Briefit Privacy Policy

Effective and last updated: 23 June 2026

Briefit is provided by NEOLINXAI PTY LTD (ABN 89 679 104 182), trading as Briefit ("NeolinxAI", "Briefit", "we", "us", or "our").

At a glance

This summary is only a guide. The full Policy below explains our practices in more detail.

Contents

1. Who we are and what this Policy covers

2. Information we collect

3. How we use personal information

4. AI processing, memory, and agent actions

5. How we disclose personal information

6. Device permissions and feature-specific choices

7. Public sharing and communications

8. Your privacy controls

9. Retention and deletion

10. Security

11. International data transfers

12. Legal bases for processing

13. Your privacy rights

14. Australian privacy information

15. United States state privacy disclosures

16. Children and teenagers

17. Third-party services

18. Changes to this Policy

19. Contact us

1. Who we are and what this Policy covers

This Privacy Policy explains how NeolinxAI collects, holds, uses, discloses, and protects personal information when you use:

Together, these are the "Services".

In this Policy:

This Policy does not govern a third party's independent handling of information. Connected Services, websites opened by an agent, Apple, Google, and other third parties have their own terms and privacy practices. If you use Briefit under a separate business, enterprise, or developer agreement, that agreement and any applicable data processing addendum may also govern the relevant processing.

We may provide shorter, feature-specific notices when we request a device permission, connect an account, enable a new feature, or collect information in a context that requires additional explanation. Those notices supplement this Policy.

2. Information we collect

The information we collect depends on how you use Briefit, which permissions you grant, which accounts you connect, and which features are available to you.

2.1 Account and profile information

When you create or use an account, we may collect:

Authentication providers may give us information permitted by you and their settings. For example, Apple may provide your name and a private relay email address. We generally do not receive your Apple or Google password.

2.2 Prompts, conversations, outputs, and other Content

We collect the Content you choose to submit or create, including:

Briefit is a general-purpose assistant and does not require you to provide sensitive information. However, Content can contain health, financial, employment, legal, political, religious, biometric, or other sensitive information if you choose to include it or if it appears in a Connected Service. Please avoid providing sensitive or confidential information that is not needed for your request.

You are responsible for ensuring that you have the right to submit Content and connect accounts, including information about other people. Do not use Briefit to access or disclose information that you are not authorized to use.

2.3 Voice and audio information

If you use voice features, we may process:

Normal Briefit chat history is designed to retain transcripts and conversation records rather than raw microphone recordings. Raw audio may nevertheless be processed, buffered, or temporarily retained by Briefit or an AI or speech provider as needed to deliver the feature, prevent abuse, maintain security, troubleshoot a problem, or comply with law. A feature that intentionally stores a recording will provide additional notice.

2.4 Files, photos, camera content, and generated media

If you attach, capture, upload, create, or download content, we may collect:

Briefit may resize, compress, convert, scan, extract text from, summarize, or otherwise process files to provide the feature you request. Some file metadata may reveal information such as the creator, creation date, or location. Consider removing metadata you do not want to share before uploading.

2.5 Connected Services and third-party account data

When you connect a third-party account, we may collect and process:

Briefit only accesses a Connected Service after you initiate or authorize a connection. The available data and actions depend on the permissions you grant and the provider's APIs. Briefit may use connected information to answer a request, create a briefing, personalize a result, maintain context, or perform an action you request.

Disconnecting an account stops future access through that connection, but it does not automatically delete Content that was already copied into a chat, briefing, memory, file, output, log, or public share. You can separately delete those items or your Briefit account. Disconnecting also does not undo an action already completed in a Connected Service.

2.6 Briefings, memories, skills, automations, and preferences

To provide personalized and proactive features, we may collect and store:

When Auto-learn is enabled, Briefit may derive concise memories from chats, voice transcripts, agent tasks, or other interactions so future responses can be more useful. Turning Auto-learn off stops new automatic memories from being created, but does not delete existing memories. You can review, edit, disable, or delete stored memories through the available Memory controls.

