BriefBox LogoBriefBox AI
GDPR / DSGVO

Privacy Policy

How we protect your data according to GDPR

1. General Information

This privacy policy explains how BriefBox AI collects, processes, and protects your personal data when using our web dashboard and our Telegram bot.

2. Data Collection & Processing in Telegram

When you send a document to the BriefBox Telegram bot, we receive the file type, name, and size. We run a local PII (Personally Identifiable Information) Redactor on our servers before the text is sent to AI models, ensuring that your names, phone numbers, and home addresses are masked.

3. Storage and Hosting (Supabase & EU-Only)

Our database (Supabase) is hosted within the European Union (Frankfurt, Germany). Your archived letters and extracted metadata are encrypted at rest and in transit.

4. AI Processing (AWS Bedrock EU)

For document extraction and summarization, we use AWS Bedrock (Amazon Nova Lite model) in the Frankfurt region (eu-central-1). Our enterprise contract ensures that AWS does not use your document data to train or improve any AI models.

5. Your Rights under GDPR

Under the General Data Protection Regulation (GDPR), you have the right to access your stored data, export your documents, or request immediate deletion of your account and all associated documents from our databases.

6. Integration of Google Services (Google OAuth & Calendar)

We offer the option to link your Google account via Google OAuth. If you enable this integration, we request access to your Google Calendar (sensitive scope `https://www.googleapis.com/auth/calendar.events`) to create calendar events and payment reminders for your invoices and documents directly in your Google Calendar. We only read calendar data to display or manage events created by BriefBox, and we only write events that you explicitly request through our application or Telegram bot. Your Google user data is stored encrypted within the EU, is not shared with third parties, is not used for advertising, and is not used to train any AI models. Our use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.