Privacy Policy
Last updated on 21 September 2025
Privacy Policy for briefOS
This Privacy Policy explains how zenylo LTD (trading as "briefOS", "we", "us", or "our") collects, uses, shares, and protects information when you use our website and services at briefos.ai.
1. Company Information
Legal Entity: zenylo LTD
Trading Name: briefOS
Registered Address: 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ
Contact Email: info@briefos.ai
Data Protection Officer: Contact at info@briefos.ai
2. Services Overview
briefOS provides AI-powered creative strategy software services that analyze video advertisements and brand information to deliver strategic insights for creative professionals and marketers. Our service includes integration with Meta Ads accounts to analyze advertising performance and campaign data.
3. Age Requirements
Our services are intended for users who are at least 18 years old. By using briefOS, you confirm that you meet this age requirement.
4. Information We Collect
4.1 Information You Provide
Account Information: Name, email address, profile picture, company details, and authentication credentials
Content Data: Brand information, context files, and video advertisements you upload for analysis (including supported formats: MP4, MOV, AVI, WebM, and other applicable formats)
Payment Information: Billing details processed securely through Stripe and Clerk
Team Collaboration: Information about team members you invite and sharing permissions
Communications: Messages, support tickets, and feedback you send to us
Account Preferences: Notification settings, accessibility preferences, communication preferences
4.2 Meta Ads Account Data
If you connect your Meta Ads account, we request the following permissions and collect:
Permissions Required:
read_insights
pages_show_list
ads_management
ads_read
business_management
pages_read_engagement
pages_read_user_content
pages_manage_posts
Campaign Performance Data: Impressions, clicks, conversions, spend, and other metrics
Ad Creative Content: Images, videos, and copy from your advertisements
Audience Insights: Demographics and targeting information
Account Structure: Campaigns, ad sets, and ad configurations
Historical Data: Up to 2 years of historical advertising data (where available)
4.3 Information Collected Automatically
Usage Data: Features used, analysis requests, API calls, and interaction patterns
Analytics Data: Collected through Google Analytics, Google Tag Manager, Meta Pixel, and PostHog
Device Information: Browser type, operating system, device identifiers, screen resolution
Network Information: IP address, connection details, and geographic location (country/city level)
Log Data: Server logs, access logs, error logs, and API logs
Performance Data: Page load times, app crashes, and error reports
Browser Storage: localStorage, sessionStorage, and IndexedDB data for app functionality
Accessibility Settings: Screen reader usage, high contrast preferences, font size adjustments
Cookies: Essential, analytics, and marketing cookies (see Section 11)
4.4 Information from Clerk Authentication
Our authentication provider Clerk collects:
Name and email address
Profile picture (if provided)
IP address
Device information
Login credentials and authentication tokens
Social login information (if used)
5. How We Use Your Information
5.1 Primary Uses
We use collected information to:
Provide AI-powered analysis of your video advertisements and Meta Ads campaigns
Generate strategic insights and recommendations
Process payments and manage subscriptions
Provide customer support and respond to inquiries
Send service-related communications and updates
Enable team collaboration and account sharing features
Monitor for prohibited content and enforce our acceptable use policy
5.2 Service Improvement
Improve our AI models and analysis algorithms (see Section 6 for details)
Debug technical issues and improve platform stability
Develop new features and services
Create aggregated industry benchmarks (anonymized)
5.3 Legal and Business
Comply with legal obligations and regulatory requirements
Protect against fraud, abuse, and security threats
Enforce our terms of service and acceptable use policy
Send marketing communications (with your consent)
Protect our intellectual property rights
6. AI Training and Your Data
6.1 Current Practices
We DO NOT currently use your uploaded videos or brand content to train our AI models
Your data is processed through third-party AI services solely to generate your specific analysis
Each analysis is isolated and does not influence future analyses for other users
6.2 Aggregated Insights
We may create anonymized, aggregated industry insights from collective user data:
Industry performance benchmarks
Creative trends analysis
General best practices These never identify individual users or specific campaigns.
