Briefly Wealth LLC ("Brieflywealth," "we," "us," or "our") operates the Brieflywealth platform, a software-as-a-service application that helps financial advisors prepare for client meetings. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, application, and related services (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.
Quick take. Briefly does not sell or share Personal Information as those terms are defined under the California Consumer Privacy Act (Cal. Civ. Code § 1798.140(ad), (ah)). We do not engage in cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals from California, Colorado, Connecticut, and other states that recognize universal opt-out preference signals. The Service is intended for use by customers and end clients located in the United States.
Information We Collect
Account Information. When you create an account, we collect your name, email address, company or firm name, job title, and other registration details you provide.
Client Documents and Data. The Service allows you to upload, transmit, or otherwise provide documents and data related to your clients, including but not limited to financial statements, account summaries, portfolio data, email correspondence, meeting notes, and CRM records ("Client Data"). Client Data may contain nonpublic personal information ("NPI") as defined under the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.). You are responsible for ensuring you have the necessary rights, consents, and permissions to provide this Client Data to us for processing, including compliance with any applicable client agreements, advisory contracts, or regulatory obligations.
Usage Data. We automatically collect information about how you interact with the Service, including pages viewed, features used, session duration, browser type, operating system, device identifiers, IP address, and referring URLs.
Cookies and Tracking Technologies. We use cookies, pixels, and similar technologies to maintain sessions, remember preferences, and analyze usage patterns. You may control cookie settings through your browser, though some features of the Service may not function properly without them.
Communications. When you contact us for support, provide feedback, or otherwise communicate with us, we collect the contents of those communications along with any associated metadata.
Biometric Information. The Service does not collect, capture, or otherwise obtain biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.) ("BIPA"). We do not use facial recognition, voiceprint analysis, fingerprint scanning, or any other biometric technology in the operation of the Service.
Categories of Personal Information. The following table summarizes the categories of Personal Information we process, the sources, the purposes, and whether the category constitutes Sensitive Personal Information ("SPI") under the California Privacy Rights Act.
| Category | Examples | Source | Used For | SPI under CPRA? |
|---|---|---|---|---|
| Identifiers | Name, email, account ID | From Customer, end-client documents | Service delivery, support | No |
| Customer Records (Cal. Civ. Code § 1798.80(e)) | Contact info, address | From Customer documents | Service delivery | No |
| Commercial Information | Subscription plan, billing records | From Customer | Service delivery, billing | No |
| Internet / Network Activity | IP, device, browser, session logs | From your use of the Service | Security, support, debugging | No |
| Geolocation | Approximate (city / region from IP) | Derived | Security, fraud detection | No |
| Professional Information | Advisor employer, role, RIA firm CRD | From Customer | Service delivery | No |
| Inferences | Model-generated brief content from Client Data | Derived | Service delivery | No |
| Sensitive Personal Information | End-client financial account information, account values, holdings, transactions, beneficiary details | From Customer-uploaded documents | Service delivery only | Yes |
Sensitive Personal Information. Financial account information about your end clients constitutes Sensitive Personal Information under CCPA § 1798.140(ae)(2)(B). We use SPI only for the purposes permitted under § 1798.121(a) and the implementing regulations, namely to provide the Service the Customer requested. We do not use SPI to infer characteristics about a consumer.
How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service, including processing Client Data through artificial intelligence models to generate meeting preparation briefs and related outputs.
- To create and manage your account and authenticate your identity.
- To improve, personalize, and develop new features for the Service.
- To communicate with you, including sending service-related notices, updates, and promotional materials (with your consent where required by law).
- To monitor and analyze usage trends and the effectiveness of the Service.
- To detect, prevent, and address technical issues, fraud, and security concerns.
- To comply with legal obligations and enforce our agreements.
Artificial Intelligence Processing
How we use AI. Briefly uses third-party large language models to extract information from Customer-uploaded documents and to generate briefs, agendas, and follow-up notes. AI processing happens only on data the Customer has authority to provide.
No training on Client Data. We route Client Data only to AI sub-processors that contractually prohibit the use of inputs and outputs for training general-purpose models. As of the date above, our sole AI sub-processor is Anthropic, PBC, operating under its Commercial Terms (§ B.1). A current list of AI sub-processors is maintained at brieflywealth.com/subprocessors.
No automated decision-making about consumers. Outputs are decision-support materials only. Briefly does not make significant decisions about end consumers (as defined in CCPA Regs § 7200(a)) and does not engage in profiling that produces legal or similarly significant effects. The Customer (the RIA firm) remains the human decision-maker for all client recommendations.
How We Share Your Information
We share Personal Information only with sub-processors that perform Service functions on our behalf under written agreements requiring them to protect Personal Information consistent with this Policy. We do not sell or share Personal Information for cross-context behavioral advertising.
