding 12 months, depending on the features used, we may have collected the following categories:
- identifiers and contact information;
- account, authentication, and subscription information;
- commercial or purchase information;
- internet, network, device, usage, and diagnostic information;
- precise or approximate geolocation;
- audio information and voice transcripts;
- photos, videos, files, emails, messages, and other user Content;
- professional, project, calendar, CRM, or productivity information contained in Connected Services;
- inferences such as preferences, memories, relevance, or personalization context; and
- sensitive personal information if you choose to submit it, connect it, or enable precise location.
We collect these categories directly from you, automatically from your device and use, from authentication and payment providers, from Connected Services you authorize, and from public or security sources. We use and disclose them for the purposes and to the recipients described in Sections 3 and 5.
15.2 Sale, sharing, and sensitive information
We have not sold personal information or shared it for cross-context behavioral advertising in the preceding 12 months. We do not knowingly sell or share the personal information of users under 18 for those purposes.
We do not use or disclose sensitive personal information to infer characteristics about you for advertising. We use sensitive information only to provide a feature you request, maintain security, comply with law, or for another permitted purpose.
We do not offer a financial incentive in exchange for personal information.
15.3 State rights
Subject to applicable law and exceptions, you may request access, knowledge, correction, deletion, portability, restriction of certain processing, an appeal, or use of an authorized agent. Because we do not sell or share personal information for targeted advertising, there is no sale or targeted-advertising activity to opt out of at this time. We will honor legally valid browser-based opt-out preference signals where they apply to a practice we engage in.
Submit a request through the in-app controls or Section 19. We will verify and respond as required by applicable law.
16. Children and teenagers
The Services are not directed to children under 13, and we do not knowingly collect personal information from a child under 13. Users under 18 must have permission from a parent or legal guardian to use Briefit.
If you believe a child has provided personal information in violation of this section, contact us. We will investigate and, where appropriate, delete the information and close the account. Parents or guardians may be asked to verify their identity and relationship to the child.
17. Third-party services
Briefit can link to, display content from, or interact with third-party services. Their privacy practices are outside our control when they act independently. Review the permissions, terms, and privacy policy of a Connected Service before enabling it.
A third party may receive your data when:
- you sign in through that provider;
- you connect an account;
- Briefit sends a prompt, file, audio stream, query, or task to a provider;
- an agent opens a website or uses an external API;
- you share Content with a person or service; or
- you purchase through Apple or another payment provider.
Briefit is not responsible for a third party's independent use of information, its content, or its security practices. This does not limit any responsibility we have for providers acting as our processors under applicable law.
18. Changes to this Policy
We may update this Policy as Briefit, our providers, or legal requirements change. We will post the updated Policy with a new effective date. For a material change, we will provide additional notice through the app, website, or email where appropriate and will request consent where required by law.
You should review the Policy periodically. The version in effect when information is processed governs that processing, except where law requires otherwise.
19. Contact us
For privacy questions, rights requests, or complaints, contact:
Privacy Lead
NEOLINXAI PTY LTD, trading as Briefit
ABN 89 679 104 182
Email: support@briefit.com
Use the subject line "Privacy Request" or "Privacy Complaint" so we can route your message appropriately.