FlashBrief Back to Home

Privacy Policy

Last updated: January 26, 2026

1. Introduction

FlashBrief ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personalized audio news briefing service at flashbrief.app (the "Service").

This policy is designed to comply with the European Union General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

By using FlashBrief, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Data Controller

The data controller responsible for your personal information is:

Fluency Learning Apps LLC

1910 Thomes Ave.

Cheyenne, WY 82001

USA

Email: privacy@flashbrief.app

General inquiries: hello@flashbrief.app

For the purposes of data protection law, we are the "controller" of the personal information we process, meaning we determine the purposes and means of processing your personal data.

3. Information We Collect

3.1 Information You Provide Directly

Data Type Examples Purpose
Account Information Email address, first name, last name To create and manage your account
Preferences News topics, preferred voice, delivery time, timezone To personalize your audio briefings
Payment Information Processed by Stripe (we do not store card details) To process subscription payments
Communications Emails, support requests To respond to your inquiries

3.2 Information Collected Automatically

Data Type Examples Purpose
Usage Data Episode generation times, features used To improve our Service
Device Information Browser type, operating system To ensure compatibility
Log Data IP addresses, access times, pages viewed For security and debugging

3.3 Information from Third Parties

We may receive information about you from third-party services you connect to FlashBrief, such as authentication providers.

4. Legal Basis for Processing (GDPR Article 6)

Under GDPR, we must have a valid legal basis to process your personal data. We rely on the following bases:

4.1 Performance of Contract (Article 6(1)(b))

We process the following data because it is necessary to fulfill our contract with you (providing the FlashBrief service):

  • Account information (to create and manage your account)
  • Preferences (to generate personalized briefings)
  • Payment information (to process subscriptions)

4.2 Legitimate Interests (Article 6(1)(f))

We process the following data based on our legitimate interests, balanced against your rights:

Processing Activity Legitimate Interest
Usage analytics Improving our Service and user experience
Security logging Protecting our Service and users from fraud and abuse
Customer support records Providing effective support

You have the right to object to processing based on legitimate interests (see Section 8).

4.3 Consent (Article 6(1)(a))

We rely on your consent for:

  • Marketing communications: Promotional emails about new features (you can opt out at any time)
  • Episode transcript emails: Optional email delivery of episode content

You may withdraw consent at any time by updating your preferences in the dashboard or contacting us at privacy@flashbrief.app. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

4.4 Legal Obligation (Article 6(1)(c))

We may process data to comply with legal obligations, such as:

  • Tax and accounting requirements for payment records
  • Responding to valid legal requests from authorities

5. How We Use Your Information

We use the information we collect to:

  • Generate and deliver personalized audio news briefings based on your preferences
  • Send episode notifications and transcripts via email (when enabled)
  • Process subscription payments and manage your account
  • Provide customer support and respond to your inquiries
  • Improve our Service, including content quality and user experience
  • Send important service announcements (e.g., changes to terms, security alerts)
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

We will not use your personal data for purposes incompatible with those listed above without notifying you and, where required, obtaining your consent.

6. Third-Party Processors (Sub-processors)

We share your data with the following third-party service providers who process data on our behalf. Each processor is contractually bound to protect your data and process it only as we instruct.

6.1 Infrastructure and Hosting

Amazon Web Services (AWS)

  • Location: United States (us-east-1 region)
  • Purpose: Cloud infrastructure, data storage, user authentication (Cognito), email delivery (SES)
  • Data processed: All account and usage data
  • Transfer mechanism: EU-US Data Privacy Framework, Standard Contractual Clauses
AWS Privacy Policy →

6.2 Payment Processing

Stripe, Inc.

  • Location: United States
  • Purpose: Subscription payment processing
  • Data processed: Payment card details (we do not store these), billing address, transaction history
  • Transfer mechanism: EU-US Data Privacy Framework, Standard Contractual Clauses
  • Note: Stripe is PCI-DSS Level 1 certified
Stripe Privacy Policy →

6.3 AI Content Generation

OpenAI, LLC

  • Location: United States
  • Purpose: Text-to-speech audio generation
  • Data processed: Episode scripts (do not contain personal data)
  • Transfer mechanism: Standard Contractual Clauses
  • Data retention: OpenAI API does not retain data for training per their API terms
OpenAI Privacy Policy →

Anthropic, PBC

  • Location: United States
  • Purpose: AI script generation using Claude
  • Data processed: News content for briefing creation (does not contain personal data)
  • Transfer mechanism: Standard Contractual Clauses
Anthropic Privacy Policy →

Perplexity AI, Inc.

  • Location: United States
  • Purpose: News search and aggregation
  • Data processed: Your topic preferences (not directly identifying)
  • Transfer mechanism: Standard Contractual Clauses
Perplexity Privacy Policy →

6.4 Processor List Updates

We may update our list of processors from time to time. Material changes will be reflected in this policy with an updated date.

7. International Data Transfers

FlashBrief is operated from the United States, and our primary data storage is on servers located in the United States (AWS us-east-1 region).

7.1 Transfer Mechanisms for EU/UK Data

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we use the following safeguards:

  1. EU-US Data Privacy Framework: Where our processors are certified under the DPF (e.g., AWS, Stripe)
  2. Standard Contractual Clauses (SCCs): We enter into EU Commission-approved SCCs with processors not covered by adequacy decisions or the DPF
  3. Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure adequate protection

7.2 Your Rights Regarding Transfers

You have the right to request information about the safeguards we have in place for international transfers. Contact privacy@flashbrief.app for details.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights. We will respond to valid requests within one month.

