Legal

Privacy Policy

Last updated: April 28, 2026

This is a starting template. Pactx, Inc. recommends having legal counsel review and customize this policy before relying on it for compliance with GDPR, UK GDPR, CCPA, or other applicable laws. California residents can also see our CCPA Notice for rights specific to that jurisdiction.

Edgebrief is a product of Pactx, Inc. ("Edgebrief", "we", "us"). This policy explains what personal information we collect when you use our weekly competitive intelligence service, how we use it, who we share it with, and the choices you have.

1. Information we collect

We collect only what we need to deliver the weekly brief:

Account information:your email address (for authentication and brief delivery) and your billing details (handled and stored by Stripe; we never see your full card number).
Brand setup:the brand domain you provide, the competitor domains you choose to track, and the keywords you enter at signup or edit later in Settings.
Competitive ad data:public Google search results we capture each week for your tracked keywords and competitor brand names. This is data Google itself shows to anyone running those same searches; it does not include any private information.
Usage signals:server logs (IP address, browser user-agent, page paths), email open and click events from Resend, and subscription state from Stripe. We use these for billing, deliverability troubleshooting, and abuse prevention.

We do not collect: location data, biometrics, or anything from third-party data brokers.

2. How we use information

To deliver your weekly brief by email and to power any future Settings page edits.
To process your subscription and prevent fraud (handled by Stripe).
To improve the brief itself, for example, comparing token usage and brief quality across versions.
To respond when you reply to a brief or contact support.
To comply with legal obligations and enforce our Terms.

We do not sell or rent your personal information. We do not use your competitive setup data to train AI models for any third party.

3. Service providers we use

We rely on a small number of vendors to operate Edgebrief. Each receives only the information needed for its role:

Stripe (payments) : handles your card details, billing history, and tax. Stripe is the payment processor of record.
Supabase (database + authentication) : stores your account, brand setup, and brief history in the United States.
Resend (transactional email) : delivers your weekly brief and welcome email.
An AI inference provider generates the natural-language brief from the captured ad data. Inputs are processed ephemerally for the sole purpose of producing your brief. We do not send any private or customer data to this provider; only the public ad data we captured for your tracked keywords and brand-name searches, plus the names of the competitors you have chosen to track. We do not authorize the provider to retain your data for model training. The specific vendor we use is named in our California Privacy Notice and is available on request to privacy@edgebrief.io.
Vercel (web hosting) : serves the marketing site, signup, login, and Settings pages.
Railway (worker hosting) : runs the weekly automation that produces and delivers each brief.
Sentry (error monitoring) : if our software crashes, a stack trace plus the request URL is sent to Sentry so we can fix the bug. We do not send your competitive setup, brief content, or billing information to Sentry. Personally identifying information is suppressed by default.

4. How long we keep data

Account + brand setup: while your subscription is active, plus 90 days after cancellation.
Past briefs: kept indefinitely so you can refer back, unless you request deletion.
Server logs: 90 days.
Email delivery records (Resend): per Resend's retention defaults.
Billing records (Stripe): as required by tax and accounting law (typically seven years).

5. Your rights

Depending on your location, you have some or all of the following rights:

Access:request a copy of the data we hold about you.
Correction:fix anything inaccurate (you can edit competitors and keywords yourself in Settings).
Deletion:ask us to delete your account and personal data.
Portability:request your past briefs and setup in a portable format.
Withdraw consent:unsubscribe and cancel at any time.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@edgebrief.io from the address on your account. We will respond within 30 days.

6. Cookies and tracking

We use only strictly necessary cookies. On edgebrief.io we set a single cookie family for your authenticated session (issued by Supabase), so you stay logged in between page loads. That cookie expires when you log out or when its session lifetime ends.

Our error-monitoring vendor (Sentry) uses sessionStorage in your browser to record short-lived diagnostic breadcrumbs if a page errors. This is not a cookie and is not transmitted to ad networks; it helps us reproduce and fix bugs.

When you go through checkout, Stripe sets its own cookies on stripe.com to operate its payment flow. Those cookies are governed by Stripe's privacy policy and never reach our servers. Once you complete or close checkout, you return to edgebrief.io with no Stripe cookies on our domain.

We do not use advertising cookies, cross-site tracking pixels, third-party analytics, fingerprinting, or session recording. Because all cookies we set are strictly necessary, no consent banner is required under GDPR / ePrivacy. If we ever add non-essential tracking, we will publish a banner and update this section before anything is set.

You can clear cookies at any time from your browser settings; doing so will sign you out of Edgebrief but will not affect your account or subscription.

7. International data transfers

Edgebrief is operated from the United States. If you access the service from outside the US, your information is transferred to and processed in the US. We rely on standard contractual clauses with our service providers where applicable.

8. Security

We use industry-standard encryption in transit (TLS) and at rest, role- based access for our database, and least-privilege keys for every third- party integration. No system is perfectly secure; we will notify you without undue delay if we detect a breach affecting your data.

9. Children

Edgebrief is for businesses. We do not knowingly collect personal information from anyone under 18. If you believe a minor has used our service, contact us and we will remove the data.

10. Changes to this policy

We will update this policy when our practices change. The "last updated" date at the top reflects the most recent revision. Material changes will be communicated by email at least 14 days before they take effect.

11. Contact

Pactx, Inc. d/b/a Edgebrief
privacy@edgebrief.io