2.7 Location, weather, and time context

If you grant location permission or use a location-aware feature, we may process:

Precise coordinates may be sent to weather or geocoding providers and, where required by the feature, to Briefit's backend. Briefit may include a derived location label, time zone, local time, or weather summary in the context used to answer a request or prepare a briefing. The app may cache location and weather information on your device to reduce repeated requests.

We may also infer a coarse location from an IP address for security, fraud prevention, regional settings, or service operation. You can deny or revoke location permission in iOS. Where practical, Briefit may allow manual location entry or may continue with reduced location functionality.

2.8 Device, technical, usage, and diagnostic information

When you use the Services, we may automatically receive:

Some settings, authentication information, caches, recent data, push tokens, and preferences may be stored locally on your device using storage made available by iOS or the application framework.

Our websites may use cookies, local storage, and similar technologies for authentication, security, preferences, support, and operation. Any optional analytics or marketing technology will be described through an appropriate notice or consent control where required.

2.9 Notifications

If you enable notifications, we may collect and use:

Notification previews may be visible on your lock screen or to anyone who can view your device. You can disable Briefit notifications in the app or iOS settings and can control preview visibility through iOS settings.

2.10 Purchases and subscriptions

If paid features are offered, Apple, Stripe, or another payment provider may process your payment details. Briefit may receive and store information such as:

We generally do not receive full payment-card details when payment is processed by Apple or a hosted payment provider.

2.11 Support, surveys, and feedback

If you contact us or participate in research, testing, a survey, or a support interaction, we may collect your contact details, message content, attachments, device or diagnostic information you provide, and records of our response. If you deliberately submit feedback about an AI response or feature, the relevant conversation or Content may be reviewed with that feedback.

2.12 Information from other sources

We may receive information from:

3. How we use personal information

We use personal information for the following purposes:

3.1 Provide and operate the Services

3.2 Personalize Briefit

We use account settings, saved memories, preferences, prior conversations, location or weather context, Connected Service data, and feature history to tailor responses, briefings, suggestions, timing, and user experience. You can control many personalization sources as described in Section 8.

3.3 Maintain safety, security, and integrity

We use information to authenticate users, issue short-lived connection credentials, prevent unauthorized access, detect abuse or fraud, enforce applicable terms, investigate incidents, protect users and third parties, maintain service availability, and comply with security obligations.

3.4 Support, debugging, and product improvement

We use information to respond to requests, diagnose errors, monitor reliability, understand feature performance, improve usability, develop new functionality, measure capacity and usage, and conduct internal testing and research. We may use aggregated or de-identified information for these purposes and will maintain it in de-identified form unless re-identification is permitted or required for security, fraud prevention, or law.

3.5 Communications

We use contact information to send service messages, security alerts, account notices, support responses, changes to terms or policies, and other transactional communications. We will send marketing messages only where permitted by law and subject to available opt-out controls.

3.6 Payments and business operations

We use information to administer subscriptions, process entitlements, prevent payment fraud, handle refunds or disputes, keep accounting and tax records, plan capacity, audit our systems, obtain professional advice, and manage our business.

3.7 Legal compliance and protection

We may use information to comply with law, lawful requests, court orders, regulatory obligations, and recordkeeping duties; establish, exercise, or defend legal claims; and protect the rights, safety, privacy, and property of NeolinxAI, users, and others.

We do not use personal information from Briefit to build advertising profiles for third parties.

4. AI processing, memory, and agent actions

4.1 How AI processing works

Briefit uses AI models and supporting tools provided by NeolinxAI and third-party providers. Depending on the feature, availability, safety, performance, and configuration, relevant Content may be sent to one or more AI, speech, search, image, document, browser, or code-execution providers.

A request may include more than the latest message. To respond coherently, Briefit may provide a model with selected prior messages, saved memories, user preferences, time and locale context, weather or location context, Connected Service data, tool results, files, or agent state. We seek to limit the information sent to what is reasonably relevant to the requested feature, but AI systems can process broad context and may infer information from it.

