Privacy Policy

Last Updated: September 29, 2025

Briefling AI ("we," "us," or "our") operates Hashpile, an AI-powered HTML card generation service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the "Service").

By using Hashpile, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

We collect several types of information from and about users of our Service:

1.1 Information You Provide Directly

Account Information: When you create an account, we collect:

  • Email address
  • Password (stored securely in encrypted form)
  • Any other information you choose to provide

User Content: We collect and store:

  • Messages and inputs you send to our AI models
  • Text, images, URLs, and other content you submit for card generation
  • HTML cards generated through the Service

1.2 Information Collected Automatically

Authentication Tokens: We use JWT (JSON Web Tokens) stored in your browser's local storage to maintain your login session and authenticate your requests.

Analytics Data: We use Google Analytics to collect information about how you use the Service, including:

  • Pages visited and features used
  • Time spent on the Service
  • Click and navigation patterns
  • Referring websites

Device and Technical Information: Through Google Analytics and our servers, we may collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Screen resolution
  • Language preferences
  • Time zone

1.3 Information We Do Not Collect

We do not collect:

  • Payment card information directly (handled by our payment processor)
  • Precise geolocation data
  • Biometric data
  • Social security numbers or government-issued identification

2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide the Service:

  • Create and manage your account
  • Process your inputs and generate HTML cards using AI models
  • Store your generated cards for access and sharing
  • Authenticate your identity and maintain your session

To Process Payments:

  • Process subscriptions and credit purchases
  • Manage billing and invoicing
  • Prevent fraud and unauthorized transactions

To Improve the Service:

  • Analyze usage patterns and trends
  • Identify and fix technical issues
  • Develop new features and improve existing functionality
  • Conduct research and analytics

To Communicate With You:

  • Send transactional emails (account notifications, password resets, billing confirmations)
  • Respond to your inquiries and support requests
  • Send important Service updates and changes to our Terms or Privacy Policy

To Ensure Security and Compliance:

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Comply with legal obligations and respond to lawful requests

Important: We do not use your submitted content or generated cards to train or improve AI models.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

AI Model Providers: We share your inputs and messages with third-party AI providers (including Anthropic, Google Gemini, and Grok) to generate HTML cards. These providers process your data in accordance with their own privacy policies and terms of service.

Payment Processor: We use Stripe to process payments. When you make a purchase, we share your email address and payment information with Stripe. Stripe's use of your information is governed by their privacy policy.

Database and Hosting: We use Supabase (backed by AWS) to store your account information, user content, and generated cards. Supabase acts as our database provider and processes data on our behalf.

Analytics Provider: We use Google Analytics to analyze usage of the Service. Google Analytics collects device information, usage data, and analytics as described in Section 1.2. Google's use of this data is governed by Google's privacy policy.

All third-party service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, warrants)
  • Governmental or regulatory requests
  • Protection of our rights, property, or safety, or that of our users or the public

3.3 Business Transfers

If Briefling AI is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Account Information: Retained as long as your account is active or as needed to provide you with the Service.

Generated Cards: Stored indefinitely for as long as the Service operates, unless you request deletion.

Analytics Data: Retained in accordance with Google Analytics' data retention policies (typically 26 months).

Payment Information: Payment transaction records are retained for accounting and legal compliance purposes.

After you delete your account or request deletion of your data, we may retain certain information as required by law or for legitimate business purposes, such as fraud prevention and enforcing our Terms of Service.

5. Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encryption of data in transit using SSL/TLS
  • Secure password storage using industry-standard hashing
  • Authentication using JWT tokens
  • Hosting with secure, reputable providers (Supabase/AWS)
  • Regular security assessments and updates
  • Access controls limiting employee access to personal information

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

6.1 General Rights

Access: You can access most of your account information by logging into your account.

Correction: You can update your account information through your account settings.

Deletion: You can request deletion of your account and associated data by contacting us at support@hashpile.ai. We will process deletion requests within a reasonable timeframe.

Objection: You may object to certain processing of your personal information by contacting us.

6.2 Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing in certain circumstances
  • Right to data portability (receive your data in a structured format)
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your personal data based on:

  • Contractual necessity: To provide the Service you've requested
  • Legitimate interests: To improve our Service, ensure security, and analyze usage
  • Consent: Where you've provided explicit consent
  • Legal obligations: To comply with applicable laws

6.3 Rights for California Users (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete your personal information (subject to certain exceptions)
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use and disclosure of sensitive personal information

Note: We do not sell or share your personal information for cross-context behavioral advertising.

6.4 Rights for Canadian Users (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • Right to access your personal information
  • Right to challenge the accuracy and completeness of your information
  • Right to withdraw consent for certain uses of your information
  • Right to file a complaint with the Privacy Commissioner of Canada

6.5 Exercising Your Rights

To exercise any of these rights, please contact us at support@hashpile.ai. We will respond to your request within the timeframe required by applicable law (typically 30 days).

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

7. Children's Privacy

Hashpile is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us immediately.

For users between 13 and 18, we treat their data the same as adult users. We encourage parents and guardians to monitor their children's internet usage and help enforce our Privacy Policy.

8. International Data Transfers

Briefling AI is based in Canada. If you access the Service from outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada and other countries where our service providers operate (including the United States through AWS).

These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to Canada and other countries as described in this Privacy Policy.

For EEA/UK/Swiss Users: When we transfer personal data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers certified under relevant data transfer frameworks
  • Other legally approved transfer mechanisms

9. Cookies and Tracking Technologies

9.1 What We Use

JWT Tokens: We store JWT (JSON Web Token) authentication tokens in your browser's local storage to maintain your login session. These tokens are essential for the Service to function and cannot be disabled without preventing you from using the Service.

Google Analytics: We use Google Analytics cookies to collect usage and analytics data as described in Section 1.2. These cookies help us understand how users interact with the Service.

9.2 Your Choices

Browser Settings: You can configure your browser to refuse cookies or alert you when cookies are being sent. However, if you disable cookies, some features of the Service may not function properly.

Google Analytics Opt-Out: You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout

Do Not Track: Some browsers have a "Do Not Track" feature. We do not currently respond to Do Not Track signals.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by Briefling AI. This Privacy Policy does not apply to third-party websites.

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you via email or through a prominent notice on the Service for material changes
  • Obtain your consent where required by applicable law

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Briefling AI
Email: support@hashpile.ai
Website: https://hashpile.ai

For Privacy-Related Inquiries:

  • GDPR requests: support@hashpile.ai
  • CCPA requests: support@hashpile.ai
  • General privacy questions: support@hashpile.ai

Response Time: We aim to respond to all privacy inquiries within 30 days.

13. Complaints and Regulatory Contacts

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority:

Canada: Office of the Privacy Commissioner of Canada
Website: https://www.priv.gc.ca

European Union: Your local Data Protection Authority
List: https://edpb.europa.eu/about-edpb/board/members_en

California: California Attorney General
Website: https://oag.ca.gov/privacy

United Kingdom: Information Commissioner's Office (ICO)
Website: https://ico.org.uk

By using Hashpile, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.