Privacy Policy

Novus Place Pty Ltd (ACN 644 095 367) ("we", "us", "our"), also referred to by our trading name, Brieff, takes the privacy of your and your clients' information seriously.

Where the Privacy Act 1988 (Cth), the Australian Privacy Principles ("APPs"), or other applicable privacy laws apply to us, we will comply with those laws. Even where a particular privacy law does not apply to us, we use the APPs as an important baseline for how we collect, hold, use and disclose personal information.

We understand your requirements to keep client information confidential. This Privacy Policy explains how we collect, use, store, share and disclose personal information about you, your business, your users, your clients and other individuals whose information is provided to us through Brieff.

The defined terms in this Privacy Policy ("Policy") have the same meaning as in our Terms of Use, which you should read together with this Policy. By accessing our Website or using our Services, you acknowledge that we collect, hold, use and disclose personal information as described in this Policy.

Key areas covered by this Policy:

1. Collection of your personal information
2. Collection of others' personal information from you
3. Purposes for which we collect, hold, use and disclose personal information
4. Payment and billing information
5. Cookies and similar technologies
6. Log files and product telemetry
7. Links to other websites and services
8. Protection of personal information
9. Disclosure of personal information
10. Overseas disclosures
11. Google API Services User Data Policy and Limited Use requirements
12. Access, correction, deletion and complaints
13. Retention of personal information
14. Miscellaneous

1. We collect your personal information

Our Services involve the storage, processing and sharing of business, meeting, client and workflow information. That information can include personal information. "Personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.

Personal information we collect

We may collect personal information directly from you or through your use of Brieff, including:

• full name;
• business name;
• role, job title and firm details;
• address;
• email address;
• mobile and business phone number;
• country, state, time zone and location information;
• account login, authentication and access information;
• details of the products and services we have provided to you or that you have enquired about;
• customer support, sales, training and feedback communications;
• billing information, including billing address, tax details, invoice details, plan information, subscription status and payment status;
• payment identifiers and payment-processing information handled by our payment providers;
• client, contact, household, entity, relationship and advisory records that you or your firm enter into Brieff;
• meeting details, calendar events, attendees, meeting links, agendas, notes, preparation materials and follow-up items;
• recordings, audio, video, transcripts, summaries, action items and other meeting outputs, where those features are enabled;
• files, attachments, notes, comments, messages, templates, check-ins, forms and other content uploaded to or generated in the Services;
• information from integrations that you or your firm authorise, such as calendar, billing, practice-management, document-management, communication or accounting integrations;
• device ID, device type, browser type, operating system, IP address, approximate location, referral source, pages viewed, usage events, traffic data, clickstream data and other standard web log information;
• analytics, diagnostic, security and error-reporting information;
• information you provide through our Website, app, online presence, social media pages, community forum, blog, surveys or other websites and accounts from which you permit us to collect information; and
• any other personal information that may be required to facilitate the provision, support, security, improvement or administration of the Services.

Some information entered into Brieff may include sensitive information or confidential client information, including financial, family, health, tax, business, estate-planning or other advisory information. You should only provide sensitive information or confidential information to Brieff where you have authority to do so and where it is lawful and appropriate for the use of the Services.

How we collect personal information

We may collect personal information when you:

• register to use Brieff;
• use Brieff and our Services;
• invite users, clients or contacts to access Brieff;
• connect or authorise an integration;
• upload, create, record, send or receive content through Brieff;
• participate in meetings, check-ins, client communications or shared packages using Brieff;
• post to our Website, community forum, social media pages or blog;
• contact our support, sales or training team;
• complete surveys, forms or feedback requests;
• visit our Website; or
• otherwise communicate with us.

We may also collect personal information from your firm, your colleagues, your clients, authorised third-party integrations, service providers, publicly available sources and automated systems that support the operation and security of Brieff.

You can choose not to provide personal information to us, but this may mean we are unable to provide some or all of the Services. We require you to provide accurate, up to date and complete personal information where it is needed for the Services.

2. We may receive personal information from you about others

Through your use of Brieff, we may collect personal information from you about someone else, including your clients, contacts, colleagues, meeting attendees and other individuals.

If you provide personal information about someone else, you must ensure that you have authority to disclose that information to us and that we may collect, hold, use and disclose it for the purposes described in this Policy without taking further steps required by applicable privacy or data-protection laws.

This means that you must take reasonable steps to ensure the individual concerned is aware of the matters described in this Policy where required by law, including:

• that their personal information may be collected by us;
• the purposes for which it may be collected, held, used and disclosed;
• the types of recipients to whom it may be disclosed;
• how they may access or seek correction of their personal information;
• our identity; and
• how to contact us.

Where required by applicable law, you must obtain any necessary consent before providing personal information to us. You must also provide accurate, up to date and complete personal information about others when disclosing it to us.