6.3 Future Changes
If we decide to use customer data for model training in the future, we will:
Notify you in advance
Request explicit opt-in consent
Provide clear opt-out options
Update this policy accordingly
7. Content Standards and Acceptable Use
7.1 Prohibited Content
You may not upload, submit, or process content that:
Is illegal, fraudulent, or violates any applicable laws
Infringes on intellectual property rights of others
Contains malware, viruses, or harmful code
Depicts violence, hate speech, or discriminatory content
Contains adult content or nudity
Violates privacy rights of any individual
Contains false or misleading information
Promotes illegal activities or substances
Violates advertising standards or regulations
7.2 Content Screening
We reserve the right to:
Screen content for violations using automated and manual review
Remove or refuse to process prohibited content without notice
Suspend or terminate accounts that violate content standards
Report illegal content to appropriate authorities
Retain removed content for legal compliance purposes
7.3 Copyright Compliance
You represent and warrant that you have all necessary rights to upload and analyze content. We respect intellectual property rights and will respond to valid DMCA takedown notices.
8. Legal Basis for Processing (GDPR)
We process your personal data based on:
Contract Performance: To deliver our services and fulfill our agreement with you
Legitimate Interests: For analytics, service improvements, security, fraud prevention, and protecting our legal rights
Consent: For marketing communications, cookies, and optional data processing
Legal Obligations: To comply with applicable laws, regulations, and legal processes
Vital Interests: In rare cases where processing is necessary to protect someone's life
9. Data Minimization
We are committed to data minimization principles:
We only collect data necessary for specified purposes
We regularly review and delete unnecessary data
We provide tools for you to manage and delete your data
We implement data retention limits aligned with business needs
10. Automated Decision-Making and Profiling
10.1 AI Analysis Disclosure
Our service uses automated processing to:
Analyze video content and identify creative elements
Evaluate advertising performance metrics
Generate strategic recommendations
Score creative effectiveness
Detect prohibited content
10.2 Logic and Consequences
General Logic: Our AI analyzes visual elements, messaging, performance data, and industry patterns to identify optimization opportunities
Significance: These analyses influence strategic recommendations that may impact your advertising decisions
No Solely Automated Decisions: All insights are recommendations; final decisions remain with you
10.3 Your Rights
You have the right to:
Request human review of any AI-generated analysis
Understand the factors influencing specific recommendations
Opt-out of certain types of automated analysis
Contest automated content moderation decisions
11. Information Sharing
11.1 Service Providers We Currently Use
Clerk: Authentication and user management
Stripe: Payment processing and subscription management
AWS: Cloud infrastructure and data storage for our application
Framer: Website hosting and infrastructure
OpenRouter: AI API routing and management
AI Providers (via OpenRouter): Anthropic, Google AI, OpenAI
Google: Analytics, Tag Manager, and advertising services
Meta: Pixel analytics and Ads API integration
PostHog: Product analytics
11.2 Additional Services We May Use
We may also share data with:
Customer Support Systems: Helpdesk and ticketing platforms (Intercom, Zendesk, or similar)
Email Service Providers: For transactional and marketing emails (SendGrid, Mailgun, or similar)
Error Tracking Services: For monitoring and debugging (Sentry, Bugsnag, or similar)
CDN Providers: For content delivery and performance (Cloudflare, Fastly, or similar)
Communication Tools: For customer engagement and support
Security Services: For fraud prevention and platform protection
Professional Services: Legal, accounting, and compliance advisors (under strict confidentiality)
Infrastructure Monitoring: Uptime monitoring and status page services
11.3 Sub-processor List
For a complete, up-to-date list of all sub-processors, please contact info@briefos.ai
11.4 Legal Disclosure
We may disclose information when required to:
Comply with applicable laws, regulations, or legal processes
Respond to government requests, subpoenas, or court orders
Protect our rights, property, safety, or intellectual property
Investigate fraud, security issues, or policy violations
Protect against legal liability
11.5 Business Transfers
In the event of a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred to the successor entity. We will:
Notify you via email and prominent website notice before transfer
Provide opportunity to delete your account before transfer
Ensure the successor entity adheres to this privacy policy
12. Data Retention
12.1 Active Data Retention
We retain your information while your account is active and as necessary to provide services. Specific retention periods:
Active Account Data: Duration of active account
Closed Account Data: 30 days after account closure for recovery purposes
Uploaded Content: Retained until you request deletion
Soft-Deleted Content: Moved to inactive storage, requires manual deletion request
Meta Ads Data: Synchronized with your account retention period
Analytics Data: 26 months
Payment Records: 7 years (UK tax law requirement)
Server/API Logs: 90 days
Error Logs: 30 days
