debrief

Privacy Policy

Last updated: March 27, 2026

1. Introduction

Debrief ("we," "us," or "our") operates the Debrief application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account.

Meeting Notes and Debrief Content: You provide meeting notes, thoughts, and other content ("User Content") through the Service. This information is private and may contain sensitive details about your meetings and professional activities.

Calendar Data: If you connect your Google Calendar, we access read-only calendar event metadata — specifically event titles, start and end times, and attendee names — solely to help you associate debriefs with the meetings they refer to. We do not read, store, or modify the body or description of calendar events.

Usage Data: We collect standard usage information such as IP address, browser type, pages visited, and timestamps to operate and improve the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Organize and structure your meeting notes and debrief content
  • Respond to your requests and provide customer support

Google user data: Information received from Google (including your name, email address, profile picture, and calendar data) is used solely to provide and improve the Service. We do not use Google user data for advertising, profiling, or any purpose unrelated to operating the Service. We do not sell, rent, or share Google user data with third parties except as described in Section 6 of this policy.

Debrief's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. AI Processing

The Service uses artificial intelligence ("AI") to process and structure your User Content. This means your meeting notes and debrief content may be sent to third-party AI providers for processing, including but not limited to summarization, organization, and analysis.

When your data is sent to AI providers, it is transmitted securely. We select AI providers that commit to not using your data to train their models. However, your content is processed by these providers' systems in order to generate the structured outputs you see in the Service.

Additionally, the Service exposes your structured debrief data to your own AI tools via the Model Context Protocol (MCP). This access is controlled by you through API keys and OAuth authentication, and only you can authorize which AI tools have access to your data.

5. Data Encryption and Security

We take the security of your private information seriously. Your User Content is encrypted at rest using AES-256-GCM encryption. Data is encrypted before being stored in our database, and decryption keys are managed separately from the stored data.

All data transmitted between your browser and our servers is encrypted in transit using TLS. We use Supabase as our database provider, which provides additional layers of security including row-level security policies that ensure you can only access your own data.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With third-party providers who assist in operating the Service (e.g., hosting, AI processing, authentication), subject to confidentiality obligations.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Safety: To protect the rights, safety, or property of Debrief, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case your information may be transferred to the acquiring entity.

7. Data Retention

We retain your User Content and account information for as long as your account is active. You may delete individual debriefs at any time. If you delete your account, we will delete your data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing activities

To exercise these rights, please contact us at the email address below.

9. Cookies

We use essential cookies to maintain your session and remember your preferences (such as theme settings). We do not use third-party tracking or advertising cookies.

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@debrief.today.

Privacy Policy - Debrief