briefpls
Sign inAdd to Slack

Legal

Privacy Policy.

Effective May 16, 2026

Overview

briefpls is built by a small team that uses Slack standups itself. We collect the minimum data needed to run async check-ins and never sell it. This page explains what we collect, why, where it goes, and how to get it back.

What we collect

  • Slack workspace metadata — team ID, team name, team domain, installer's user ID and email. Used to authenticate the workspace and operate the bot.
  • Slack bot token — encrypted at rest with AES-256-GCM and never logged.
  • Member roster — Slack user IDs, usernames, display names, avatar URLs, and emails of workspace members the admin marks active.
  • Check-in content — the answers your team submits to scheduled prompts. Stored to render digests and the Friday weekly rollup.
  • Billing data — Lemon Squeezy customer ID, subscription status and tier. We do not store payment card details.
  • Operational logs — request metadata, error traces, cron run summaries. Retained for 30 days.

What we do not collect

  • The contents of any Slack message outside our own DMs and modals.
  • Payment card numbers.
  • Browsing history, third-party advertising identifiers, or behavioral profiles.

How we use data

  • To operate the Service: scheduling DMs, rendering digests, escalating blockers.
  • To generate the weekly rollup summary (see "AI processing" below).
  • To send transactional email (welcome, billing notifications).
  • To detect and respond to abuse or service issues.

We do not sell or rent data. We do not use Customer Data to train machine-learning models.

AI processing

The Friday weekly rollup sends the prior week's check-in content to Anthropic's Claude API to generate a 2-3 paragraph summary. Anthropic does not retain prompt or completion data for training under their default API terms. You can disable the weekly rollup from the dashboard at any time.

Subprocessors

  • Vercel — application hosting (USA, EU).
  • Crunchy Bridge — managed Postgres database.
  • Slack — workspace integration and OAuth.
  • Lemon Squeezy — payments and subscription management.
  • Resend — transactional email.
  • Anthropic — weekly rollup summarization (optional).

Retention

Check-in content is retained for 18 months by default. Operational logs are retained for 30 days. When you uninstall briefpls, we delete or anonymize your data within 30 days unless legal obligations require longer retention.

Your rights

Depending on your jurisdiction (e.g. GDPR for EU residents, CCPA for California residents) you may have the right to access, correct, export, or delete your personal data. Email hello@briefpls.com and we will respond within 30 days.

Cookies

We use a small number of strictly necessary cookies for authentication (NextAuth session, OAuth state). We do not use third-party tracking cookies.

Security

Slack bot tokens are encrypted at rest. All traffic is served over HTTPS. Production database connections require TLS with a pinned CA certificate. We follow the principle of least privilege for internal access.

Children

briefpls is intended for use by businesses and is not directed at children under 16. We do not knowingly collect data from children.

Changes

Material changes will be communicated by email or in-app notice. See Terms of Service for governing law and acceptance.

Contact

Privacy questions, data subject requests, or security concerns: hello@briefpls.com.