Support Communications: 2 years after resolution
Legal Compliance Data: As required by applicable laws
12.2 Important Note on Data Deletion
No data is automatically permanently deleted. Soft-deleted items remain in our backup systems indefinitely until you specifically request permanent deletion by contacting info@briefos.ai. We maintain this policy to:
Allow account recovery
Comply with legal obligations
Protect against fraudulent deletion requests
12.3 Account Inactivity
Free accounts inactive for 2 years may be flagged for deletion
Paid accounts remain active per subscription terms
We'll notify you before any deletion due to inactivity
13. Cookies and Tracking Technologies
13.1 Cookie Types
Essential Cookies: Authentication, security, load balancing, and core functionality
Analytics Cookies: Google Analytics, PostHog for usage patterns and improvements
Marketing Cookies: Meta Pixel, Google Ads for remarketing and conversion tracking
Performance Cookies: Site optimization, error tracking, and speed monitoring
Preference Cookies: Language, region, and accessibility settings
13.2 Cookie Management
Manage preferences via our cookie consent banner
We respect browser Do Not Track (DNT) signals where technically feasible
Disable cookies in browser settings (may impact functionality)
Clear cookies anytime through browser settings
13.3 Other Tracking Technologies
Web Beacons: In emails to track opens and engagement
Browser Storage: localStorage and sessionStorage for app state
Device Fingerprinting: Limited use for fraud prevention only
14. Your Rights
14.1 For EU/UK Users (GDPR)
You have the right to:
Access: Obtain a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion ("right to be forgotten")
Restriction: Limit processing of your data in certain circumstances
Portability: Receive your data in a portable format (JSON/CSV)
Object: Oppose specific processing activities, especially for marketing
Automated Decisions: Request human review of AI analyses
Withdraw Consent: For consent-based processing at any time
Lodge Complaints: With supervisory authorities (ICO for UK)
14.2 For California Users (CCPA/CPRA)
You have the right to:
Know: What personal information is collected, used, shared, or sold
Delete: Request deletion of personal information
Opt-Out: Of sale or sharing of personal information (we do not sell data)
Non-Discrimination: Equal service regardless of privacy choices
Correct: Inaccurate personal information
Limit: Use and disclosure of sensitive personal information
14.3 How to Exercise Rights
Email: info@briefos.ai with your specific request
Response Time: Within 30 days (45 for complex requests)
Verification: We may request information to verify your identity
No Fee: Unless requests are excessive or manifestly unfounded
14.4 Right to Restrict Processing
You may request restriction of processing when:
You contest data accuracy (while we verify)
Processing is unlawful but you oppose erasure
We no longer need data but you need it for legal claims
You've objected to processing pending verification of legitimate grounds
15. Intellectual Property and License Terms
15.1 Your Content Ownership
You retain all ownership rights to content you upload
You maintain copyright and intellectual property rights
We don't claim ownership of your videos, brand materials, or campaigns
15.2 License Grant to briefOS
By uploading content, you grant us a worldwide, non-exclusive, royalty-free license to:
Process, analyze, and store your content for service delivery
Create derivative works (thumbnails, transcripts, analysis reports)
Display content back to you and authorized team members
Generate anonymized, aggregated insights
Cache and backup content for service reliability
Use technical data to improve our services
15.3 Your Warranties
You represent and warrant that:
You own or have rights to all uploaded content
Content doesn't infringe third-party rights
You have necessary permissions for any people appearing in videos
You indemnify us against claims arising from your content
You won't hold us liable for analysis accuracy or business outcomes
15.4 Our Intellectual Property
All AI models, algorithms, and analysis methods remain our property
Insights and reports are provided as a service, not transferred IP
You may not reverse engineer or attempt to extract our methods
Our trademarks and branding remain our exclusive property
16. Data Security
16.1 Technical Measures
Encryption: TLS 1.2+ in transit, AES-256 at rest
Infrastructure: Secure AWS environment with VPC isolation
Access Control: Role-based access with multi-factor authentication
Monitoring: 24/7 security monitoring and intrusion detection
Backups: Encrypted, geographically distributed backups
Testing: Regular penetration testing and vulnerability assessments
16.2 Organizational Measures
Background checks for employees with data access
Strict confidentiality agreements
Regular security training and awareness programs
Vendor security assessments and agreements
Incident response team and procedures
Security policies aligned with ISO 27001 principles
16.3 Data Breach Notification
In the event of a personal data breach:
Regulatory Notification: Within 72 hours to relevant authorities (where required)
User Notification: Without undue delay if high risk to your rights
Content: Nature of breach, likely consequences, mitigation measures taken
Documentation: We maintain records of all breaches and responses
17. Data Processing Agreements
17.1 When Required
Enterprise customers and agencies processing data on behalf of clients may require a Data Processing Agreement (DPA) for GDPR compliance.
