Privacy Policy

Effective: 1 March 2026 · Last updated: 30 March 2026

1. Who we are

Briefed Intelligence Pty Ltd (ABN: to be confirmed) is an Australian company based in Queensland. We build AI-powered intelligence briefings for hospitality venues. We pull data from your existing tools, turn it into clear operational intelligence, and deliver it to your inbox daily, weekly, monthly, and quarterly.

In this policy, "Briefed", "we", "us", and "our" refer to Briefed Intelligence Pty Ltd. "You" and "your" refer to you as a user of our website, free tools, or paid services.

This policy covers how we collect, hold, use, and disclose personal information in accordance with the Australian Privacy Act 1988 and the 13 Australian Privacy Principles (APPs). We are committed to handling your data responsibly and transparently.

2. What we collect

We collect the following types of information depending on how you interact with Briefed:

Information you give us directly:

Contact details - your name, email address, phone number, venue name, venue type, and location when you sign up, use a free tool, or get in touch.
Free tool submissions - data you enter into our calculators, intelligence score tools, or audit request forms.
Payment information - processed securely by Stripe. We do not store your credit card details on our servers.

Information from your connected platforms (with your authorisation):

POS data via Square - orders, payments, line items, tips, discounts, timestamps, team member names, roles, and shifts. This also includes hashed card fingerprint data that Square generates for identifying repeat customers. We never receive or store actual card numbers.
Rostering data via Tanda - employee names, departments, shift times, hours worked, and wage costs.
Accounting data via Xero - cost of goods sold, wages by category, and profit and loss data.
Booking data via NowBookIt - reservation dates, times, covers, and customer names.
Google Reviews - star ratings, review text, and author display names from your Google Business Profile.
Social media metrics via Meta - page performance, reach, engagement, and advertising data from your connected Facebook and Instagram accounts.
Email marketing metrics via Brevo - open rates, click rates, and campaign performance from your connected email marketing account.
End-of-trade submissions via Notion - manager scores, shift notes, and operational observations submitted by your team.

Information we collect automatically:

Website analytics via Google Analytics 4 - anonymised browsing data including pages visited, time on site, and referral source. This does not identify you personally.
Weather data via Open-Meteo - historical and forecast weather data keyed by your venue's general location. This contains no personal information.

3. How we use your information

We use the information we collect to:

Generate your intelligence briefings - daily, weekly, monthly, quarterly, and annual briefings tailored to your venue's data.
Provide AI-powered coaching and recommendations - personalised operational guidance based on your venue's patterns and performance.
Detect patterns and predict trends - identifying anomalies, seasonal patterns, and operational risks in your data.
Create anonymised benchmarks - aggregated, de-identified data used to provide industry comparisons. Your venue is never identifiable in benchmarks. Venue IDs are stripped before any cross-venue analysis.
Improve our intelligence algorithms - making our coaching, recommendations, and predictions more accurate over time.
Communicate with you about your service - subscription updates, feature announcements, and support responses.
Measure marketing effectiveness - understanding how people find and use our website and tools.

We do not sell your data. We do not share your raw financial data, venue performance data, or personal information with any third party for their own marketing or commercial purposes.

4. AI processing

Briefed uses artificial intelligence to generate the coaching narratives, recommendations, and written analysis in your briefings. Here is how that works:

We use Anthropic's Claude API to generate intelligence narratives. Anthropic is based in the United States.
Only computed intelligence variables and summaries are sent to the AI. We do not send raw transaction data or complete employee records. The AI receives pre-processed numbers, percentages, and context - not your full dataset.
AI processing is used for report generation only. It is not used for automated decision-making that directly affects individuals (such as hiring, firing, or credit decisions).
Data sent to the AI is transient. Under Anthropic's API data policy, inputs and outputs are not stored or used to train their models.
AI-generated content in your briefings should be treated as operational intelligence to support your decisions. It is not professional financial, legal, or employment advice.

By December 2026, we will enhance our automated decision-making disclosures in line with upcoming Australian legislation on AI transparency.

5. Who we share data with

We work with the following third-party services to operate Briefed. Each has a specific, limited purpose:

Anthropic (Claude API) - United States. AI narrative generation for briefings.
Supabase - United States. Database hosting, authentication token storage, and web-based report viewer.
Stripe - United States. Payment processing for subscriptions.
Vercel - United States. Hosting for the Briefed customer portal.
Google (Gmail, GA4) - United States. Email delivery of briefings and anonymised website analytics.
Brevo (formerly Sendinblue) - European Union (France). Email marketing communications.
Square - United States. POS data source (connected by you).
Xero - Australia / New Zealand. Accounting data source (connected by you).
Tanda - Australia. Rostering data source (connected by you).
NowBookIt - Australia. Booking data source (connected by you).
Open-Meteo - Open source. Weather data. No personal information is shared.
DataForSEO - United States. Search and SEO intelligence.
Meta - United States. Advertising measurement and social media metrics.

6. Cross-border data transfers

Under Australian Privacy Principle 8, we are required to tell you when your personal information is transferred overseas and take reasonable steps to ensure overseas recipients handle it consistently with the APPs.

