1. Information We Collect

1.1 Email Addresses

When you subscribe to The AI Brief newsletter, we collect your email address to send you our daily digest.

1.2 Usage Analytics

We may collect anonymous usage data including:

• Website page views and navigation patterns
• Email open rates and click-through rates
• Device and browser information
• Geographic location (country/region level only)

1.3 Information We Don't Collect

We do not collect:

• Personal names or demographic information
• Credit card or payment information
• Social media profiles or personal data
• Browsing history outside our website

1.4 GDPR Request Intake (Email)

We accept GDPR requests by email at theaibrief.pro@gmail.com. When you email us a GDPR request, our systems collect only what is necessary to fulfill your request:

• Your email address (stored encrypted at rest) and a non-reversible hash for internal matching
• The request type (e.g., ACCESS, DELETE, PORTABILITY, RECTIFY, OBJECT, RESTRICT)
• A short reason/context snippet derived from the subject/body (we do not store full email bodies in our request system)
• Timestamps and processing status

Copies of your original email may be retained by your and our email service providers according to their policies. Within our systems, we store only the minimal fields above needed to process and audit your request.

2. How We Use Your Information

2.1 Newsletter Delivery

Your email address is used exclusively to send you The AI Brief daily newsletter.

2.2 Service Improvement

Anonymous analytics help us improve our content and user experience.

2.3 Communication

We may occasionally send service-related announcements or important updates.

2.4 GDPR Request Handling

Incoming GDPR request emails are parsed to determine the request type and to queue processing. We may use automated tools to assist with initial classification. Ambiguous cases receive human review before action.

3. Data Storage and Security

3.1 Data Hosting

Our website is hosted on Netlify, and email services are managed through reputable providers. All data is stored securely with industry-standard encryption.

3.2 Data Retention Policy

Email Addresses:

• We retain your email address while you remain subscribed to our newsletter
• If you don't open our emails for 12 consecutive months, we may automatically unsubscribe you to respect your preferences and maintain list quality
• You will receive a re-engagement email before automatic removal
• Data is permanently deleted within 30 days of unsubscription

Analytics Data:

• Anonymous usage analytics are retained for up to 2 years for service improvement
• Email engagement metrics (opens, clicks) are anonymized after 90 days
• No personal identifiers are retained in long-term analytics

3.3 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

3.4 GDPR Request Data

• Minimization: We store only an encrypted version of your email, a non-reversible hash, request type, brief reason snippet, and processing metadata.
• Encryption: Emails are encrypted individually at rest (AES-256/Fernet) and never logged in plaintext.
• Logs: Operational logs contain no personal data (hash prefixes only for troubleshooting).
• Environment separation: We maintain separate production and test environments. Messages explicitly marked for testing are handled in a segregated test environment.
• Retention: We retain GDPR request records only as long as necessary to fulfill the request and maintain a minimal compliance audit trail, after which they are deleted according to our retention policy.

4. Third-Party Services

4.1 Email Service Providers

We use third-party email service providers to deliver our newsletter, and we may receive GDPR requests via third-party email inbox providers. These providers have their own privacy policies and security measures that govern email transit and storage.

4.2 Analytics

We may use analytics services to understand how our website is used. These services collect only anonymous, aggregated data.

4.3 Content Sources

We aggregate news from public sources and provide links to original articles. When you click these links, you're subject to the privacy policies of those external websites.

4.4 AI Service Provider (Classification)

To help route GDPR emails, we may use an AI service provider to assist with request-type classification. Before any content is sent to such a provider, obvious personal identifiers (like email addresses, URLs, phone-like numbers, and long numeric IDs) are removed where feasible. We maintain a data processing agreement with the provider, and your data is not used to train their models.

4.5 Data Processing Agreements and International Transfers

We rely on standard Data Processing Agreements (and Standard Contractual Clauses where applicable) provided by our sub‑processors (e.g., hosting, database, email, and AI providers). These govern how personal data is processed and transferred. A current list of sub‑processors and links to their terms is available on request.

5. Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

5.1 Right to Access

You can request information about what personal data we hold about you, including:

• Confirmation of data processing
• Copy of your personal data
• Information about how we use your data

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data. Since we only collect email addresses, this typically means updating your subscription email.

5.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. For newsletter subscriptions, this means:

• Immediate removal from our subscriber list
• Permanent deletion of your email address from all systems
• Removal from backups within 30 days
• Anonymous logs only - no personal data retained

We will comply unless we have a legitimate reason to retain data (such as legal obligations). Since we only collect email addresses for newsletter delivery, deletion is straightforward and immediate.

5.4 Right to Data Portability

You can request a copy of your personal data in a commonly used, machine-readable format. For email subscriptions, this means receiving confirmation of your subscription details.

5.5 Right to Object

You can object to processing of your personal data. For newsletters, this is effectively the same as unsubscribing.

5.6 Right to Restrict Processing

You can request limitation of processing in certain circumstances, such as while we verify the accuracy of your data.

5.7 Right to Withdraw Consent

You can withdraw your consent to email processing at any time by unsubscribing. This does not affect the lawfulness of processing before withdrawal.

5.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data properly.

5.9 How to Exercise Your Rights

To exercise any of these rights, you have several options:

For Unsubscribe/Data Deletion:

• Unsubscribe link: Click the unsubscribe link in any newsletter email
• Unsubscribe page: Visit /unsubscribe
• Email request: Send "DELETE MY DATA" to theaibrief.pro@gmail.com

For Other Rights (Access, Rectification, etc.):

• Email: theaibrief.pro@gmail.com
• Subject line: "GDPR Request - [Right Name]" (e.g., "GDPR Request - Data Access")
• Include: Your email address and specific request

We will respond within 30 days and may require identity verification for security purposes. Data deletion requests are processed immediately and permanently remove all your personal data from our systems.

6. Legal Basis for Processing

We process your personal data based on:

• Consent: You have explicitly agreed to receive our newsletter
• Legitimate Interest: We have a legitimate interest in improving our service through anonymous analytics
• Legal Obligation: We may need to retain certain data to comply with legal requirements

7. Automated Decision Making and Email Engagement

We use automated systems to:

• Content Curation: AI helps select and summarize relevant AI industry news
• Engagement Monitoring: We track email opens and clicks to improve content relevance
• List Management: Subscribers who don't engage for 12 months may be automatically unsubscribed after a re-engagement attempt

You can opt out of engagement tracking or request manual review of any automated decisions by contacting us.

8. Cookies and Tracking

Our website may use minimal cookies for:

• Remembering your preferences
• Analytics (anonymous data only)
• Ensuring website functionality

We do not use cookies for advertising or tracking across other websites.

9. Children's Privacy

The AI Brief is intended for professional audiences. We do not knowingly collect personal information from children under 13 years of age.

10. International Users

The AI Brief is operated from the United States. If you are accessing our service from outside the US, please be aware that your information may be transferred to and stored in the US.

11. AI and Data Processing

We use artificial intelligence to:

• Analyze and summarize news content
• Generate insights and commentary
• Improve content relevance
• Assist with initial classification of GDPR request emails (with human oversight)

For GDPR request emails, we take additional steps to protect your privacy:

• We redact obvious personal identifiers (emails, URLs, phone-like numbers, long numeric IDs) before any automated analysis.
• Automated classification is used only to suggest a request type; ambiguous cases are reviewed by a human.
• We require a minimum confidence level to accept automated classifications.
• Your data is not used to train AI models, and we maintain a data processing agreement with the AI provider.

12. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last modified" date. We will notify subscribers of significant changes via email.

13. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us at:

Email: theaibrief.pro@gmail.com

For general inquiries: theaibrief.pro@gmail.com