briefer.vc

Privacy Statement

Last updated: December 8, 2025

1. Introduction

This Privacy Policy explains how Briefer AB, a Swedish limited liability company with organization number 559540-9144 ("Company", "we", "us", or "our"), collects, uses, processes, and protects your personal data when you use our Briefer platform and services ("Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Swedish data protection legislation.

2. Who We Are and How to Contact Us

Data Controller: Briefer AB
Organization Number: 559540-9144
Contact: [email protected]

For all privacy-related inquiries, data subject requests, or concerns about how we handle your personal data, please contact us at [email protected].

3. What Personal Data We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, job title, company name, phone number
  • Profile Data: Professional information, preferences, and settings
  • Communication Data: Messages, feedback, and correspondence with us
  • Payment Information: Billing details (processed securely through Stripe)

3.2 Information We Collect Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Technical Data: IP address, browser type, device information, operating system
  • Log Data: Access logs, error reports, performance metrics
  • Analytics Data: User behavior patterns, feature adoption, service performance

3.3 Information from Third Parties

  • Integration Data: Data from connected services via Composio integrations
  • Authentication Data: Information from Supabase authentication services
  • AI Processing Data: Content and data processed through Anthropic's AI services

4. How We Use Your Personal Data

4.1 Legal Bases for Processing

We process your personal data based on:

  • Contract Performance: To provide and maintain our Service
  • Legitimate Interests: To improve our Service, ensure security, and conduct business operations
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: Where specifically obtained for certain processing activities

4.2 Purposes of Processing

  • Service Delivery: Providing, maintaining, and improving our platform
  • Account Management: Creating and managing user accounts and subscriptions
  • Communication: Sending service-related notifications, updates, and support
  • Payment Processing: Managing billing and payments through Stripe
  • AI Services: Enhancing functionality through AI-powered features via Anthropic
  • Analytics: Understanding usage patterns to improve our Service
  • Security: Protecting against fraud, abuse, and security threats
  • Legal Compliance: Meeting regulatory requirements and legal obligations

5. Third-Party Services and Data Sharing

We work with trusted third-party service providers to deliver our Service. Your data may be processed by:

5.1 Core Service Providers

  • Supabase: Authentication, database management, and file storage
  • Railway: Web hosting and deployment infrastructure
  • Amazon Web Services (AWS): Cloud infrastructure and S3 file storage (EU regions where possible)

5.2 AI and Integration Services

  • Anthropic: AI processing and content generation services
  • Composio: Integration management and data source connections

5.3 Analytics Services

  • Mixpanel: Product analytics and usage tracking to understand how our Service is used and improve user experience. Data is processed on EU servers (api-eu.mixpanel.com). Mixpanel is configured to opt users out by default until consent is given or the user registers for an account.

5.4 Communication and Payment

  • Resend: Email delivery and communication services
  • Stripe: Payment processing and billing management (PCI DSS compliant)

5.5 Data Processing Agreements

We have appropriate data processing agreements in place with all third-party processors in accordance with GDPR Article 28. These agreements ensure adequate protection of your personal data.

6. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses: EU-approved contractual protections
  • Certification Schemes: Providers certified under recognized data protection frameworks

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for 3 years after account closure
  • Usage and Analytics Data: Retained for up to 2 years for service improvement
  • Communication Records: Retained for up to 7 years for legal and regulatory compliance
  • Payment Data: Retained as required by tax and accounting regulations (typically 7 years)
  • Legal Hold: Data may be retained longer if required for legal proceedings

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Access Rights

Right to access your personal data and obtain information about our processing

8.2 Correction and Deletion

  • Right to rectify inaccurate personal data
  • Right to erasure ("right to be forgotten") under certain circumstances

8.3 Processing Rights

  • Right to restrict processing in certain situations
  • Right to object to processing based on legitimate interests
  • Right to data portability for data provided under contract or consent

8.4 Consent Rights

  • Right to withdraw consent at any time (where processing is based on consent)
  • Right not to be subject to automated decision-making, including profiling

8.5 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within one month of receiving your request. If your request is complex or we receive multiple requests, we may extend this period by two months with notification.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Measures

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Automated monitoring and threat detection

9.2 Organizational Measures

  • Staff training on data protection and security
  • Access controls and need-to-know principles
  • Regular review of data processing activities
  • Incident response and breach notification procedures

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. In accordance with GDPR and the ePrivacy Directive, we obtain your consent before setting non-essential cookies.

10.1 Types of Cookies

  • Essential Cookies: Required for basic Service functionality, including authentication, security, and session management. These cookies cannot be disabled as they are necessary for the Service to function.
  • Analytics Cookies: Help us understand how you use our Service through Mixpanel analytics. These cookies collect information about your interactions with our platform, including pages visited, features used, and session duration. Analytics data is stored on EU servers (api-eu.mixpanel.com). Legal basis: Consent for marketing site visitors; Legitimate Interest for registered users (see Section 10.4).
  • Functional Cookies: Remember your settings and preferences to enhance your experience

10.2 Cookie Details

  • Mixpanel (mp_*): Analytics cookies for usage tracking. Provider: Mixpanel Inc. Purpose: Understanding user behavior to improve our Service. Retention: 1 year.
  • Supabase Authentication: Essential cookies for user authentication and session management. Provider: Supabase Inc. Retention: Session-based.
  • Cookie Consent (briefer_cookie_consent): Stores your cookie preferences. Provider: Briefer. Retention: 1 year.

10.3 Cookie Consent Management

When you first visit our marketing website, you will be presented with a cookie consent banner that allows you to:

  • Accept all cookies
  • Reject all non-essential cookies
  • Customize your preferences for each cookie category

You can change your cookie preferences at any time by clearing your browser's local storage or contacting us at [email protected]. Additionally, you can manage cookies through your browser settings.

10.4 Analytics for Registered Users

For registered users who have agreed to our Terms of Service, we process analytics data based on Legitimate Interest (GDPR Article 6(1)(f)) and Contract Performance (GDPR Article 6(1)(b)). This allows us to understand how our Service is used and improve it for our customers. This processing is necessary for providing and improving our B2B service, conducting security monitoring, and maintaining service quality. You may object to this processing by contacting us at [email protected], though this may affect our ability to provide certain service improvements.

11. Children's Privacy

Our Service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notification to registered users
  • Providing notice through our Service interface

Continued use of our Service after changes constitutes acceptance of the updated Privacy Policy.

13. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with:

Swedish Authority for Privacy Protection (IMY)
Website: www.imy.se
Email: [email protected]

You may also contact us directly at [email protected] to resolve any concerns.

14. Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of such transfer and any changes to this Privacy Policy.

15. Contact Information

For questions about this Privacy Policy or our data processing practices, contact us at:

Briefer AB
Organization Number: 559540-9144
Email: [email protected]