Privacy Policy

Last updated: January 27, 2026

This Privacy Policy describes how bref. ("we", "us", or "our") collects, uses, and shares information when you use our Chrome extension ("bref." or the "Extension").

---

1. Information We Collect

1.1 Account Information

When you sign in to bref., we collect:

• Email address (provided via Google OAuth)
• Profile picture URL (provided via Google OAuth)
• User identifier (generated by our authentication system)

1.2 LinkedIn Post Content

When you use the summarization feature, we collect:

• Post content (the text of LinkedIn posts you choose to summarize)
• Post identifier (a hash of the content or LinkedIn URN for caching purposes)

Important: The LinkedIn posts you summarize may contain content created by third parties (other LinkedIn users). By using bref., you acknowledge that you are responsible for ensuring your use of the Extension complies with LinkedIn's terms of service and respects the intellectual property rights of content creators.

1.3 Generated Data

We create and store:

• Summaries (AI-generated summaries of the posts you summarize)
• Usage metrics (character counts, time saved calculations)
• Credits balance (your remaining summarization credits)

1.4 Payment Information

When you purchase credits, we collect:

• Transaction identifiers (Stripe payment IDs)
• Purchase details (credits purchased, amount paid, transaction status)

We do not store your credit card number, CVV, or other sensitive payment details. All payment processing is handled securely by Stripe.

---

2. How We Use Your Information

We use the collected information to:

• Provide the service: Generate summaries of LinkedIn posts
• Cache summaries: Avoid re-processing posts you've already summarized
• Manage your account: Track your credits balance and transaction history
• Calculate statistics: Display time saved metrics in the Extension
• Process payments: Handle credit purchases via Stripe
• Improve the service: Analyze aggregate usage patterns (anonymized)

---

3. Information Sharing and Third-Party Services

We share your information with the following third-party services:

3.1 Google (Authentication)

• Purpose: Account authentication via Google OAuth
• Data shared: We receive your email and profile picture from Google
• Privacy Policy: https://policies.google.com/privacy

3.2 Supabase (Database & Authentication)

• Purpose: Data storage and user authentication
• Data shared: All account data, summaries, and transaction records
• Privacy Policy: https://supabase.com/privacy

3.3 OpenAI (AI Processing)

• Purpose: Generate summaries of LinkedIn posts
• Data shared: The text content of LinkedIn posts you summarize
• Privacy Policy: https://openai.com/privacy
• Note: Post content is sent to OpenAI's API for processing. OpenAI may process this data according to their data usage policies.

3.4 Stripe (Payment Processing)

• Purpose: Process credit purchases
• Data shared: Your email address and payment information (handled directly by Stripe)
• Privacy Policy: https://stripe.com/privacy

We do not sell your personal information to third parties.

---

4. Data Retention

• Account data: Retained as long as your account is active
• Summaries and post content: Retained indefinitely for caching purposes
• Transaction records: Retained for legal and accounting purposes
• Credits balance: Retained as long as your account is active

You may request deletion of your data by contacting us (see Section 9).

---

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via OAuth 2.0
• Row-level security on database tables
• Secure API key management

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

---

6. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing of your data

To exercise these rights, contact us at the email provided in Section 9.

---

7. Children's Privacy

bref. is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information.

---

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.

---

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: flcarval.dev@gmail.com

---

10. Jurisdiction

This Privacy Policy is governed by the laws of France. For users in the European Union, we comply with the General Data Protection Regulation (GDPR).

---

bref. is an independent project and is not affiliated with LinkedIn Corporation. LinkedIn is a trademark of LinkedIn Corporation.