Skip to main content
CmdBriefBeta
ProductFeaturesUse casesGuidesAbout
Request beta access
Back to Home
Privacy & data use

Privacy Policy: How We Protect Your Data

Learn how CmdBrief collects, uses, and protects your personal data. GDPR and CCPA compliant privacy practices.

Last updated July 2026Sections 10
Structured for quick review

The legal copy stays intact.

Use the contents panel to jump between sections and review the full document inside the CmdBrief landing shell.

UpdatedJuly 2026
Contact[email protected]
Contents

1. Introduction

CmdBrief ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit cmdbrief.com.

2. Data Controller

For GDPR purposes, the data controller is:

CmdBrief
Email: [email protected]

3. Information We Collect

Personal Data You Provide

  • Beta Waitlist: Email, optional name, role, current tools, workflow notes, platform, source, beta contact consent, optional product update consent, and invite status
  • Consent Records: Cookie preference choices, consent version, timestamp, browser GPC status, and a local consent identifier
  • Account and Invite Data: Email, device identifier and label, account and subscription status, invite campaign delivery and redemption records, and security records such as hashed authentication tokens
  • Billing and Payment-Risk Data: Stripe customer, subscription, Price, Charge, dispute, and event identifiers; subscription status and renewal time; fraud-warning, refund, dispute reason and outcome codes; Terms version; and security timestamps. CmdBrief does not receive or store full card numbers or card security codes.

Automatically Collected Information

  • Usage Data: Page views, content groups, form starts, clicks, referrers, and similar site events when analytics consent is enabled
  • IP Address: Processed by analytics providers with IP anonymization or privacy-preserving settings where available

4. How We Use Your Information

PurposeLegal Basis (GDPR)
Managing CmdBrief private beta access, invite prioritization, install instructions, and beta contact requestsConsent (Art. 6(1)(a))
Creating and securing invited accounts, authenticating devices, and providing subscription accessContract performance and legitimate interest in service security (Art. 6(1)(b), Art. 6(1)(f))
Processing recurring payments, calculating tax, preventing fraud, reviewing refunds or disputes, suspending access during payment review, and maintaining financial evidenceContract performance, legal obligation, and legitimate interests in fraud prevention and legal claims (Art. 6(1)(b), Art. 6(1)(c), Art. 6(1)(f))
Sending optional product updates when you separately opt inConsent (Art. 6(1)(a))
Recording cookie and privacy choices, including GPC statusLegal obligation and legitimate interest (Art. 6(1)(c), Art. 6(1)(f))
Analyzing site usage through Google Analytics and PostHog after analytics consentConsent (Art. 6(1)(a))

5. Data Sharing

We do not sell your personal data or share it for cross-context behavioral advertising.

We may share limited data with service providers who operate the site, beta waitlist, account email delivery, billing, consent records, and analytics, including ZeptoMail, Stripe, Google Analytics, and PostHog EU Cloud.

Stripe receives account and transaction identifiers needed for hosted Checkout, recurring billing, tax calculation, receipts, fraud screening, refunds, and disputes. Authorized hosting, security, legal, accounting, and support providers may receive the minimum records needed for those purposes.

When you start Voice Agent, the selected provider (OpenAI Realtime or xAI Grok) processes the live conversation and the scoped context you approve. Language availability and accuracy vary by provider; each provider requires your API key and bills usage separately.

GPC disables analytics and marketing preferences. We maintain a subprocessors list; contact [email protected] for the latest version.

6. International Transfers

Your information may be transferred to countries outside your residence when service providers process data. PostHog is configured for EU Cloud, while providers such as Google Analytics may process data internationally under safeguards including Standard Contractual Clauses (SCCs).

7. Data Retention

Data TypeRetention Period
Private beta waitlist and beta contact consentUntil the beta program ends, you opt out, or deletion is requested
Account, device, invite redemption, and subscription recordsWhile the account is active and afterward only as needed for security, legal, and accounting obligations
Raw Stripe webhook payloads used for short-term security investigationUp to 180 days, then redacted while compact event identifiers remain for replay protection
Compact fraud-warning, refund, and dispute records24 months, subject to any longer period required for legal claims
Invoices, tax, payment, and accounting recordsFor the statutory period required by applicable financial and tax law
One-time authentication codesShort-lived and routinely deleted after use, lockout, or expiry
Optional product update consentUntil you opt out or deletion is requested
Analytics dataUp to 26 months
Consent records3 years

8. Your Rights (GDPR)

Access

Request a copy of your personal data

Rectification

Correct inaccurate data

Erasure

Request deletion of your data

Portability

Receive data in machine-readable format

Object

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent at any time

To exercise these rights, contact us at [email protected]

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including HTTPS encryption, regular security assessments, and access controls.

CmdBrief does not collect terminal content, prompts, repository contents, or detailed native-product usage telemetry as billing or dispute evidence. We rely on Stripe purchase records plus existing account, device, authentication, and security timestamps. Website analytics remain consent-controlled as described above.

10. Contact Us

For privacy-related inquiries:

Email: [email protected]
Keep reading

Related legal pages

Cookie PolicyTerms of ServiceDo Not Sell My Info
Questions

If you need clarification about this page, contact [email protected].

CmdBrief
Founder workspace for multiple products

Join the private beta for a native Mac workspace that keeps products, agents, tasks, terminals, files, and browser context organized.

Request private beta access

Product

  • Product
  • Features
  • Use cases
  • Guides
  • Join Beta

Company

  • About
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Manage Cookies
  • Do Not Sell My Info
© 2026 CmdBrief. All rights reserved.
We value your privacy

We use cookies to analyze site usage and improve your experience.

Learn more about our cookies

Essential cookies are always active