Privacy Policy

Last updated · June 8, 2026

This policy explains what data debriefD ("we") collects, why we collect it, who we share it with, and the rights you have over it. We tried to keep it short and honest. Questions: hello@debriefd.xyz.

What we collect

• Account data — your email address, sign-in identifiers, and tier. Managed through our authentication provider (Clerk).
• Feedback content — the text you paste or forward into debriefD. This frequently contains text written by your clients.
• AI output — the suggested tasks, reply draft, questions, and scope alerts we generate, plus whatever edits you approve.
• Usage and billing data — your monthly submission count, subscription status, Stripe customer identifier. We never see your full card number; Stripe handles that.
• Integration tokens — if you connect Notion (or another tool), we store the integration token. Notion tokens are encrypted at rest with AES-256-GCM.
• Server logs — standard request metadata: IP address, user agent, timestamps. Kept for a short window for security and debugging.

Why we use it

• To run the core product: process feedback, generate output, push tasks to your PM tool.
• To measure quality — the diff between AI output and your approved output (edit rate). This is our North Star metric and helps us improve the prompts.
• To handle billing and enforce plan limits.
• To prevent abuse and protect the Service.
• To send essential account and product emails. We do not send marketing emails without opt-in.

Sub-processors we share data with

We use a small set of vendors to run debriefD. We share only what each one needs:

• Anthropic (AI model) — receives your feedback text to generate output. Anthropic does not use API data to train models by default.
• Supabase (database hosting) — stores your account, sessions, and AI output.
• Vercel (application hosting) — runs the web app and API.
• Clerk (authentication) — manages sign-in and user identity.
• Stripe (billing) — processes payments and stores card data on its own infrastructure.
• Notion (optional integration) — receives the tasks you explicitly approve to push.

We do not sell your data. We do not let third parties use your content to train AI models.

About client content

debriefD is invisible to your clients — they don't sign up, see, or know about us. Because you decide what to forward in, you are responsible for ensuring you have the right to share that content with a third-party processor (us and our sub-processors above). If you work with clients under strict NDA or in regulated industries, please review the sub-processor list above and your own obligations before using the Service.

Retention

We keep your account data while your account is active. Feedback sessions and AI output are retained as long as you keep them in your account or until you delete the relevant session. When you delete your account, we remove your account data and integration tokens within 30 days. Backups containing your data may persist for up to 30 additional days before they roll off.

Your rights

You can request access to your data, export it, correct it, or delete it. Email hello@debriefd.xyz from the address on your account and we will respond within 30 days. If you are in the EU, UK, or California you have additional statutory rights (GDPR, CCPA). Those rights apply here and the same email address is the right place to exercise them.

Security

Data is encrypted in transit (TLS) and at rest (provider-managed encryption on Supabase and Stripe). Notion integration tokens are additionally encrypted at the application layer before being written to our database. Security disclosures: see SECURITY.md or email security@debriefd.xyz.

Children

The Service is not directed at people under 18. Do not use it if you are under 18.

International transfers

Our infrastructure runs in the EU and US. By using debriefD you understand that your data may be processed in either region by us and our sub-processors.

Changes to this policy

We'll update this page when we make changes and bump the date above. For material changes we'll email account holders.

Contact

For privacy questions or to exercise your data rights, email hello@debriefd.xyz.