Personal information processed by Briefed is transferred to:

United States - Anthropic, Supabase, Vercel, Square, Google, Stripe, DataForSEO, and Meta.
European Union (France) - Brevo.

The United States is not currently on Australia's list of countries with substantially similar privacy protections. We rely on contractual measures with our key sub-processors to ensure your data is handled to a standard consistent with the APPs. Where available, we use data processing agreements that include obligations around security, confidentiality, and data handling.

Data processed by Xero, Tanda, and NowBookIt remains primarily in Australia and New Zealand.

7. Employee and staff data

This section is important for venue operators and their staff.

Briefed receives and processes staff-related data from your venue's POS system, rostering platform, and end-of-trade submissions. This includes team member names, hours worked, shift times, wage costs, sales attributed to individuals, and performance observations.

We want to be clear about a legal distinction: the employee records exemption under section 7B(3) of the Privacy Act 1988 applies to employers only. It does not extend to third parties like Briefed. This means we independently hold personal information about your staff and we comply with all 13 Australian Privacy Principles for that data.

What this means in practice:

For venue operators: You are responsible for informing your staff that operational data will be shared with Briefed as part of your intelligence service. We recommend including this in your staff privacy notices or employment agreements.
For venue staff: You have the right to request access to any personal information Briefed holds about you. You can also request corrections if something is inaccurate. Contact us at hello@briefedhq.au with a request and we will respond within 30 days.

Staff data is used exclusively for generating venue intelligence briefings. We do not use staff data for purposes unrelated to the venue's subscription, and we do not contact staff members directly.

8. Cookies and tracking

Our website uses the following cookies and tracking technologies:

Google Analytics 4 - sets _ga and _ga_* cookies to measure website traffic and usage patterns. Data is anonymised and not linked to your identity.
Meta Pixel - sets the _fbp cookie to measure advertising effectiveness. Data is anonymised.
localStorage - used by our free tools to remember whether you have previously provided your email address. This data stays on your device and is not sent to our servers.

You can disable cookies in your browser settings. This will not affect your ability to use Briefed's core intelligence service, but may limit functionality on our marketing website.

9. Data security

We take the security of your data seriously:

Encryption at rest - OAuth tokens for your connected platforms are encrypted using AES-256-GCM before storage.
Encryption in transit - all data transfers between your platforms, our systems, and our sub-processors use TLS encryption.
Logical isolation - customer data is logically separated per venue. One venue's data is never accessible to another.
Access controls - access to customer data is limited to authorised team members on a need-to-know basis.
Regular reviews - we conduct regular security reviews of our infrastructure, dependencies, and access controls.
No credential storage - we never store your third-party login credentials. All platform connections use OAuth tokens that you can revoke at any time.

10. Notifiable data breaches

Briefed is subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988. If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
Notify affected individuals with details of the breach, what information was involved, and what steps we recommend they take.
Take reasonable steps to contain the breach and reduce potential harm.

11. Data retention

Active subscription - your data is retained for as long as your subscription is active and your integrations are connected.
Cancelled subscription - your data is retained for 90 days after cancellation to allow for reactivation. After 90 days, all venue data is permanently deleted.
Free tool submissions - contact details submitted through our free tools (calculators, audit requests, intelligence score) are retained for marketing purposes until you opt out.
Card fingerprint history - hashed card fingerprint data used for repeat customer rate analysis is retained while your subscription is active and deleted on cancellation.
Website analytics - anonymised analytics data is retained according to Google and Meta's standard retention periods.

12. Your rights under Australian Privacy Principles

Under the APPs, you have the following rights:

Access (APP 12) - you can request a copy of the personal information we hold about you.
Correction (APP 13) - you can ask us to correct any personal information that is inaccurate, out of date, incomplete, or misleading.
Opt out of marketing - you can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.
Revoke platform connections - you can disconnect any integrated platform (Square, Xero, Tanda, NowBookIt, Meta) at any time through the Briefed portal. This immediately stops new data from flowing to us.
Request deletion - you can request that we delete all personal information we hold about you, subject to any legal obligations we have to retain certain records.
Complain - you have the right to lodge a complaint with us or directly with the Office of the Australian Information Commissioner if you believe we have breached the APPs.

To exercise any of these rights, email us at hello@briefedhq.au. We will acknowledge your request within 7 days and respond substantively within 30 days.

13. Privacy tort

As of June 2025, Australia has a statutory tort for serious invasion of privacy. Briefed takes this seriously. We collect only the data necessary to provide our intelligence service, we do not use data for purposes unrelated to what you signed up for, and we do not disclose personal information in ways that could constitute an invasion of privacy.

14. Complaints

If you have a concern about how we have handled your personal information:

Step 1: Contact us at hello@briefedhq.au with the details of your complaint. We will acknowledge receipt within 7 days and aim to resolve it within 30 days.
Step 2: If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
GPO Box 5218, Sydney NSW 2001

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email before the changes take effect. The dates at the top of this page will always reflect the current version.

16. Contact us

If you have any questions about this Privacy Policy or how we handle your data:

Briefed Intelligence Pty Ltd
Gold Coast, Queensland, Australia
Email: hello@briefedhq.au
Web: briefedhq.au