BriefDeck (“we”, “us”) builds AI-generated sales meeting briefs from data you authorize us to access. This policy describes what we collect, why, how we store it, and the choices you have. Plain English first, lawyerly precision second.
Data we collect
- Account information — name, email, profile photo URL, and OAuth provider identifier (Google or Microsoft).
- OAuth tokens — access and refresh tokens for the connectors you authorize (Google Calendar, Gmail, Microsoft 365 Calendar, HubSpot, Salesforce, Sybill). Stored encrypted at rest. Never logged. Used only to generate your briefs.
- Meeting metadata — calendar events you’ve been invited to: titles, times, attendee email addresses. We do not store full event bodies.
- Brief content — the AI-generated brief itself, retained per your plan’s retention window (7 days on Free, longer on paid plans).
- Operational diagnostics — token counts, model snapshot, and timing data used to monitor brief quality. These never appear in the user-facing brief.
How briefs are generated
BriefDeck calls the Anthropic API and provides it with your OAuth tokens via the Model Context Protocol (MCP). Anthropic’s servers query Google Calendar, Gmail, HubSpot, Salesforce, or Sybill on our behalf, using your credentials, scoped to the read-only permissions you granted. We read your Microsoft 365 calendar via Microsoft Graph directly to identify meetings and their context. We do not access your Outlook email at this time. We don’t store the raw email or calendar payload Anthropic retrieves — only the synthesized brief.
What we do not do
- We do not sell your data, your meeting history, or your customer information to anyone.
- We do not use your meeting content to train AI models — Anthropic’s API does not train on customer inputs by default and we have not opted in to any change of that policy.
- We do not share data across customer accounts. Your team’s briefs are visible only inside your team.
Subprocessors
We use a limited set of vendors to operate BriefDeck. As of this policy’s last-updated date these are: Anthropic (AI inference), Amazon Web Services and DigitalOcean (infrastructure), Stripe (billing), and AWS Simple Email Service (transactional email). Each is bound by their own data-processing terms.
Security
All traffic is TLS-encrypted in transit. Databases and OAuth tokens are encrypted at rest. Production access requires SSO and is restricted to a small number of named engineers. We log access to credential stores and review those logs.
Your choices
- Disconnect a connector — go to Settings → Connectors and click Disconnect. We delete the corresponding OAuth tokens immediately and stop pulling from that source.
- Delete your account — email hello@briefdeck.ai. We delete your account record, OAuth tokens, briefs, and meeting metadata within 30 days.
- Export your briefs — also via that same email; we’ll send a JSON archive.
Changes to this policy
If we make material changes we’ll email all account holders at least 14 days before the change takes effect. Non-material clarifications are reflected here with a new “Last updated” date.
Contact
Questions, requests, or concerns? Email hello@briefdeck.ai. We respond within two business days.