17.2 Standard Terms
Our standard DPA includes:
Defined roles and responsibilities
Processing instructions and limitations
Security obligations
Sub-processor management
Audit rights
Data return and deletion terms
Contact info@briefos.ai to request our standard DPA.
18. Third-Party Account Connections
18.1 Meta Ads Account
Access Scope: Limited to permissions you explicitly grant
Data Refresh: Automatic daily synchronization while connected
Revocation: Disconnect anytime via account settings
Multi-Account: Support for multiple ad accounts and Business Manager access
Data Retention: Synchronized data retained per your account settings
18.2 Future Integrations
We may add integrations with:
Google Ads
TikTok Ads
LinkedIn Ads
Amazon Advertising
Twitter Ads
Each integration will require explicit authorization and updated privacy terms.
19. API and Developer Features
19.1 API Access
If you use our API:
API keys are personal and must be kept confidential
All API usage is logged for security and billing
Rate limits apply (1000 requests/hour default)
Webhook endpoints must use HTTPS
API data usage subject to same privacy terms
19.2 Data Exports
You can export your data through:
Account settings dashboard (JSON/CSV formats)
API endpoints (for technical users)
Support request for complete data package
20. International Data Transfers
20.1 Transfer Mechanisms
As a UK-based company:
UK Adequacy Decision: For EU data transfers
Standard Contractual Clauses: For other international transfers
Data Processing Agreements: With all international processors
20.2 Data Localization
Primary Processing: United Kingdom
Backup Storage: EU (Ireland) and US (Virginia) regions
CDN Distribution: Global edge locations
Customer Choice: Enterprise plans may request specific regions
21. Marketing and Communications
21.1 Communication Types
Service Emails: Always sent (security, billing, critical updates)
Product Updates: Opt-in during signup or in settings
Marketing Newsletter: Separate opt-in with clear consent
Educational Content: Webinars, guides (separate consent)
Partner Offers: Only with explicit opt-in
21.2 Managing Preferences
Unsubscribe Link: In every marketing email footer
Reply STOP: To any SMS (if applicable)
Processing Time: Opt-outs processed within 48 hours
21.3 Communication Channels
We may contact you via:
Email (primary channel)
In-app notifications
SMS (only with explicit consent)
Push notifications (if mobile app launched, with consent)
22. Video Processing Specifics
22.1 File Handling
Supported Formats: MP4, MOV, AVI, WebM, MKV and other
Processing: Transcoding, thumbnail generation, scene detection
Storage: Encrypted S3 storage with CDN distribution
Quality: Original files preserved, multiple resolutions generated
22.2 Content Analysis
Videos are analyzed for:
Visual composition and cinematography
Brand element detection
Audio transcription and sentiment
Color grading and visual effects
Text overlay and messaging
Performance correlation patterns
22.3 Deletion Process
Soft Delete: Immediate removal from active systems
Permanent Delete: Manual request required via info@briefos.ai
Processing Time: 30 days for complete removal
Confirmation: Email confirmation when permanently deleted
23. Team and Collaboration Features
23.1 Team Structure
Roles: Owner, Admin, Editor, Viewer
Permissions: Granular control per role
Audit Log: All team actions logged
Data Isolation: Teams cannot access other teams' data
23.2 Team Member Rights
Individual privacy maintained within teams
Personal data separate from team data
Right to export personal contributions
Removal doesn't affect personal account
24. Account Types and Data Handling
24.1 Free Accounts
Limited features and storage
Same privacy protections as paid accounts
May include additional analytics for product improvement
Upgrade prompts based on usage patterns
24.2 Paid Accounts
Full feature access
Priority support
Enhanced data export options
Custom retention periods available
24.3 Enterprise Accounts