4.2 Model training and improvement

NeolinxAI does not use your private Content to train a general-purpose AI model owned by NeolinxAI.

We do not authorize an AI service provider to use Content submitted through Briefit to train that provider's general-purpose models unless we clearly disclose the practice and obtain any consent required by law. We use business or API services and provider controls intended to limit training use where those controls are available.

AI and infrastructure providers may process or retain limited Content or metadata for service delivery, abuse monitoring, safety, security, debugging, or legal compliance under their applicable business or API terms. Provider retention periods and exceptions can differ from Briefit's own retention practices.

We may use:

to improve Briefit, evaluate safety, and develop features. We will provide additional notice and choice before materially expanding the use of identifiable private Content for AI model training.

4.3 Memory and Auto-learn

Memory is an optional personalization layer. When enabled, Briefit can save or derive notes about facts, preferences, instructions, and ongoing context. Auto-learn can create memories from conversations, voice transcripts, or agent activity. Memories may be included in later AI requests.

You can turn Memory or Auto-learn off, edit or delete individual memories, and clear all memories. Turning Memory off may stop its use in new responses, but existing memory records remain until you delete them. Deleting a chat does not necessarily delete a separate memory derived from that chat; delete the memory as well if you want it removed.

4.4 Agent actions and Connected Services

Briefit can perform multi-step tasks and, when authorized, take actions outside Briefit. Depending on the Connected Service and permissions, an action may send a message, create or modify a file, add or change an event, update a task or record, submit information, or otherwise affect a third-party account.

We process the information needed to understand the task, select tools, request approval where the product requires it, execute the action, and record the result. Some actions may be irreversible or may expose information to recipients. Review proposed actions and outputs carefully. You remain responsible for confirming that your instructions, permissions, recipients, and use of third-party data are lawful and appropriate.

Disconnecting a service prevents future access through that connection but does not retract sent communications, reverse completed actions, or delete information retained by the third party.

4.5 AI accuracy and automated decisions

AI outputs and tool results can be incomplete, inaccurate, or inappropriate. Do not rely on Briefit as the sole basis for high-impact decisions, and verify important information before acting.

NeolinxAI does not use personal information to make solely automated decisions about you that produce legal or similarly significant effects, unless we provide a specific notice and the safeguards required by applicable law. Briefit's generation of responses, personalization, routing, safety checks, and execution of user-directed tasks are automated processes, but they are not intended to determine your eligibility for employment, housing, credit, insurance, education, health care, or another comparable right or service.

5. How we disclose personal information

We disclose personal information only as described in this Policy, at your direction, or as otherwise permitted by law.

5.1 Service providers and contractors

We use providers for cloud hosting, authentication, database services, storage, security, AI and speech processing, search, browser and code execution, connected-account authorization, workflow automation, notifications, payments, communications, and support.

Depending on the feature, examples may include Amazon Web Services, Supabase, OpenAI, xAI, Google Cloud or Vertex AI, Composio, Apple, Expo, Open-Meteo, Tavily, Browserbase, E2B, n8n, and Stripe. Not every provider is used for every request, and providers may change as the Services evolve.

When a provider processes personal information on our behalf, we require it to use the information for the contracted service and to provide safeguards consistent with this Policy and applicable law. We seek to limit provider access to information reasonably necessary for its role. Independent third-party services that you choose to connect may also process information for their own purposes under their own policies.

5.2 AI, search, and tool providers

We disclose relevant Content and context to AI, speech, image, search, browser, document, or execution providers to generate outputs and perform requested tasks. This may include prompts, files, voice audio, transcripts, connected data, memory, prior messages, and tool instructions.

5.3 Connected Services and recipients you choose

At your direction, Briefit may send information to a Connected Service or to a person or organization you select. For example, Briefit may send an email, post a message, update a calendar event, create a file, or submit information to a third-party service. The recipient and service may retain, copy, forward, or use the information under their own policies.

