briefOS
Get started
← Back to briefOS Legal

Privacy Policy

Version 1.0 — Effective date: 21 September 2025 — Last modified: 21 September 2025

This Privacy Policy explains how zenylo LTD (trading as "briefOS", "we", "us", or "our") collects, uses, shares, and protects information when you use our website at briefos.com and our application and services at briefos.ai.

1. Company information

  • Legal entity: zenylo LTD
  • Trading name: briefOS
  • Registered address: 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
  • Contact email: info@briefos.ai
  • Data Protection Officer: info@briefos.ai

2. Services overview

briefOS provides AI-powered creative strategy software services that analyze video advertisements and brand information to deliver strategic insights for creative professionals and marketers. Our service includes integration with Meta Ads accounts to analyze advertising performance and campaign data.

3. Age requirements

Our services are intended for users who are at least 18 years old. By using briefOS, you confirm that you meet this age requirement.

4. Information we collect

4.1 Information you provide

  • Account information: name, email address, profile picture, company details, and authentication credentials
  • Content data: brand information, context files, and video advertisements you upload for analysis (MP4, MOV, AVI, WebM, and other applicable formats)
  • Payment information: billing details processed securely through Stripe and Clerk
  • Team collaboration: information about team members you invite and sharing permissions
  • Communications: messages, support tickets, and feedback you send to us
  • Account preferences: notification settings, accessibility preferences, communication preferences

4.2 Meta Ads account data

If you connect your Meta Ads account, we request the following permissions and collect campaign performance data (impressions, clicks, conversions, spend), ad creative content, audience insights, account structure, and up to 2 years of historical advertising data.

Permissions requested: read_insights, pages_show_list, ads_management, ads_read, business_management, pages_read_engagement, pages_read_user_content, pages_manage_posts.

4.3 Information collected automatically

  • Usage data: features used, analysis requests, API calls, and interaction patterns
  • Analytics data: collected through Google Analytics, Google Tag Manager, Meta Pixel, and PostHog
  • Device information: browser type, operating system, device identifiers, screen resolution
  • Network information: IP address, connection details, and geographic location (country/city level)
  • Log data: server logs, access logs, error logs, and API logs
  • Performance data: page load times, app crashes, and error reports
  • Browser storage: localStorage, sessionStorage, and IndexedDB data for app functionality
  • Cookies: essential, analytics, and marketing cookies (see Section 13)

4.4 Information from Clerk authentication

Our authentication provider Clerk collects: name and email address, profile picture (if provided), IP address, device information, login credentials and authentication tokens, and social login information (if used).

5. How we use your information

5.1 Primary uses

  • Provide AI-powered analysis of your video advertisements and Meta Ads campaigns
  • Generate strategic insights and recommendations
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Send service-related communications and updates
  • Enable team collaboration and account sharing features
  • Monitor for prohibited content and enforce our acceptable use policy

5.2 Service improvement

  • Improve our AI models and analysis algorithms (see Section 6 for details)
  • Debug technical issues and improve platform stability
  • Develop new features and services
  • Create aggregated industry benchmarks (anonymized)

5.3 Legal and business

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, abuse, and security threats
  • Enforce our terms of service and acceptable use policy
  • Send marketing communications (with your consent)
  • Protect our intellectual property rights

6. AI training and your data

6.1 Current practices

We do not currently use your uploaded videos or brand content to train our AI models. Your data is processed through third-party AI services solely to generate your specific analysis. Each analysis is isolated and does not influence future analyses for other users.

6.2 Aggregated insights

We may create anonymized, aggregated industry insights from collective user data — such as industry performance benchmarks, creative trends analysis, and general best practices. These never identify individual users or specific campaigns.

6.3 Future changes

If we decide to use customer data for model training in the future, we will notify you in advance, request explicit opt-in consent, provide clear opt-out options, and update this policy accordingly.

7. Content standards and acceptable use

7.1 Prohibited content

You may not upload, submit, or process content that is illegal, fraudulent, or violates any applicable laws; infringes on intellectual property rights; contains malware or harmful code; depicts violence, hate speech, or discriminatory content; contains adult content or nudity; violates privacy rights; contains false or misleading information; promotes illegal activities; or violates advertising standards or regulations.

