Privacy first

Privacy Policy

Last updated: September 17, 2025

1. Scope

This policy explains how OwlBrief (“we”, “us”) collects, uses, and protects personal data when you use OwlBrief (“Service”).

2. Data we collect

  • Account data: name, email, settings, subscription status.
  • Usage data: pages and briefs viewed, interactions (likes, saves, Q&A), approximate timestamps.
  • Technical data: IP, device, OS, browser, crash logs.
  • Communications: messages you send to us (support, feedback).
  • Optional: integrations or API tokens you explicitly connect.

3. How we use data

  • Provide, maintain, and improve the Service.
  • Personalize content and recommendations.
  • Monitor performance, debug issues, and secure the Service.
  • Communicate updates and respond to support requests.
  • Comply with legal obligations and enforce our Terms.

Legal bases (GDPR): performance of a contract, legitimate interests, consent (where required), and legal obligation.

4. Sharing & processors

We don’t sell your personal data. We may share data with vetted service providers (“processors”) under confidentiality and data-protection terms to operate infrastructure (hosting, storage, email, analytics, payments). We may share data to comply with law or protect rights and safety.

5. Cookies & tracking

We use essential cookies for authentication and security, and (optionally) analytics cookies to understand usage. You can control cookies via your browser and, where available, our cookie banner preferences.

6. Data retention

We keep data only as long as necessary for the purposes described above, then delete or anonymize it unless we must retain it by law.

7. Security

We employ reasonable technical and organizational measures (encryption in transit, access controls, least-privilege). No method of transmission or storage is 100% secure.

8. Your rights (GDPR/CCPA)

  • Access, rectify, or delete your data.
  • Object to or restrict certain processing.
  • Port your data in a machine-readable format.
  • Opt out of non-essential communications.
  • California residents: request disclosures/deletion subject to exceptions.

To exercise rights, email [email protected]. We may need to verify your identity.

9. International transfers

Data may be processed outside your home country. Where required, we use appropriate safeguards (e.g., SCCs).

10. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). If you believe a child has provided personal data, contact us.

11. Changes

We may update this policy from time to time. Material changes will be highlighted here.

12. Contact

Have questions or requests? Contact us.