8.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to:

  • The categories of data we process
  • The purposes of processing
  • Recipients of your data
  • Retention periods
  • Your rights regarding the data

To exercise: Email privacy@flashbrief.app with subject "Data Access Request"

8.2 Right to Rectification (Article 16)

You have the right to correct inaccurate personal data and to complete incomplete data.

To exercise: Update your information in the dashboard, or email privacy@flashbrief.app

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

Exceptions: We may retain data where required by law (e.g., tax records) or for legal claims.

To exercise: Email privacy@flashbrief.app with subject "Deletion Request"

8.4 Right to Restrict Processing (Article 18)

You have the right to restrict processing (meaning we store but don't use your data) when:

  • You contest the accuracy of the data (during verification)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (pending verification)

To exercise: Email privacy@flashbrief.app with subject "Restriction Request"

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and to transmit it to another controller.

This applies to data you provided to us and that we process by automated means based on consent or contract.

To exercise: Email privacy@flashbrief.app with subject "Data Portability Request"

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests (Section 4.2). We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

You have an absolute right to object to processing for direct marketing purposes.

To exercise: Email privacy@flashbrief.app with subject "Objection to Processing"

8.7 Rights Related to Automated Decision-Making (Article 22)

FlashBrief uses AI to generate personalized news briefings. This processing:

  • Does not produce legal effects or similarly significant effects on you
  • Is necessary for our contract with you (providing personalized content)
  • Is based on your explicit preferences

You have the right to request human review of any automated decisions that significantly affect you.

8.8 Right to Withdraw Consent

Where we process data based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise: Update your preferences in the dashboard or email privacy@flashbrief.app

9. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority.

For EU Residents

You may complain to the supervisory authority in your EU member state of residence, place of work, or where the alleged infringement occurred.

List of EU supervisory authorities →

For UK Residents

Information Commissioner's Office (ICO)

Website: ico.org.uk/make-a-complaint

Phone: 0303 123 1113

For Other Jurisdictions

Contact your local data protection authority.

We encourage you to contact us first at privacy@flashbrief.app so we can attempt to resolve your concern directly.

10. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law.

Data Type Retention Period Reason
Account data Duration of account + 90 days Service provision, account recovery
Episode audio files 30 days from generation Service delivery, storage optimization
Episode transcripts 30 days from generation Service delivery
Payment records 7 years Legal requirement (tax/accounting)
Usage logs 90 days Security, debugging
Support communications 2 years Quality assurance, dispute resolution

After the retention period, data is securely deleted or anonymized.

Data After Account Deletion

When you delete your account:

  • Account data is deleted within 90 days
  • Audio files and transcripts are deleted immediately
  • Payment records are retained as required by law (anonymized where possible)
  • Backup copies are purged within 30 days of deletion from primary systems

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Measures

  • Encryption in transit: All data transmitted using TLS 1.2+
  • Encryption at rest: Database encryption using AES-256
  • Secure authentication: AWS Cognito with secure password policies
  • Access controls: Principle of least privilege for system access
  • Regular updates: Security patches applied promptly

Organizational Measures

  • Access to personal data limited to personnel who need it
  • Confidentiality obligations for anyone accessing data
  • Regular security assessments
  • Incident response procedures

Security Incident Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  1. Notify the relevant supervisory authority within 72 hours
  2. Notify you without undue delay if the breach is likely to result in high risk to you

12. Cookies and Tracking Technologies

12.1 Cookies We Use

FlashBrief uses the following cookies:

Cookie Name Type Purpose Duration
Session cookies Strictly necessary Maintain login state Session
Cognito auth Strictly necessary Authentication tokens 1 hour

12.2 What We Do NOT Use

We do not use:

  • Third-party advertising cookies
  • Cross-site tracking
  • Social media tracking pixels

12.3 Your Cookie Choices

Strictly necessary cookies cannot be disabled as they are essential for the Service to function. You can configure your browser to block cookies, but this may prevent you from using FlashBrief.

13. Children's Privacy

FlashBrief is not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@flashbrief.app. We will delete such information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How We Notify You

  • Minor changes: Updated policy posted with new "Last updated" date
  • Material changes: Email notification to your registered address at least 14 days before changes take effect

Your Continued Use

Your continued use of FlashBrief after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you may delete your account before they take effect.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

Data Protection Inquiries

Email: privacy@flashbrief.app

General Inquiries

Email: hello@flashbrief.app

Postal Address

Fluency Learning Apps LLC

1910 Thomes Ave.

Cheyenne, WY 82001

USA

We aim to respond to all inquiries within 30 days. For data subject requests under GDPR, we will respond within one month as required by law.

Summary of Your Key Rights

Right What It Means How to Exercise
Access Get a copy of your data Email privacy@flashbrief.app
Rectification Correct inaccurate data Dashboard or email
Erasure Delete your data Email privacy@flashbrief.app
Restrict Limit how we use your data Email privacy@flashbrief.app
Portability Get your data in machine-readable format Email privacy@flashbrief.app
Object Stop processing based on legitimate interests Email privacy@flashbrief.app
Withdraw consent Revoke previously given consent Dashboard or email
Complain Lodge complaint with supervisory authority See Section 9

This Privacy Policy was last updated on January 26, 2026.