Where requested by us, you must assist us with requests by an individual to access, correct, delete or otherwise exercise rights in relation to personal information that you have collected from them and entered into Brieff.

Where we process personal information about your clients or contacts on behalf of your firm, your firm remains responsible for its relationship with those individuals and for determining whether Brieff is appropriate for the information you choose to upload, record, share or process.

Where applicable privacy laws use controller/processor or business/service-provider concepts, Brieff may act in different capacities depending on the information and context. For content entered into Brieff by a firm about its clients, contacts or meeting attendees, Brieff generally handles that information to provide services to the firm. For account, billing, security, support, analytics, legal compliance and business administration information, Brieff handles personal information for its own business purposes.

3. We collect, hold, use and disclose personal information for limited purposes

We collect personal information so that we can provide Brieff and related services. We may collect, hold, use and disclose personal information for purposes including to:

• verify identity and manage accounts;
• authenticate users and manage access permissions;
• provide our Website, products and Services;
• create, manage and support firms, users, clients, contacts, relationships, workspaces, meetings, actions, check-ins, shared packages and related workflows;
• record, transcribe, summarise and analyse meetings where those features are enabled;
• generate meeting notes, action items, client follow-ups, summaries, insights and other AI-assisted outputs;
• send, receive and track communications, including email, SMS and in-app communications;
• operate integrations that you or your firm authorise;
• provide calendar, meeting, recording, transcription, AI, billing, analytics, support and administrative features;
• bill you for purchases or use of our Services;
• administer, protect, monitor, test, improve and optimise our Services;
• perform data analytics, quality assurance, debugging, research and product improvement;
• maintain security, prevent fraud, detect abuse and investigate suspicious activity;
• manage backups, business continuity and disaster recovery;
• provide customer support, training and onboarding;
• send service messages, product notices, legal notices and important account updates;
• notify you of new or changed information relating to Brieff, our Services or our business partners;
• carry out marketing, events or training relating to Brieff where permitted by law;
• conduct internal record-keeping, audit, reporting and administrative activities;
• comply with laws, regulations, court orders, subpoenas, tax obligations and other lawful requests;
• enforce our Terms of Use and other agreements;
• respond to disputes, complaints, security incidents and legal claims; and
• carry out any other purpose you have consented to or that is otherwise permitted by law.

We will only use personal information for the purposes described in this Policy, for purposes notified to you at the time of collection, for related purposes that would reasonably be expected, or with your consent.

Use of personal information for direct marketing

Where we have your consent, or where we are otherwise permitted by law, we may use your personal information to send you information about products, services, content, training, events or offers that we believe may be relevant to you.

You may opt out of receiving direct marketing communications from us at any time by following the unsubscribe instructions included in the relevant marketing communication or by emailing us at info@brieff.io.

We do not use your clients' or contacts' personal information for direct marketing unless we have a direct relationship with them or are otherwise legally permitted to do so.

Even if you opt out of direct marketing, we may still contact you about important service, security, billing, legal or account matters, including notifications of data breaches or material changes to our Services, Terms of Use or this Policy.

De-identified and aggregated information

We may use de-identified, aggregated or anonymised information for analytics, research, reporting, product improvement, benchmarking and business purposes. We will take reasonable steps so that this information does not identify you, your clients or other individuals.

4. Payment and billing information

If you are a user of our paid Services, we use third-party payment processing companies to process payments and manage billing. These providers may collect payment information, including credit card, bank, billing address, tax and payment details.

We do not store full credit card numbers or full bank account details on our own systems. We may store billing records, invoice details, subscription details, plan details, tax information, payment status, payment-provider customer identifiers, subscription identifiers and related billing metadata.

Some payment providers we use include:

• Stripe - https://stripe.com/au/ssa
• Other third-party payment providers as updated in this Policy or notified to you in-app from time to time.

Your use of payment services may also be subject to the relevant payment provider's terms and privacy policy.

5. We use cookies and similar technologies

We use technologies such as cookies, pixels, local storage and similar technologies ("Cookies") to provide, secure, monitor, promote and improve Brieff.

Cookies may be used to:

• keep you signed in;
• remember preferences;
• operate essential Website and Service functionality;
• understand how users interact with our Website and Services;
• measure performance and reliability;
• detect security risks and abuse;
• support analytics and product improvement; and
• support marketing, attribution or advertising activities where permitted by law.

Some Cookies are necessary for the Services to work. Others help us understand and improve the Services or support marketing and communications.

The data collected through Cookies will not be kept for longer than necessary for the relevant purpose. We will handle personal information collected through Cookies in the same way that we handle other personal information.

You can block or delete Cookies through your browser settings. Some features of Brieff may not function properly if Cookies are disabled.

