Privacy Policy
This Privacy Policy explains how Briffo collects, uses, stores, and deletes data when you use briffo.io.
1. Data we collect
- Account data: email, name, and authentication identifiers from OAuth providers.
- Integration data: encrypted OAuth tokens and ad account identifiers.
- Performance data: advertising metrics required to build reporting and digests.
- Operational data: delivery logs, system events, and support history.
2. How we use data
- Authenticate users and keep integrations connected.
- Generate reporting, anomaly detection, and digest summaries.
- Deliver notifications via configured channels (email, Telegram, Slack where enabled).
- Maintain platform reliability, fraud prevention, and security monitoring.
3. Google API data and Limited Use
Briffo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Google API data is used only for user-facing features in Briffo.
- Google API data is not sold and is not used for ad targeting or retargeting.
- Google API data is not used for generalized AI/ML model training.
- Human access is limited to support/security/legal cases under strict need-to-know controls.
4. Third-party processors
- Paddle (payments and subscriptions).
- Resend (email delivery).
- Anthropic (text generation from advertising metrics only).
5. Retention
- Metrics snapshots: up to 90 days.
- Generated digests: up to 12 months.
- After account deletion request: primary account data deleted within 30 days.
6. Security
- Encryption in transit (HTTPS/TLS) and encryption at rest for sensitive credentials.
- Role-based administrative access and audit logging.
- Credential rotation and incident response procedures.
7. Your controls and rights
- Revoke Google access at myaccount.google.com/permissions.
- Request account/data deletion at /data-deletion.
- Request support or data questions via [email protected].
Last updated: March 11, 2026.