Privacy Policy

Last modified: October 21, 2025

For the used terminology we refer to our Terms and Conditions (“Terms”).

Your privacy is important to us. We respect your rights to privacy and comply to the EU GDPR data protection and privacy law. At BriefBuilder, the board of directors is ultimately responsible for safeguarding personal data. In this Privacy Policy, you will find a description of how we handle your personal data.

Applicability

This privacy policy is applicable to the following:

  • Our customers and the users they give access to the BriefBuilder application
  • Our customers and their personnel taking part in BriefBuilder courses
  • Visitors of our websites (briefbuilder.com and support.briefbuilder.com)

Next, we will give an overview of the personal data that is collected and how it is protected.

Customer contact(s)

  • We collect the name, phone number and e-mail address of contact(s) supplied by you as part of the agreement with us for the purpose of contacting customers and invoicing.
  • We store invoicing information for seven years – in accordance with the legal obligations of the Dutch tax authorities.

Users

  • When registered as a user in the BriefBuilder application, we store your name, email address and a salted-hashed version of your password. This information is necessary for user management (e.g. (re)activating user accounts, authenticating with the application) and for you to be able to collaborate with other users.
  • When using the application, your user identification, IP-address, type of browser and operating system and the customer information you access is logged for the purpose of security auditing and incident analysis & detection. This information will be stored for two years.
  • The application will store cookies on your device to identify an ongoing user session (strictly necessary) and to store your configuration settings in the application (non-personal data, e.g. view settings and selections)
  • User information is stored as long as the BriefBuilder environment(s) the user belongs to remains active. After the subscription(s) for the environment(s) have ended, the user information is deleted after 1 month and will also be removed from all backups after 2 months.
  • Users may request customers to remove their accounts and anonymize them based on their GDPR rights.
  • When contacting us at support@briefbuilder.com, we will record you email and email-address to provide you with support. This email will be removed after 1 month.
  • The personal data that is being processed by us, is stored at the Google Cloud Platform in datacentres in the EU. Automated emails sent by the application to your email address are sent through Sinch MailGun in EU datacentres. Both are subject to the EU GDPR law.

Course participants

  • When participating in a BriefBuilder course, we record your name, e-mail address and a salted-hashed password on our learning platform for the purpose of offering you the course and being able to contact you for providing guidance.
  • This information is stored for up to 6 months after the start of the course. It may be stored longer based on your explicit request and consent.

Website visitors

  • When visiting our website at briefbuilder.com or our knowledge base at support.briefbuilder.com, we may place cookies, but only if you have given your explicit consent for this. These cookies are being used to analyse visitor data, improve our websites, show personalised content, and to give you a pleasant website experience.
  • To see all cookies that may be recorded, by which party they are processed, and for how long they are stored, based on your consent, and to change or revoke that consent please visit:
  • When visiting our websites, logs are recorded of each page/resource your IP accesses. These logs are kept for 14 days.

Security measures

  • We are ISO/IEC 27001:2022 certified with the goal to protect our customers’ data and their users’ personal data.
  • To prevent unauthorized access and safeguard your personal information, we have implemented a large number of security controls including, but not limited to: access control, multi-factor authentication, encryption, data minimization and employee security awareness.

Your rights

  • You may exercise your rights given to you by the EU GDPR law including but not limited to, your right of access, rectification, restriction of processing, right to object and right to erasure. If you wish to exercise any of these rights, contact us at: support@briefbuilder.com.

Complaints

  • If you have any complaints about the way we have handled your personal data, you can submit a complaint to the Dutch Data Protection Authority, which can be done via the following website: autoriteitpersoonsgegevens.nl

Changes

  • If we change our Privacy Policy, we will post those changes on this page.
  • Customers will be notified of any changes with two months’ notice. This is done via email.

Questions

  • If you have questions about our Privacy Policy, please send an e-mail to info@briefbuilder.com