Log inStart for free

Privacy Policy

Last updated: June 12, 2026

1. Scope

This Privacy Policy explains how Brift ("we", "us") processes personal data when you use our website, onboarding, dashboard, and embedded sales agent widget (the "Service"). It applies to account holders, website visitors interacting with a Brift-powered agent, and administrators configuring the Service.

2. Data we collect

Depending on how you use Brift, we may process:

  • Account data: name, email, organization, billing identifiers, authentication logs.
  • Configuration data: website URL, branding, agent settings, knowledge base materials you upload.
  • Conversation data: messages exchanged with the agent, captured lead fields, objections, and session metadata.
  • Technical data: IP address, device/browser type, timestamps, cookies, and security logs.
  • Payment data: processed by our payment provider; we do not store full card numbers.

3. Purposes and legal bases

We process data to:

  • Provide, secure, and maintain the Service (contract performance).
  • Authenticate users, prevent fraud, and enforce our Terms (legitimate interests / legal obligation).
  • Bill subscriptions and manage accounts (contract / legal obligation).
  • Improve reliability and product quality using aggregated analytics (legitimate interests).
  • Comply with applicable law and respond to lawful requests (legal obligation).

4. AI processing

Conversation content may be processed by AI models to generate responses on your behalf. We do not use your conversation data to train public foundation models. Processing is limited to delivering the Service under your instructions as account holder.

5. Sharing and processors

We share data with trusted subprocessors that help us operate the Service (hosting, payments, email, analytics, AI inference) under contractual safeguards. We do not sell personal data. We may disclose information if required by law or to protect rights, safety, and security.

6. International transfers

If data is transferred outside the European Economic Area, we implement appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms recognized under applicable law.

7. Retention

We retain personal data for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and your account settings. You may request deletion subject to legal exceptions.

8. Your rights

Where GDPR or similar laws apply, you may have the right to access, rectify, erase, restrict, or object to certain processing, and to data portability. You may also lodge a complaint with your supervisory authority. Rights can be exercised through your account settings or by written request where available in the product.

9. Security

We implement technical and organizational measures designed to protect personal data, including access controls, encryption in transit, monitoring, and least-privilege practices. No method of transmission or storage is completely secure.

10. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

12. Changes

We may update this Policy. Material changes will be communicated through the Service or by reasonable notice. The "Last updated" date reflects the latest revision.