Privacy Policy

1. Data controller

Briefd is operated by Business Safety Coaching International Sp. z o.o., Romana Dmowskiego 22/112, 43-100 Tychy, Poland (NIP: PL6463026358).

Contact email: info@briefd.it

2. Information we collect

When you submit the analysis form, we collect:

• Email address: to deliver your analysis report and, if you opt in, marketing communications.
• Website URL: to perform the copy and messaging analysis.
• Marketing preference: whether you chose to receive tips on sales copywriting and website messaging. This is optional and separate from the service.

We also collect automatically:

• Usage data: page views, session recordings, and interaction data collected by Hotjar for UX improvement (only with your consent).
• Server logs: IP address, browser type, and request timestamps, retained for security and debugging.

3. How and why we use your data

• Analysis report delivery: generating and sending your free website copy analysis. Legal basis: performance of the service you requested (GDPR Art. 6(1)(b)).
• Marketing emails: tips on copywriting and messaging, sent only if you explicitly opt in. Legal basis: your consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time using the unsubscribe link in any email or by contacting info@briefd.it.
• Website analytics: understanding how visitors use our site via Hotjar, only with your consent via the cookie banner. Legal basis: your consent (GDPR Art. 6(1)(a)). You can change your preference at any time using the "Cookie preferences" link in the page footer.
• Security and abuse prevention: server logs used to detect and prevent misuse. Legal basis: our legitimate interest in maintaining a secure service (GDPR Art. 6(1)(f)).

4. Cookies and tracking

We use the following tracking technologies, only with your consent:

• Hotjar: session recordings and heatmaps for UX analysis. Hotjar uses cookies to identify sessions. Data is processed in the EU. Hotjar Privacy Policy.

We do not use Google Analytics, Facebook Pixel, or any advertising cookies.

Your cookie consent preference is stored in your browser's local storage. You can change it at any time using the "Cookie preferences" link in the page footer, or by visiting Hotjar's Do Not Track page.

5. Data sharing and processors

We share your data only with the following service providers, strictly for delivering the service:

• AWS (eu-west-1, Ireland): infrastructure hosting, database (DynamoDB), email delivery (SES), file storage (S3), CDN (CloudFront).
• Hotjar (EU): website analytics and UX research.

We have Data Processing Agreements (DPAs) in place with all processors under GDPR Article 28. All data is processed within the European Economic Area.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

6. Data retention

• Email and URL: retained for 12 months from your last interaction with the service, then deleted. You can request earlier deletion at any time.
• Analysis reports: stored on S3 for 12 months, then archived to Glacier for long-term backup.
• Server logs: retained for up to 90 days.
• Hotjar data: retained according to Hotjar's retention policy (365 days max).

7. Your rights

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate data.
• Erasure: request deletion of your data. We will comply within 30 days.
• Restriction: request that we limit how we process your data.
• Portability: request your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: for marketing emails, click the unsubscribe link in any email. For cookies, use the "Cookie preferences" link in the footer.

To exercise any of these rights, contact us at info@briefd.it.

8. Supervisory authority

You have the right to lodge a complaint with your local data protection authority:

• Poland: Urzad Ochrony Danych Osobowych (UODO), uodo.gov.pl
• Italy: Garante per la protezione dei dati personali, garanteprivacy.it

9. Data security

We implement appropriate technical and organizational measures to protect your data:

• All data is transmitted over HTTPS/TLS.
• Data at rest is encrypted using AWS-managed encryption (AES-256).
• Access to infrastructure is restricted through IAM roles and least-privilege policies.

10. Children's privacy

Briefd is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests, contact us at info@briefd.it.