7.2 Content screening

We reserve the right to screen content for violations using automated and manual review, remove or refuse to process prohibited content without notice, suspend or terminate accounts that violate content standards, report illegal content to appropriate authorities, and retain removed content for legal compliance purposes.

7.3 Copyright compliance

You represent and warrant that you have all necessary rights to upload and analyze content. We respect intellectual property rights and will respond to valid DMCA takedown notices.

8. Legal basis for processing (GDPR)

  • Contract performance: to deliver our services and fulfill our agreement with you
  • Reasonable business interests: for analytics, service improvements, security, fraud prevention, and legal protection
  • Consent: for marketing communications, cookies, and optional data processing
  • Legal obligations: to comply with applicable laws, regulations, and legal processes
  • Vital interests: in rare cases where processing is necessary to protect someone's life

9. Data minimization

We are committed to data minimization principles: we only collect data necessary for specified purposes, regularly review and delete unnecessary data, provide tools for you to manage and delete your data, and implement data retention limits aligned with business needs.

10. Automated decision-making and profiling

10.1 AI analysis disclosure

Our service uses automated processing to analyze video content and identify creative elements, evaluate advertising performance metrics, generate strategic recommendations, score creative effectiveness, and detect prohibited content.

10.2 Logic and consequences

Our AI analyzes visual elements, messaging, performance data, and industry patterns to identify optimization opportunities. These analyses influence strategic recommendations that may impact your advertising decisions. All insights are recommendations; final decisions remain with you.

10.3 Your rights

You have the right to request human review of any AI-generated analysis, understand the factors influencing specific recommendations, opt-out of certain types of automated analysis, and contest automated content moderation decisions.

11. Information sharing

11.1 Service providers we currently use

  • Clerk — authentication and user management
  • Stripe — payment processing and subscription management
  • AWS — cloud infrastructure and data storage
  • Framer — website hosting and infrastructure
  • OpenRouter — AI API routing and management
  • AI providers (via OpenRouter): Anthropic, Google AI, OpenAI
  • Google — analytics, Tag Manager, and advertising services
  • Meta — Pixel analytics and Ads API integration
  • PostHog — product analytics
  • Search API — video search services
  • Vercel — user interfaces

11.2 Additional services we may use

We may also share data with customer support systems, email service providers, error tracking services, CDN providers, communication tools, security services, professional services (legal, accounting, compliance), and infrastructure monitoring services.

11.3 Sub-processor list

For a complete, up-to-date list of all sub-processors, please contact info@briefos.ai.

11.4 Legal disclosure

We may disclose information when required to comply with applicable laws, regulations, or legal processes; respond to government requests, subpoenas, or court orders; protect our rights, property, safety, or intellectual property; investigate fraud, security issues, or policy violations; or protect against legal liability.

11.5 Business transfers

In the event of a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and prominent website notice before transfer, provide an opportunity to delete your account before transfer, and ensure the successor entity adheres to this privacy policy.

12. Data retention

12.1 Active data retention

  • Active account data: duration of active account
  • Closed account data: 30 days after account closure for recovery purposes
  • Uploaded content: retained until you request deletion
  • Soft-deleted content: moved to inactive storage, requires manual deletion request
  • Meta Ads data: synchronized with your account retention period
  • Analytics data: 26 months
  • Payment records: 7 years (UK tax law requirement)
  • Server/API logs: 90 days
  • Error logs: 30 days
  • Support communications: 2 years after resolution
  • Legal compliance data: as required by applicable laws

12.2 Important note on data deletion

Soft-deleted items remain in our backup systems for 30–90 days before permanent deletion, or until you specifically request permanent deletion by contacting info@briefos.ai. We maintain this policy to allow account recovery, comply with legal obligations, and protect against fraudulent deletion requests.

12.3 Inactive accounts

Free accounts inactive for 2 years may be flagged for deletion. Paid accounts remain active per subscription terms. We will notify you before any deletion due to inactivity.

13. Cookies and tracking technologies

13.1 Cookie types

  • Essential cookies: authentication, security, load balancing, and core functionality
  • Analytics cookies: Google Analytics, PostHog for usage patterns and improvements
  • Marketing cookies: Meta Pixel, Google Ads for remarketing and conversion tracking
  • Performance cookies: site optimization, error tracking, and speed monitoring
  • Preference cookies: language, region, and accessibility settings

13.2 Cookie management

Manage preferences via our cookie consent banner. We respect browser Do Not Track (DNT) signals where technically feasible. You may disable cookies in browser settings (may impact functionality) or clear cookies anytime through browser settings.