6. Brieff uses log files and product telemetry

When you use Brieff, our systems and service providers may automatically record certain information in logs. These logs may include information such as your web request, IP address, browser type, device type, operating system, referring and exit pages, URLs, number of clicks, pages viewed, actions taken, domain names, landing pages, mobile carrier, timestamps, error reports, performance data, authentication events and security events.

Log files and product telemetry help us operate, monitor, analyse, improve, maintain and secure Brieff, and diagnose and address technical or security issues.

The data collected through log files will not be kept for longer than necessary for the relevant purpose. We will handle personal information collected through log files in the same way that we handle other personal information.

7. Links to other websites and services

Our Website and Services may contain links to third-party websites, applications, platforms and services, including social media networks and third-party integrations.

This Policy applies to information collected by us or on our behalf as described in this Policy. We are not responsible for the privacy practices, security practices, content or policies of third-party websites or services.

When you use a link or integration to access a third-party website or provider, such as Xero, Google, Microsoft, Stripe or another connected service, your activity on that third-party service may be subject to that provider's own terms and privacy policy.

8. We take reasonable steps to protect personal information

We are committed to protecting the security of personal information and we take reasonable steps to protect it from misuse, interference, loss, unauthorised access, modification and disclosure.

These steps may include access controls, authentication controls, encryption, monitoring, logging, backups, network security, provider security reviews, role-based permissions, operational procedures and staff or contractor confidentiality obligations.

However, the Internet is not in itself a secure environment and no method of transmission or storage can be guaranteed to be completely secure. Transmission of personal information over the Internet is at your own risk, and you should only enter or instruct the entering of personal information into the Services within a secure environment.

You may be required to enable multi-factor authentication or other security measures to access Brieff. We strongly recommend using strong passwords, secure devices, secure networks and any available account-security features.

If we become aware of a data breach involving personal information, we will take reasonable steps to contain, assess and remediate the breach. Where required by applicable law, including where an eligible data breach is likely to result in serious harm, we will notify affected individuals and relevant regulators.

Nothing in this Policy limits any rights or remedies that cannot be excluded under applicable law.

9. We disclose personal information in limited circumstances

We may disclose personal information to entities outside Brieff where it is reasonably necessary for the purposes described in this Policy, where you have authorised the disclosure, or where otherwise permitted or required by law.

This may include disclosure to:

• hosting, infrastructure and database providers;
• authentication and identity providers;
• payment and billing providers;
• communication providers, including email, SMS and notification providers;
• analytics, monitoring, diagnostics and error-reporting providers;
• calendar, meeting and integration providers;
• recording, transcription, media-processing and AI providers;
• professional software and practice-management integrations that you or your firm authorise;
• customer support, sales, training, administration and business-operation providers;
• security, fraud-prevention and abuse-detection providers;
• professional advisers, including lawyers, accountants, auditors, insurers and consultants;
• regulators, courts, tribunals, law-enforcement agencies, tax authorities and government bodies where required or permitted by law;
• a prospective or actual purchaser, investor, funder or adviser in connection with a merger, acquisition, restructure, financing, sale of assets or similar corporate transaction; and
• any other person or entity where you have consented or where disclosure is permitted by law.

Examples of third-party providers we may use include, depending on the features used and integrations authorised:

• Google Cloud Platform, Vercel and Amazon Web Services for hosting, infrastructure, storage, compute, database, security and media services;
• WorkOS for authentication and identity services;
• Stripe for billing and payment processing;
• SendGrid, Twilio and related communication providers for email, SMS and messaging;
• Sentry and Mixpanel for error reporting, analytics and product telemetry;
• Google APIs and Microsoft services for calendar and related integrations;
• Xero, Karbon, XPM and other professional software integrations where authorised by you or your firm;
• Recall.ai, Deepgram and related recording, transcription or meeting-processing providers where those features are enabled; and
• OpenAI and other AI providers where AI-assisted features are enabled.

We do not sell personal information. We do not disclose personal information to third-party advertising platforms, data brokers or information resellers for them to sell or independently market to you or your clients.

Where we disclose personal information to service providers, we take reasonable steps to ensure they handle the information consistently with the purpose for which it was provided, including through contractual, technical and organisational controls where appropriate.

We may be required to disclose personal information without your consent to comply with court orders, subpoenas, notices, legal processes, regulatory requests or investigations, including by tax authorities or law-enforcement agencies. Where lawful and appropriate, we will notify you if we are required to disclose personal information in this way.

10. Overseas disclosures

We may disclose personal information to recipients located outside Australia. The countries in which recipients are likely to be located may include Australia, the United States, the United Kingdom, countries in the European Union or European Economic Area, New Zealand and other countries where our service providers, subprocessors or support teams operate.

