Privacy Policy

1. Introduction

CoreBrief provides monthly research publications to institutional and professional clients. We process data to generate comprehensive research content that you access through your subscription to our platform.

As a provider to institutional clients, we maintain strict data confidentiality and security standards. We are committed to protecting your privacy and maintaining the confidentiality expected in professional service relationships.

This Privacy Policy explains how we collect, use, and protect your information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection requirements.

2. Information We Collect

We collect information you provide directly, information collected automatically through our platform, and information from third-party sources necessary for our research services.

2.1 Information You Provide

Account Registration

When you create an account, we collect:

• Contact Information: Full name, email address
• Organization Details: Organization name (optional), organization type and professional category
• Account Security: Password (encrypted), login credentials
• Referral Information: How you heard about us, referral codes (optional)
• Consent Records: Professional use confirmation, marketing consent (optional), terms and privacy policy agreement

Communications

• Support Inquiries: Messages, questions, and feedback you send to us
• Privacy Requests: Data export, deletion, or other privacy-related requests

2.2 Automatically Collected Information

We automatically collect certain technical information when you access our services:

• Device and Browser Information: IP address, browser type, operating system, device identifiers
• Usage Analytics: Pages viewed, session duration, interaction patterns, feature usage
• Security Logs: Authentication events, access attempts, security incidents
• Essential Cookies: Authentication tokens, session management, and security cookies required for platform functionality
• Analytics: Basic usage analytics to improve our services (if enabled through our hosting provider)

We use minimal tracking focused on essential functionality. No third-party advertising or marketing cookies are used.

3. How We Use Your Information

We process your personal information based on the following legal grounds and for the purposes outlined below:

3.1 Legal Basis for Processing

• Performance of a Contract: Processing necessary to provide our services, manage your account, and fulfill our contractual obligations
• Legitimate Interests: Business operations, service improvement, security monitoring, and fraud prevention
• Legal Obligations: Compliance with applicable laws, regulations, and legal processes
• Consent: Marketing communications and optional features where consent is obtained

3.2 Specific Uses

• Service Delivery: Providing research publications, managing your subscription, processing billing
• Communication: Sending service updates, account notifications, responding to inquiries
• Business Operations: User authentication, subscription management, customer support, technical maintenance
• Service Improvement: Understanding user needs, developing new features, quality assurance
• Compliance and Security: Meeting legal obligations, preventing fraud, ensuring system security
• Marketing: With your consent, sending relevant product updates and content

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

4.1 Service Providers and Subprocessors

We work with carefully selected third-party providers who assist with:

• Cloud hosting and database services (Supabase)
• Payment processing (Stripe)
• Web hosting and deployment (Vercel)
• AI processing and analysis services (cloud infrastructure providers)
• Analytics and performance monitoring (Vercel Analytics)
• Email delivery for account notifications

All subprocessors are contractually bound to protect your information, use it only for specified purposes, and undergo regular compliance reviews. A current list of subprocessors is available upon request by contacting support@corebrief.ai.

4.2 Legal Requirements

We may disclose information when required by law, court order, or regulatory authority, or to:

• Comply with legal obligations and regulatory requirements
• Protect against fraud, unauthorized access, and security threats
• Enforce our terms of service or other agreements
• With your consent for specific purposes

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to confidentiality obligations and applicable privacy laws.

5. Data Security

We implement comprehensive security measures appropriate for institutional services:

• Encryption: Data encrypted in transit using TLS and at rest using industry-standard encryption
• Access Controls: Role-based access with multi-factor authentication and principle of least privilege
• Infrastructure Security: Secure cloud hosting with enterprise-grade protections through our service providers
• Database Security: Row-level security policies ensuring users can only access their own data
• Authentication: Secure user authentication and session management through Supabase
• Monitoring: Security monitoring and logging through our hosting infrastructure

While we implement reasonable security measures, no system is completely secure. We encourage you to use strong, unique passwords and keep your login credentials confidential. Please report any suspected security incidents to security@corebrief.ai.

6. Data Retention

We retain your information based on the following criteria:

• Active Subscriptions: For the duration of your subscription and service relationship
• Legal Requirements: As required by applicable laws, regulations, or legal proceedings
• Business Purposes: For legitimate business needs including dispute resolution and contract enforcement
• Cancelled Subscriptions: Personal account information deleted or anonymized within 90 days of account closure, except where longer retention is legally required

6.1 Record of Processing Activities

CoreBrief maintains comprehensive records of processing activities in accordance with applicable privacy laws, including details of processing purposes, categories of data, retention periods, and security measures.

7. Your Rights

Subject to applicable laws and depending on your jurisdiction, you may have the following rights regarding your personal information. Please note that these rights may vary by location and are subject to legal limitations and exceptions.

7.1 Access and Portability

• View and update your profile information through your account dashboard
• Request a copy of your personal data in a portable, machine-readable format
• Obtain information about how your data is processed

7.2 Correction and Updates

• Correct inaccurate or incomplete personal information
• Update your profile information through account settings

7.3 Deletion and Restriction

• Request deletion of your account and associated personal data
• Request restriction of processing in certain circumstances
• Object to processing based on legitimate interests

7.4 Marketing and Consent

• Withdraw consent for marketing communications at any time
• Opt out using unsubscribe links in emails
• Update communication preferences in your account settings

To exercise these rights, please contact us at privacy@corebrief.ai. We will respond within the timeframe required by applicable law (typically 30 days). Some requests may require identity verification for security purposes.

Note: Access to content is governed by your subscription status and our Terms of Service.

Note: Certain rights may be limited by applicable laws, legitimate business interests, or technical constraints.

8. International Data Transfers

Your information may be processed and stored in the United States or other countries where our service providers operate. Our primary service providers (Supabase, Vercel, Stripe) have established appropriate safeguards for international data transfers, including:

• US-based providers: Operating under applicable US privacy frameworks
• Enterprise-grade compliance: Our service providers maintain GDPR compliance programs
• Contractual protections: Data processing agreements with appropriate safeguards
• Industry standards: SOC 2, ISO certifications, and other security frameworks

For more information about our international transfer safeguards, please contactprivacy@corebrief.ai.

9. Children's Privacy

Our services are designed exclusively for professionals and business users. We do not knowingly collect personal information from individuals under 18 years of age (or the applicable age of majority in their jurisdiction). If we become aware that we have collected information from a minor, we will take immediate steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. For material changes that affect how we use your personal data, we may seek your consent where legally required.

We will notify you of updates through:

• Posting the updated policy on our website with a new effective date
• Email notification to registered users for material changes
• In-service notifications for significant modifications

Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy, unless additional consent is required by law.

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.