13.3 Other tracking technologies

We use web beacons in emails to track opens and engagement, browser storage (localStorage and sessionStorage) for app state, and limited device fingerprinting for fraud prevention only.

14. Your rights

14.1 EU/UK users (GDPR)

You have the right to: access a copy of your personal data; rectify inaccurate or incomplete data; request erasure ("right to be forgotten"); restrict processing in certain circumstances; receive your data in a portable format (JSON/CSV); object to specific processing activities; request human review of AI analyses; withdraw consent at any time; and lodge complaints with supervisory authorities (ICO for UK).

14.2 California users (CCPA/CPRA)

You have the right to: know what personal information is collected, used, shared, or sold; request deletion; opt-out of sale or sharing of personal information (we do not sell data); receive equal service regardless of privacy choices; correct inaccurate personal information; and limit use and disclosure of sensitive personal information.

14.3 How to exercise rights

Email info@briefos.ai with your specific request. We will respond within 30 days (45 for complex requests). We may request information to verify your identity. No fee unless requests are excessive or manifestly unfounded.

15. Intellectual property and license terms

15.1 Your content ownership

You retain all ownership rights to content you upload. You maintain copyright and intellectual property rights. We do not claim ownership of your videos, brand materials, or campaigns.

15.2 License grant to briefOS

By uploading content, you grant us a worldwide, non-exclusive, royalty-free license to process, analyze, and store your content for service delivery; create derivative works (thumbnails, transcripts, analysis reports); display content back to you and authorized team members; generate anonymized, aggregated insights; and cache and backup content for service reliability.

15.3 Our intellectual property

All AI models, algorithms, and analysis methods remain our property. Insights and reports are provided as a service, not transferred IP. You may not reverse engineer or attempt to extract our methods. Our trademarks and branding remain our exclusive property.

16. Data security

16.1 Technical measures

  • Encryption: TLS 1.2+ in transit, AES-256 at rest
  • Infrastructure: secure AWS environment with VPC isolation
  • Access control: role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: encrypted, geographically distributed backups
  • Testing: regular penetration testing and vulnerability assessments

16.2 Data breach notification

In the event of a personal data breach, we will notify relevant authorities within 72 hours (where required), notify affected users without undue delay if there is high risk to their rights, and maintain records of all breaches and responses.

17. International data transfers

17.1 Transfer mechanisms

As a UK-based company, we use UK Adequacy Decisions for EU data transfers, Standard Contractual Clauses for other international transfers, and Data Processing Agreements with all international processors.

17.2 Data localization

  • Primary processing: United Kingdom
  • Backup storage: EU (Ireland) and US (Virginia) regions
  • CDN distribution: global edge locations
  • Enterprise plans may request specific regions

18. Marketing and communications

We send service emails always (security, billing, critical updates). Product updates, marketing newsletters, and educational content require separate opt-in. You may unsubscribe via the link in every marketing email footer. Opt-outs are processed within 48 hours.

19. Children's privacy

Our services are strictly for users 18 and older. We do not knowingly collect data from minors. If we discover data from someone under 18, we will immediately suspend the account, delete the data within 48 hours, notify a parent or guardian if contact is available, and report to authorities if required by law.

20. Dispute resolution and legal terms

This Privacy Policy is governed by the laws of England and Wales. Any disputes arising shall be subject to the exclusive jurisdiction of the courts of England and Wales. For informal resolution, contact info@briefos.ai first. To the maximum extent permitted by law, we are not liable for indirect or consequential damages, and our total liability is limited to fees paid in the past 12 months.

21. Changes to this policy

For material changes, we will provide 30-day advance notice via email and an in-app banner notification. Continued use after the notice period constitutes acceptance. Archived versions are available on request.

22. Contact information

  • Primary contact: info@briefos.ai
  • Data Protection Officer: info@briefos.ai
  • Response time: within 5 business days for initial response
  • Mailing address: zenylo LTD, 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ

UK supervisory authority: Information Commissioner's Office (ICO) — ico.org.uk — 0303 123 1113.

EU supervisory authority: your local data protection authority — edpb.europa.eu/about-edpb/board/members_en.