5.4 Other users and public sharing

If you create a public share link or otherwise share Content, we disclose the selected Content and related presentation metadata to people who receive or access the link. Section 7 explains the associated risks.

5.5 Legal, safety, and security disclosures

We may disclose information to courts, law-enforcement agencies, regulators, government authorities, security researchers, industry partners, or other third parties when we reasonably believe disclosure is necessary to:

Where legally permitted and appropriate, we seek to review requests for validity and limit disclosures to what is required.

5.6 Corporate transactions

If NeolinxAI is involved in a financing, due diligence process, merger, acquisition, reorganization, sale of assets, insolvency, or transfer of the Services, personal information may be disclosed to advisers, counterparties, and a successor. We will require recipients to protect the information and will provide notice where required by law.

5.7 Professional advisers and affiliates

We may disclose information to lawyers, accountants, auditors, insurers, investors, and corporate affiliates where reasonably necessary for professional advice, compliance, risk management, or business operations and subject to appropriate confidentiality obligations.

5.8 Aggregated or de-identified information

We may disclose statistics or information that has been aggregated or de-identified so it no longer reasonably identifies an individual. We do not attempt to re-identify such information except as permitted for security, fraud prevention, validation of de-identification, or law.

5.9 No sale or cross-context behavioral advertising

We do not sell personal information. We do not share personal information for cross-context behavioral advertising or targeted advertising as those terms are defined by applicable United States state privacy laws. Briefit does not use third-party advertising networks to display ads in the app.

6. Device permissions and feature-specific choices

Briefit requests iOS permissions only when relevant to a feature. Permission availability and wording can vary by iOS version.

You can deny or later revoke device permissions through iOS Settings. You can disconnect Connected Services through Briefit and, where available, through the third party's own account settings. Revoking permission generally stops future collection or access, but it does not delete information already collected or undo prior actions.

Some features will not work without the relevant permission. We do not require microphone, camera, photo, location, or notification access merely to use unrelated features. Where practical, we provide reduced-functionality alternatives, such as text input or manual location selection.

7. Public sharing and communications

7.1 Public share links

When you create a Briefit share link, the selected response, conversation excerpt, briefing, image, or other snapshot may become accessible to anyone who has the link. Depending on the implementation, a share page may include a title, preview text, image, source links, or other metadata used by browsers and messaging platforms.

Before sharing:

You may be able to disable or delete a share through the relevant control. Deactivation cannot remove copies already made by others or immediately clear cached previews held by browsers, search engines, social platforms, or recipients.

7.2 Messages and actions sent through Connected Services

A message, file, event, post, or other action sent through a Connected Service is governed by that service and the recipient's handling. Deleting the related Briefit chat or disconnecting the account does not retract the communication or delete it from the recipient's systems.

7.3 Service and marketing communications

You cannot opt out of essential service, security, legal, or account messages while maintaining an account. You can opt out of marketing emails by using the unsubscribe control or contacting us. Notification settings are described in Sections 2.9, 6, and 8.

8. Your privacy controls

The controls available to you may vary by version, platform, account type, and feature.

8.1 Profile and account information

You can review or update available profile information in Settings. Some identity information, such as an email address provided by an authentication service, may need to be updated through that provider or through a verified support request.

8.2 Chats and conversation history

You can delete individual chats or use available data controls to delete all chats. Deletion removes the selected history from your active account, subject to Section 9. Separate memories, shared snapshots, connected-service actions, and data retained for legal or security reasons may remain until separately deleted or no longer required.

8.3 Memory controls

You can turn Memory or Auto-learn off, disable a memory, edit or delete individual memories, or clear all memories. Delete both a chat and any separate memory derived from it when you want both removed.

8.4 Connected accounts

You can review and disconnect linked accounts. You may also revoke Briefit's access from the third party's own security or connected-app settings. Disconnecting stops future access through that connection but does not delete copied Content or reverse actions already taken.