Sub-processors. We engage the following sub-processors to deliver the Service. We provide at least thirty (30) days' advance notice via the linked page before adding or replacing a sub-processor that processes Client Data. The current canonical list is at brieflywealth.com/subprocessors.
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting (compute, storage, database, Cognito authentication) | All Client Data, Account Information, Usage Data | United States (us-east-2, Ohio) |
| Anthropic, PBC | LLM inference for document extraction and brief generation | Client Data passed in prompts; Outputs | United States |
We may disclose Personal Information if required by law, court order, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud or respond to a government request.
Data Security
We implement commercially reasonable technical and organizational measures designed to protect the information we collect and store, consistent with the administrative, technical, and physical safeguards contemplated under 15 U.S.C. § 6801(b) of the Gramm-Leach-Bliley Act. These measures include encryption of data in transit and at rest, role-based access controls, regular security assessments, and audit logging.
Our information security program is informed by industry-recognized frameworks, including the SOC 2 Trust Services Criteria (security, availability, processing integrity, confidentiality, and privacy). We are actively working toward formal SOC 2 Type II certification and will update this Privacy Policy when that certification is obtained. In the interim, we apply commercially reasonable safeguards aligned with SOC 2 principles and evaluate our critical service providers based on their own security certifications and practices.
However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. In the event of a data breach involving your information, we will notify you in accordance with applicable state and federal data breach notification laws.
Incident notification. If we discover unauthorized access to or acquisition of Client Data, we will notify the affected customer (the RIA firm) without unreasonable delay and in no event later than seventy-two (72) hours after confirmation, providing sufficient detail to enable the customer to meet its own SEC Regulation S-P (17 CFR § 248.30) 30-day client-notification obligation. We will also comply with applicable state breach notification laws, including 815 ILCS 530/10 for Illinois residents and Cal. Civ. Code § 1798.82 for California residents.
Data Retention
We retain Personal Information according to the following schedule:
- Account information. Duration of account plus seven (7) years (SEC books-and-records analog).
- Client Data. Duration of Customer subscription plus a 30-day export window plus 90-day backup expiration; secure deletion within 30 days thereafter.
- AI prompt and output logs at AI sub-processors. 30 days at our AI sub-processor (Anthropic); no extended retention by Briefly.
- Usage and analytics data. 14 months (industry-standard default).
- Support communications. Three (3) years from last interaction.
- Backups. Rolling 90 days.
If a longer retention period is required by law, regulation, or legitimate business purpose (for example, defense of legal claims), we will retain the relevant data only as long as necessary for that purpose.
Your Rights and Choices
Your rights
Depending on your state of residence, you may have the following rights under applicable privacy law:
- Know / Access. Request confirmation of whether we process Personal Information about you and obtain a copy.
- Correct. Request correction of inaccurate Personal Information.
- Delete. Request deletion of Personal Information.
- Portability. Receive a copy of Personal Information in a portable, machine-readable format.
- Opt out of sale or sharing. Direct us not to sell or share Personal Information (we already do not).
- Limit the use of Sensitive Personal Information. Direct us to limit our use of SPI to permitted purposes (we already do).
- Opt out of profiling. Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (we do not engage in such profiling).
- Non-discrimination. We will not discriminate against you for exercising any of these rights.
How to submit a request
Submit requests to contact@brieflywealth.com. We will acknowledge within ten (10) business days and respond within forty-five (45) calendar days, extendable once by an additional forty-five (45) days with written notice. We verify requests by matching the account email plus one additional identifier. If we deny your request, you may appeal by replying to our denial. We will respond to appeals within sixty (60) days. Authorized agents may submit requests on your behalf with written authorization. We will contact you to verify the agent's authority.
Service-provider routing. Where Briefly processes Client Data on behalf of an RIA Customer, we will route end-client requests to the Customer (the controller) within ten (10) business days, and the Customer is responsible for substantive response.
Illinois-Specific Disclosures
For users and clients located in Illinois, we provide the following additional disclosures:
Biometric Information. As stated in Section 1, the Service does not collect biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.). If this practice changes in the future, we will update this Privacy Policy and obtain all required consents before any collection of biometric data occurs.
Personal Information Protection. We comply with the Illinois Personal Information Protection Act (815 ILCS 530/1 et seq.) with respect to notification obligations in the event of a data breach involving personal information of Illinois residents.
Third-Party Links and Services
The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
Changes to This Privacy Policy
For material changes to this Policy, we will provide at least thirty (30) days' advance notice via email to account administrators and through the Service before the change takes effect. Non-material changes will be reflected by updating the "Last updated" date at the top of this Policy. Continued use of the Service after a material change becomes effective constitutes acceptance of the updated Policy.
Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: