Security & Privacy

How we protect your data.

We treat your Gmail, calendar, tasks, and Notion workspace with minimal access, clear boundaries, and strong protection.

Minimal Access by Design

BRIEFLINE answers "What matters today?" by deliberately limiting what we read.

  • Gmail: Metadata only (Sender, Subject, Time).
  • Calendar: Event titles & times.

We do not read email bodies or attachments.

Secure OAuth, No Passwords

We never see your Google or Notion passwords. Connections are handled via official OAuth flows.

Official Google OAuth Read-only scopes Revocable anytime

Data Handling & Storage

We aim to store the minimum necessary metadata to build your briefing.

  • We do not store email bodies.
  • Tokens are only used to refresh data for upcoming briefings.

Your Control, Always

You stay in charge of what BRIEFLINE sees.

  • Disconnect integrations instantly.
  • Delete your account to wipe all data.

Engineering Practices

Even at the MVP stage, we adhere to strict engineering standards.

  • HTTPS enforced for all traffic.
  • Secrets stored securely, never hard-coded.
  • Principle of least privilege access.
  • Active monitoring for suspicious patterns.

Transparency & Support

Trust is earned. If something is unclear, we want to hear from you.

For security questions or to report a potential vulnerability, please email us at security@briefline.app.