8.5 Device permissions and location

Manage microphone, location, camera, photos, media, and notification permissions in iOS Settings. Clearing the app cache or deleting the app may remove some local data, but deleting the app does not delete your Briefit account or server-side information.

8.6 Notifications and previews

You can disable Briefit notifications in the app or iOS Settings. You can control whether notification previews appear on the lock screen through iOS notification settings. Disabling notifications causes us to stop using the push token for new Briefit notifications after the change is processed, subject to short operational delays and security records.

8.7 Access, correction, and export

You may request access to, correction of, or an export of personal information held by Briefit. Available self-service export tools may include account, conversation, automation, billing, memory, skill, and connected-account metadata. An export may not include information held only by a Connected Service, OAuth secrets, passwords, security data, or information we cannot disclose without affecting the rights of others.

8.8 Account deletion

You can initiate deletion through Settings > Profile > Delete Account or another in-app deletion control made available in your version of Briefit. We may require reauthentication or another reasonable verification step.

Account deletion is intended to remove your Briefit account and associated personal information that we are not required or permitted to retain. We normally complete a verified deletion request within 30 days. We will explain if additional time is reasonably necessary because of legal obligations, fraud or security investigation, active disputes, financial recordkeeping, backup cycles, or technical dependencies.

Important consequences:

If the in-app control is unavailable because of a technical issue, contact us using Section 19. We will not require a support-only deletion process where platform rules require in-app initiation.

8.9 Consent withdrawal

Where processing is based on consent, you can withdraw consent through the relevant setting, device permission, disconnection control, or by contacting us. Withdrawal does not affect processing that occurred before withdrawal and may prevent the relevant feature from working.

9. Retention and deletion

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain security, resolve disputes, meet legal obligations, and protect our rights. Retention depends on the data's nature, sensitivity, purpose, risk, account settings, and legal requirements.

Retention schedule

Account and profile information. Retained while the account is active. Following verified account deletion, active records are normally removed or de-linked within 30 days, subject to the exceptions below.

Chats, outputs, briefings, memories, skills, automations, approvals, and preferences. Retained until you delete the relevant item, clear the category, or delete your account, unless a shorter period or feature-specific setting applies.

Files, attachments, generated artifacts, and media. Retained while associated with an active item or account, until removed, or until account deletion. Temporary processing copies may be deleted sooner. Backup copies may remain until overwritten in the ordinary backup cycle.

Connected-account metadata and authorization material. Retained while the connection is active and then deleted, revoked, or deactivated following disconnection or account deletion, subject to security, audit, and provider requirements.

Connected content copied into Briefit. Retained according to the Briefit item into which it was copied, such as a chat, briefing, memory, file, or public share. Disconnecting alone does not delete that copy.

Voice audio and transcripts. Live audio is generally processed in real time and is not intended to be kept as ordinary chat history. Transcripts, messages, usage records, and derived memories follow the retention of the related chat, account, memory, or security record. Providers may apply separate limited retention.

Location and weather data. Device caches remain until refreshed, cleared, the app is removed, or the operating system removes them. Server-side location labels, weather context, or logs are retained with the related Content or operational record. Weather and geocoding providers apply their own retention.

Push tokens and notification data. Retained while notifications are enabled and the token remains valid, then deleted or deactivated after disablement, logout, invalidation, or account deletion, subject to short operational and security records.

Support and feedback. Retained as reasonably necessary to resolve the issue, improve the Services, maintain an audit trail, and meet legal obligations.

Billing and transaction records. Retained for the periods required for accounting, tax, fraud prevention, disputes, refunds, and other legal obligations.

Security, abuse, and technical logs. Retained for a period reasonably necessary to protect the Services, investigate incidents, prevent repeated abuse, debug issues, and comply with law. Relevant records may be kept longer during an incident, dispute, or legal hold.

Public share pages. Retained until disabled, deleted, expired, or removed with account deletion, subject to cached copies and copies made by recipients.

