Privacy Policy

Last updated: November 2025

1. Introduction

This Privacy Policy explains how BriefSpark (“BriefSpark”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information when:

  • You visit our websites
  • You create an account and use the Service as a customer
  • Your website visitors interact with the BriefSpark widget installed on your site

We are committed to handling personal information in accordance with applicable data protection laws, including the Singapore Personal Data Protection Act and, where applicable, the laws of other jurisdictions.

2. Scope and Roles

This Privacy Policy applies to:

  • “Customer Data” about individuals who use or are associated with a BriefSpark customer account
  • “End User Data” about visitors to customer websites where the BriefSpark widget is installed
  • Technical and usage information collected in connection with the Service

When processing End User Data on behalf of a customer, BriefSpark generally acts as a data intermediary or processor and the customer remains responsible for providing appropriate privacy notices and obtaining consents from its end users.

For our own business operations, such as managing our website, marketing, billing, and product improvement, BriefSpark acts as an organisation or controller.

3. Information We Collect

3.1 Account and Customer Data
When you create or manage an account, we may collect:

  • Name and contact details (for example, email address, job title)
  • Organisation name and website URL
  • Login credentials (passwords are stored in encrypted form)
  • Billing and payment information (which may be processed by third party payment processors)
  • Communication preferences and support enquiries

3.2 Website and Content Data
To generate summaries and insights, we may collect and process:

  • Text and metadata from your website pages and articles
  • Structured data such as categories, tags, and publishing dates
  • Business information such as services, pricing, and contact details
  • Any configuration or prompts that you provide to customise the widget

3.3 End User Interaction Data
When a visitor interacts with the BriefSpark widget on your website, we may collect:

  • Selections of roles or personas
  • Interactions with summaries and prompts
  • Usage metrics such as views, clicks, and scrolls
  • Feedback or ratings provided for summaries
  • Time and duration of interactions

3.4 Device and Usage Data
We automatically collect certain technical information when the Service is used, such as:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Referring URLs and pages visited
  • Date and time of requests
  • Log data and diagnostic information

3.5 Cookies and Similar Technologies
We and our partners use cookies and similar technologies to:

  • Enable core functionality of the widget and dashboard
  • Keep users logged in
  • Measure and analyse usage of the Service
  • Improve performance and user experience

You can control cookies through your browser settings and, where required, customers should implement consent mechanisms on their websites.

3.6 Communications
If you contact us, subscribe to updates, or respond to surveys, we collect the information you provide, such as your name, email address, and the content of your message.

4. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Service
  • To generate summaries, tailored insights, and analytics for your content
  • To configure and support the BriefSpark widget on your site
  • To communicate with you about your account, including service announcements and administrative messages
  • To process payments and manage billing
  • To monitor and improve the performance, security, and reliability of the Service
  • To analyse usage and develop new features and offerings
  • To comply with legal obligations and respond to lawful requests
  • To protect our rights, property, and safety and that of our users and the public

Where required by law, we rely on consent or other legal bases for processing. Customers are responsible for obtaining any consents necessary for their use of the Service on their own sites.

5. AI and Third Party Service Providers

We use Third Party Providers to help us deliver the Service, including:

  • Cloud hosting and infrastructure providers
  • AI model providers such as OpenAI and Google for GPT, Gemini, and related models
  • Analytics and monitoring tools
  • Payment processors
  • Email and support tools

When we send Customer Content or End User Data to Third Party Providers, they process that information on our behalf or in accordance with their own terms and privacy notices. We take reasonable steps to ensure that such providers implement appropriate security measures and only use the data as necessary to provide their services.

We may also use aggregated or de identified data to train or improve our models and features. Where we do so, we will not use this data in a way that identifies individuals.

6. Sharing and Disclosure

We may share personal information in the following circumstances:

  • With our service providers and contractors who assist us in operating the Service
  • With Third Party Providers who supply AI models and infrastructure
  • With our professional advisers, such as lawyers, auditors, and insurers
  • If required by law, regulation, legal process, or governmental request
  • To protect the rights, property, or safety of BriefSpark, our users, or the public
  • In connection with a business transaction such as a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards

We do not sell personal information.

7. International Transfers

BriefSpark is based in Singapore, but we may process and store information in other countries where we or our service providers operate.

When we transfer personal information across borders, we take steps designed to ensure that the information receives an adequate level of protection, for example by:

  • Using data centres with appropriate certifications and security controls
  • Entering into contractual protections such as standard contractual clauses where required
  • Applying internal policies and safeguards consistent with applicable law

8. Data Security

We implement technical and organisational measures to protect personal information against unauthorised access, loss, misuse, or alteration. These measures may include:

  • Encryption of data in transit and at rest where appropriate
  • Access controls and authentication
  • Network and application security measures
  • Logging and monitoring
  • Staff training on data protection

No system can be guaranteed to be completely secure. You are responsible for safeguarding your login credentials and for ensuring that your own systems and websites are adequately protected.

9. Data Retention

We retain personal information for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account and Customer Data is retained while your account is active and for a reasonable period afterwards for backup, audit, and legal purposes
  • Content used for summaries is retained while your account is active and may be cached to improve performance
  • Analytics and interaction data may be retained for product improvement and reporting for a period that is aligned with your account settings and our internal policies
  • Billing and transactional records are retained for periods required by tax and accounting rules

We may anonymise data so that it can no longer be associated with an identifiable individual and use that information for analytics and product development.

10. Your Rights and Choices

Depending on your location and applicable law, you may have rights in relation to your personal information, such as:

  • Access: to request access to personal data we hold about you
  • Correction: to request correction of inaccurate or incomplete data
  • Deletion: to request deletion of personal data, subject to legal exceptions
  • Restriction or objection: to request that we restrict or stop certain processing
  • Portability: to request a copy of certain personal data in a portable format
  • Withdrawal of consent: where processing is based on consent, to withdraw that consent

If you are a customer, you can access and update certain information directly through your account settings. To exercise your rights, you can contact us using the details in section 14.

If you are an end user of a customer website and wish to exercise your rights, you should contact the website owner directly. We will assist our customers in responding to such requests as required by law and our contracts.

11. Children

The Service is not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it. If you believe a child has provided us with personal information, please contact us.

12. Third Party Websites

The Service may link to or integrate with third party websites, services, or content. This Privacy Policy does not apply to third party websites or services, and we are not responsible for their privacy practices. We encourage you and your users to review the privacy policies of any third party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, for example by email or via the Service.

Your continued use of the Service after any changes take effect will constitute your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us at: support@briefspark.ai We will aim to respond to your request within a reasonable time frame and in accordance with applicable laws.