The exact countries may vary depending on the providers, features, integrations and support channels used. Where it is practicable to do so, we will identify countries or regions in this Policy or in other notices.

We may disclose personal information to overseas recipients as described in this Policy. Where required by applicable law, we will take reasonable steps to ensure overseas recipients handle personal information consistently with applicable privacy requirements.

11. Google API Services User Data Policy and Limited Use requirements

Brieff's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where Brieff accesses Google user data through Google APIs, we will:

• use Google user data only to provide or improve user-facing features that are prominent in Brieff;
• only request access to Google API scopes that are necessary for the relevant feature;
• not sell Google user data;
• not use Google user data for serving ads, including retargeting, personalised advertising or interest-based advertising;
• not transfer Google user data except as necessary to provide or improve the relevant user-facing feature, for security purposes, to comply with applicable law, or as otherwise permitted by the Google API Services User Data Policy;
• limit human access to Google user data to circumstances where you have given affirmative agreement, where access is necessary for security or support purposes, where required by law, or where the data is aggregated and used for internal operations in accordance with applicable law; and
• take reasonable and appropriate steps to protect Google user data from unauthorised or unlawful access, use, destruction, loss, alteration or disclosure.

Where we use other third-party APIs, including Microsoft, OpenAI, Stripe and other providers, we will comply with their applicable data policies and use requirements.

12. Access, correction, deletion and complaints

You may request access to personal information we hold about you, or seek correction of it, by contacting us at info@brieff.io.

We may need to verify your identity and authority before responding to a request. If you are making a request about personal information that has been provided to Brieff by a firm, we may need to refer the request to that firm or consult with that firm before responding, where appropriate.

Should we decline to provide access to personal information, we will provide a written explanation setting out our reasons where required by law.

We may charge a reasonable fee that is not excessive to cover the cost of retrieving and providing access to personal information. We will not charge you for making the request.

If you believe that we hold personal information about you or your clients that is not accurate, complete or up to date, you may request that the personal information be corrected. We will respond to your request within a reasonable timeframe, and you will not be charged a fee for correcting personal information.

You may also ask us to delete or de-identify personal information. We will respond to deletion requests in accordance with applicable law, our legal obligations, our legitimate business needs, our contractual obligations and any instructions or rights of the firm that provided the information.

If you require further information about this Policy, wish to exercise a privacy right, or wish to make a privacy complaint, please contact us at info@brieff.io.

We will acknowledge and respond to privacy complaints within a reasonable timeframe. We will usually aim to respond within 30 days, unless the matter is complex or we reasonably need more time.

If you are not satisfied with our response, you may have the right to contact the Office of the Australian Information Commissioner or another relevant privacy regulator in your jurisdiction.

13. Retention of personal information

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain your account, support customers, comply with legal and accounting obligations, resolve disputes, enforce agreements, maintain security, prevent fraud, preserve audit records, maintain backups and comply with customer instructions.

Retention periods may vary depending on the type of information, the Services used, the settings selected by your firm, legal requirements and operational needs.

If we no longer need personal information for any purpose described in this Policy, and we are not required or permitted by law to retain it, we will take reasonable steps to destroy it or de-identify it.

Some information may remain in backups, logs or archives for a limited period before it is deleted in accordance with our ordinary retention and backup processes.

14. Miscellaneous

Brieff is intended for business use and is not directed to children. However, personal information about children or dependants may be included in client records or other information uploaded by users. You should only provide that information where you have authority to do so and where it is lawful and appropriate.

Depending on where you are located, you may be entitled to additional privacy rights. These may include rights to access, correction, deletion, portability, objection, restriction of processing, withdrawal of consent or complaint to a regulator. Please contact us at info@brieff.io if you wish to exercise rights under privacy laws that apply in your jurisdiction.

Where laws such as the GDPR or UK GDPR apply, our legal bases for handling personal information may include performance of a contract, our legitimate interests, consent, compliance with legal obligations, and, where relevant, the establishment, exercise or defence of legal claims.

Brieff may use automated systems and AI-assisted features to help provide the Services, including to transcribe meetings, generate summaries, suggest action items, classify content, analyse information, improve workflows and support product functionality. These features are intended to assist users, not to replace professional judgment. We do not intend AI-assisted outputs to make legally or similarly significant decisions about individuals without appropriate human review.

Brieff reserves the right to amend, modify, add to or remove portions of this Policy from time to time. Where changes are material, we will take reasonable steps to notify you, which may include notice on our Website, by email, or in-app. Changes will apply from the date the updated Policy is posted or otherwise notified, unless a later date is specified or a different approach is required by law.

Please check this Policy from time to time for changes. Your continued use of Brieff following the posting or notification of changes to this Policy will mean you acknowledge the updated Policy.

The Privacy Policy was last updated on 16 June 2026.