Aggregated or de-identified information. May be retained for longer where it no longer reasonably identifies you and is maintained in de-identified form.

Deletion from active systems may not immediately remove data from encrypted or access-restricted backups. Backup data is not ordinarily restored except for disaster recovery, and if restored, deletion instructions are re-applied where reasonably practicable.

We may retain information longer when required by law, subject to a preservation order, necessary to investigate abuse or security incidents, needed to resolve a dispute, or required for financial records. We may also retain information that has been de-identified so it no longer reasonably identifies you.

Third-party providers and Connected Services have their own retention practices. A deletion from Briefit does not require an independent third party to delete information it holds under its own relationship with you.

10. Security

We use administrative, technical, and organizational measures designed to protect personal information against loss, misuse, unauthorized access, alteration, disclosure, and destruction. Depending on the system, these measures include encryption in transit, access controls, authentication and short-lived connection credentials, separation of environments, secure secrets management, monitoring, logging, backups, vendor assessment, and incident-response procedures.

Access to production personal information is limited to personnel and providers who need it for authorized duties and are subject to confidentiality and security obligations.

No service, network, storage system, or transmission method is completely secure. You should use a strong device passcode, protect your sign-in account, keep iOS and Briefit updated, review connected-account permissions, and avoid submitting information that is not necessary. Contact us promptly if you suspect unauthorized account access.

If we identify a data breach, we will investigate and notify affected individuals and regulators where required by applicable law.

11. International data transfers

NeolinxAI is an Australian company, but Briefit relies on global providers. Personal information may be processed in Australia, the United States, the United Kingdom, the European Economic Area, Singapore, and other countries where our providers, Connected Services, or their subprocessors operate. Some core cloud and AI processing currently occurs in the United States.

Privacy laws in another country may differ from those in your country, and foreign authorities may have lawful access to information under local law. Where required, we use contractual commitments, data processing terms, standard contractual clauses, adequacy decisions, access controls, and other safeguards intended to protect transferred information.

When you direct Briefit to interact with a Connected Service or recipient in another country, the transfer may also occur at your direction and be governed by that service's relationship with you.

12. Legal bases for processing

This section applies where a law such as the GDPR or UK GDPR requires us to identify a legal basis.

Purpose and legal basis

Create and administer your account; provide chat, voice, files, briefings, memory, automations, agents, and connected features. Legal basis: Performance of our contract with you or steps requested before entering that contract

Process optional precise location, microphone, camera or photo access, notifications, certain Connected Services, or marketing. Legal basis: Consent, where consent is required; you may withdraw it at any time

Secure the Services, prevent fraud and abuse, maintain reliability, debug, support users, improve non-training product features, and use de-identified analytics. Legal basis: Our legitimate interests in operating a safe, reliable, useful, and sustainable service, balanced against your rights

Maintain records, respond to legal process, and meet regulatory, tax, accounting, safety, or data-protection obligations. Legal basis: Compliance with legal obligations

Protect a person's life or physical safety in an emergency. Legal basis: Vital interests, where applicable

Establish, exercise, or defend legal claims. Legal basis: Legitimate interests and legal claims, as permitted by law

Where applicable law treats information as special-category or sensitive data, we process it only when a valid additional condition applies - for example, your explicit consent where required, information you have manifestly made public, protection of vital interests, establishment or defense of legal claims, or another condition permitted by law. Merely using Briefit does not authorize unrelated use of sensitive data.

You may object to processing based on legitimate interests. We will stop or restrict that processing where required unless we demonstrate compelling grounds or need the information for legal claims.

13. Your privacy rights

Depending on where you live, you may have the right to:

You can exercise many rights through the controls described in Section 8. For another request, contact us using Section 19 and write "Privacy Request" in the subject line.

We may ask you to verify your identity and account ownership before acting. An authorized agent may need to provide proof of authority, and we may still verify the request directly with you. We will not discriminate against you for exercising a privacy right.

