Legal

Privacy Policy

How Briefpad collects, uses and protects personal data — including the call recordings and transcripts we process to generate your briefs.

Last updated: 22 June 2026

1. Who we are

Briefpad (“Briefpad”, “we”, “us”) provides an automated brief-generation service for web design agencies. For the purposes of UK data protection law, the data controller is Joseph Osu, trading as Briefpad (a sole trader based in England & Wales), contactable at joseph@briefpad.io.

2. The data we collect

  • Account & contact data — name, email, company and billing details when you sign up or book a call.
  • Pre-call form data — the context you provide about a client and project before a discovery call.
  • Call recordings & transcripts — audio from discovery calls Briefpad is invited to, and the transcripts generated from them, used to produce your brief.
  • Generated briefs — the structured documents we create from the above.
  • Usage & technical data — basic logs and analytics needed to run and secure the service.

3. How we use it

We use this data to provide the service: to join your calls, transcribe them, generate briefs, deliver them to your dashboard, support your account and keep the platform secure. We do notsell your data or your clients’ data.

4. Legal basis (UK GDPR)

We process personal data on the basis of contract (to provide the service you sign up for), legitimate interests (to run, secure and improve the product) and, where required, consent. By activity: account & billing data on contract; call recordings, transcripts and briefs on contract (to deliver your briefs); logs, security and analytics on legitimate interests; and any optional communications on consent.

5. Call recording & consent

Briefpad records and transcribes calls you invite it to. You are responsible for ensuring that everyone on a call is informed that it is being recorded and that any consent required by law in your jurisdiction is obtained before Briefpad joins.

6. Sharing & sub-processors

We share data with trusted service providers only as needed to run the service. Our current sub-processors are:

  • Recall.ai — call recording and transcription
  • Anthropic — AI brief generation via the Claude API
  • n8n — automation and pipeline orchestration
  • Airtable — data storage and your briefs dashboard
  • Typeform — pre-call intake forms
  • Google Workspace — email notifications

7. Data retention

We retain call transcripts and generated briefs for as long as your account is active. If you cancel, this data is deleted within 30 days, unless you ask us to remove it sooner or we are required by law to keep it.

8. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit and access controls. No system is perfectly secure, but we work to keep your data and your clients’ data safe.

9. International transfers

Data is processed in the United States by Anthropic (Claude API) and Recall.ai. These transfers are conducted under appropriate safeguards, including standard contractual clauses.

10. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict or port your personal data, and to object to certain processing. To exercise any of these, contact joseph@briefpad.io. You also have the right to complain to the Information Commissioner’s Office (ICO).

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “last updated” date above.

12. Contact

Questions about this policy or your data? Email joseph@briefpad.io.