Privacy Policy

Last updated: June 2, 2026

Briff (“we”, “the service”) is a developer-focused feed aggregator at briff.dev. This policy explains what we collect, why, and the choices you have. We keep data collection to the minimum the product needs.

Using Briff without an account

You can use Briff fully anonymously. Your interests, platform choices, bookmarks, feed tabs, custom RSS subscriptions, and show-more/show-less feedback are stored in your browser’s localStorage on your device. This data never leaves your device unless you sign in.

If you sign in

Sign-in is optional and handled by Supabase Auth via GitHub or Google OAuth. When you sign in we process:

Your email address and basic profile from the OAuth provider, used to identify your account.
Your preferences, bookmarks, feed tabs, custom RSS feeds, and feedback signals, synced to our database so they persist across devices.
An optional public profile (a handle and a public/private flag) only if you choose to publish your bookmark list at a public URL.

All account data is protected by row-level security so only you (and, for a bookmark list you explicitly mark public, anyone with the link) can read it.

Cookies

We only use a strictly-necessary cookie to keep your sign-in session active. We do not use advertising or cross-site tracking cookies. Our analytics (below) is cookieless, so Briff does not show a cookie-consent banner.

Analytics

We use a privacy-friendly, self-hosted analytics tool (Umami) to understand aggregate usage — page views and referrers. It does not use cookies, does not collect personal data, and does not track you across other websites. No individual profiles are built.

Third-party services we rely on

Supabase — authentication and database (your account data).
OpenAI— when you tap the AI summary button on an item, we send that item’s URL, title, and a short extract of the linked page to generate a summary.
Resend — sends the optional digest email to your account address if you enable it. Every digest includes a one-click unsubscribe link.
Sentry — error monitoring (only if enabled), to diagnose crashes.
Content sources — Hacker News, GitHub, DEV.to, Product Hunt, Lobsters, Medium, and any RSS feeds you add. We fetch public content and link out to the original source; we do not share your data with them.

Your rights

You can review and change your data anytime in Settings. You can delete your account and all associated data from Settings → Danger zone → Delete account; this permanently removes your preferences, bookmarks, profile, and feedback. Anonymous, device-only data can be cleared from Settings (Reset) or by clearing your browser storage. For any request, contact us below.

Data retention

Account data is kept until you delete your account. Cached feed content is short-lived (minutes). Feedback signals older than ~90 days carry effectively no weight and are capped.

Children

Briff is not directed to children under 13 and we do not knowingly collect their data.

Changes

We may update this policy; material changes will be reflected by the “last updated” date above.

Contact

Questions or data requests: [email protected].

If you sign in

Sign-in is optional and handled by Supabase Auth via GitHub or Google OAuth. When you sign in we process:

Your email address and basic profile from the OAuth provider, used to identify your account.

Your preferences, bookmarks, feed tabs, custom RSS feeds, and feedback signals, synced to our database so they persist across devices.

An optional public profile (a handle and a public/private flag) only if you choose to publish your bookmark list at a public URL.

All account data is protected by row-level security so only you (and, for a bookmark list you explicitly mark public, anyone with the link) can read it.

Third-party services we rely on

Supabase — authentication and database (your account data).

OpenAI— when you tap the AI summary button on an item, we send that item’s URL, title, and a short extract of the linked page to generate a summary.

Resend — sends the optional digest email to your account address if you enable it. Every digest includes a one-click unsubscribe link.

Sentry — error monitoring (only if enabled), to diagnose crashes.

Content sources — Hacker News, GitHub, DEV.to, Product Hunt, Lobsters, Medium, and any RSS feeds you add. We fetch public content and link out to the original source; we do not share your data with them.

Your rights