Legal

Privacy Policy

Last updated: 2026-02-20

1. Introduction

BeBrief ("we", "our", "the Service") is a managed knowledge assistant. The fundamental design principle of BeBrief is that your organizational data is processed only on BeBrief-managed servers — never by a third-party cloud or AI provider. This policy describes what data we collect and how it is used.

2. Data architecture

BeBrief runs dedicated managed infrastructure per tenant:

  • Slack messages, Confluence pages, and other indexed content are stored on BeBrief-managed servers in isolated per-tenant storage
  • LLM inference is performed on BeBrief-managed servers — no documents or prompts are sent to any external AI API
  • Embeddings are generated and stored locally
  • BeBrief.app (this website) does not receive, process, or store the content of your Slack or Confluence data

3. Information we collect on bebrief.app

When you interact with this website or sign in to the hosted admin dashboard, we may collect:

  • Account information: Email address and name from Google or Microsoft OAuth, used solely to identify admin users
  • Usage data: Standard server logs (IP address, request timestamps, pages visited) retained for 30 days for security and debugging
  • Slack OAuth tokens: Encrypted at rest and stored in BeBrief-managed secure storage — never exposed to third-party services

4. Cookies

This website uses no third-party analytics or advertising cookies. Session cookies are used by the admin dashboard to maintain authentication state. No tracking pixels or cross-site tracking is used.

5. Third-party services

The following third-party services are used:

  • Slack: OAuth install flow and bot event delivery. Slack's privacy policy applies to data processed by Slack's infrastructure.
  • Atlassian: OAuth 2.0 for Confluence connectivity. Atlassian's privacy policy applies.
  • Google / Microsoft: OAuth for admin UI sign-in only.
  • Cloudflare: CDN and DDoS protection for this static landing page.

6. Data retention

Admin user accounts are retained until the associated Slack workspace is disconnected and the tenant is deleted. Server logs are retained for 30 days. You may request deletion of your account data at any time by contacting privacy@bebrief.app.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise these rights, contact privacy@bebrief.app. We will respond within 30 days.

8. Security

Slack OAuth tokens and connector credentials are encrypted at rest using Fernet symmetric encryption. All traffic between your browser and BeBrief infrastructure is TLS-encrypted. Internal service communication uses private networks.

9. Changes to this policy

We may update this policy. Material changes will be communicated via email to admin users and noted at the top of this page.

10. Contact

Privacy inquiries: privacy@bebrief.app