Rights are subject to legal exceptions. For example, we may need to protect another person's privacy, preserve security information, retain financial records, comply with legal process, or decline a request we cannot verify. We will explain a refusal where required.

AI-generated text may be factually inaccurate. We can correct account records and, where technically and legally feasible, remove or annotate stored Content. We may not be able to alter information embedded in a third-party model's parameters or information held independently by another service.

You may lodge a complaint with the data-protection authority where you live or work. We encourage you to contact us first so we can investigate and respond.

14. Australian privacy information

Where the Australian Privacy Act 1988 and Australian Privacy Principles apply, NeolinxAI handles personal information in accordance with those requirements.

You may request access to or correction of personal information by contacting our Privacy Lead at the email in Section 19. Please describe the information or issue and how you would like us to resolve it. We may verify your identity and will respond within the period required by law.

To make a privacy complaint, email us with "Privacy Complaint" in the subject line and include enough detail for us to investigate. We aim to acknowledge the complaint promptly and provide a substantive response within 30 days. If you are not satisfied after giving us a reasonable opportunity to respond, you may contact the Office of the Australian Information Commissioner.

As explained in Section 11, we are likely to disclose personal information to overseas recipients, primarily in the United States and, depending on the provider or Connected Service, in the United Kingdom, European Economic Area, Singapore, Australia, and other countries where those providers operate.

15. United States state privacy disclosures

This section supplements the rest of the Policy for residents of California and other United States states with applicable consumer privacy laws.

15.1 Categories collected

In the preceding 12 months, depending on the features used, we may have collected the following categories:

We collect these categories directly from you, automatically from your device and use, from authentication and payment providers, from Connected Services you authorize, and from public or security sources. We use and disclose them for the purposes and to the recipients described in Sections 3 and 5.

15.2 Sale, sharing, and sensitive information

We have not sold personal information or shared it for cross-context behavioral advertising in the preceding 12 months. We do not knowingly sell or share the personal information of users under 18 for those purposes.

We do not use or disclose sensitive personal information to infer characteristics about you for advertising. We use sensitive information only to provide a feature you request, maintain security, comply with law, or for another permitted purpose.

We do not offer a financial incentive in exchange for personal information.

15.3 State rights

Subject to applicable law and exceptions, you may request access, knowledge, correction, deletion, portability, restriction of certain processing, an appeal, or use of an authorized agent. Because we do not sell or share personal information for targeted advertising, there is no sale or targeted-advertising activity to opt out of at this time. We will honor legally valid browser-based opt-out preference signals where they apply to a practice we engage in.

Submit a request through the in-app controls or Section 19. We will verify and respond as required by applicable law.

16. Children and teenagers

The Services are not directed to children under 13, and we do not knowingly collect personal information from a child under 13. Users under 18 must have permission from a parent or legal guardian to use Briefit.

If you believe a child has provided personal information in violation of this section, contact us. We will investigate and, where appropriate, delete the information and close the account. Parents or guardians may be asked to verify their identity and relationship to the child.

17. Third-party services

Briefit can link to, display content from, or interact with third-party services. Their privacy practices are outside our control when they act independently. Review the permissions, terms, and privacy policy of a Connected Service before enabling it.

A third party may receive your data when:

Briefit is not responsible for a third party's independent use of information, its content, or its security practices. This does not limit any responsibility we have for providers acting as our processors under applicable law.

18. Changes to this Policy

We may update this Policy as Briefit, our providers, or legal requirements change. We will post the updated Policy with a new effective date. For a material change, we will provide additional notice through the app, website, or email where appropriate and will request consent where required by law.

You should review the Policy periodically. The version in effect when information is processed governs that processing, except where law requires otherwise.

19. Contact us

For privacy questions, rights requests, or complaints, contact:

Privacy Lead
NEOLINXAI PTY LTD, trading as Briefit
ABN 89 679 104 182
Email: support@briefit.com

Use the subject line "Privacy Request" or "Privacy Complaint" so we can route your message appropriately.