Custom data processing agreements
Dedicated infrastructure options
Custom security requirements
Negotiable terms and SLAs
25. Children's Privacy
Our services are strictly for users 18 and older. We do not knowingly collect data from minors. If we discover data from someone under 18:
Immediate account suspension
Data deletion within 48 hours
Parent/guardian notification if contact available
Report to authorities if required by law
26. Accessibility
26.1 Accessibility Data
We may collect:
Screen reader usage for compatibility
Keyboard navigation patterns
Font size and contrast preferences
Alternative text usage
26.2 Accessibility Commitment
WCAG 2.1 AA compliance target
Regular accessibility audits
User feedback incorporation
Alternative formats available on request
27. Dispute Resolution and Legal Terms
27.1 Governing Law
This Privacy Policy is governed by the laws of England and Wales. Any disputes arising shall be subject to the exclusive jurisdiction of the courts of England and Wales.
27.2 Dispute Resolution Process
Informal Resolution: Contact info@briefos.ai first
Formal Complaint: Written notice with 30-day resolution attempt
Mediation: Optional mediation in London
Legal Action: Courts of England and Wales
27.3 Limitation of Liability
To the maximum extent permitted by law:
We are not liable for indirect or consequential damages
Our total liability is limited to fees paid in the past 12 months
You indemnify us against claims arising from your use
27.4 Severability
If any provision of this Privacy Policy is found unenforceable, the remaining provisions continue in full force and effect.
27.5 Entire Agreement
This Privacy Policy, combined with our Terms of Service, constitutes the entire agreement regarding privacy between you and briefOS.
27.6 No Waiver
Our failure to enforce any right or provision doesn't constitute a waiver of that right or provision.
28. Referral and Affiliate Programs
If you participate in referral programs:
We track referral codes and conversion
Referrer name shared with referred users
Commission data retained for 7 years (tax requirements)
Performance metrics available in dashboard
Fraud detection monitoring applied
29. Public Content and Case Studies
29.1 Public Sharing
When you share content publicly:
You control what's shared via privacy settings
Public links can be password-protected
Analytics on public link views
Revocation immediate but cached versions may persist
29.2 Case Studies
We may request permission to:
Feature anonymized success metrics
Create detailed case studies (separate consent required)
Include in marketing materials (additional compensation possible)
30. Changes to This Policy
30.1 Notification Process
For material changes:
30-day advance notice via email
Banner notification in application
Option to export data before changes
30.2 Acceptance
Continued use after notice period constitutes acceptance
Disagreement requires account closure before effective date
Archived versions available for reference
31. Contact Information
31.1 Privacy Inquiries
Primary Contact: info@briefos.ai
Data Protection Officer: info@briefos.ai
Response Time: Within 5 business days for initial response
31.2 Mailing Address
zenylo LTD
71-75 Shelton Street
London, Greater London
United Kingdom, WC2H 9JQ
31.3 Supervisory Authorities
UK Users: Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
EU Users: Your local data protection authority
List available at: edpb.europa.eu/about-edpb/board/members_en
31.4 Escalation Process
Initial inquiry: info@briefos.ai
Escalation: info@briefos.ai
Formal complaint: Via registered mail
Regulatory complaint: ICO or local authority
More information about data deletion at: https://briefos.com/detelemydata
Version: 1.0
Effective Date: 21 September 2025
Last Modified: 21 September 2025
Certification Statement: This privacy policy has been prepared in accordance with GDPR, UK GDPR, CCPA, and other applicable privacy laws. Regular reviews ensure ongoing compliance.