Legal

Privacy Policy

Last updated: March 2026  ·  Effective immediately upon install

🔒 Our core commitment

Brevi does not train AI models on your data. Your Jira tickets, GitHub code, task descriptions, and Slack messages are never used to train or fine-tune any language model by us or any third party we work with. Your data is used solely to generate briefs for your team and nothing else.

Who We Are

Brevi is an AI-powered task brief engine for software development teams that operates as a Slack application. Brevi is operated as an independent software product. If you have questions about this policy, contact us at brevi.support@gmail.com.

This Privacy Policy applies to all users of the Brevi Slack application and the usebrevi.co website. By installing Brevi, you agree to the practices described in this policy.

What Data We Collect and Why

We collect only what is necessary to provide the service. Here is a complete breakdown:

Data Why we collect it Stored?
Slack workspace ID and name To identify your workspace and route bot traffic correctly ✓ Yes
Slack bot token To send messages and respond to commands in your workspace ✓ Yes
Slack user IDs To identify managers and developers during task assignment ✓ Yes
Jira credentials (URL, email, API token) To fetch ticket content when a task is assigned ✓ Yes, encrypted
GitHub personal access token To scan repository file structure for relevant files ✓ Yes, encrypted
Jira ticket content (title, description) Sent to AI to generate a developer brief, not stored long-term ✓ Temporarily
GitHub file tree (filenames and paths only) To identify relevant files file contents are never read ✗ Not stored
AI-generated task summaries Stored to power /my-tasks, /brevi-status, and weekly digests ✓ Yes
Task status and activity logs To track task progress and generate manager reports ✓ Yes

What We Never Do

We want to be explicit about what we do not do with your data:

  • We do not train AI models on your data. Your Jira tickets, GitHub file trees, task descriptions, and generated briefs are never used to train, fine-tune, or improve any AI model including the models provided by our AI provider (OpenRouter).
  • We do not read your source code. Brevi only accesses the file tree of your GitHub repository (names and paths of files). It never downloads, reads, or stores the content of any code file.
  • We do not sell your data. We do not sell, rent, or share your data with any third party for commercial purposes. Ever.
  • We do not store Slack message history. Brevi only processes messages that directly interact with it via slash commands or button clicks. We do not read or store general Slack conversation history.
  • We do not access your full Jira project. We only fetch the specific ticket provided in the /assign command. We do not browse, index, or store your Jira project history.
  • We do not share data between workspaces. Each Slack workspace's data is completely isolated. One team's tickets, credentials, and task history are never accessible to another team.

How We Use AI and What Happens to Your Data

When a manager runs /assign, the following happens:

  • The Jira ticket content (title and description) is sent to our AI provider to generate a structured developer brief.
  • The AI processes this content and returns a brief. This exchange is not stored by the AI provider for training purposes under our agreement.
  • The generated brief is stored in our database and is only accessible to members of your Slack workspace via Brevi commands.
  • The raw Jira ticket content is stored in our database as reference material to power features like /my-tasks and /brevi-status.

Our AI provider routes requests to underlying language models. We use configurations that opt out of training data usage where available. The specific model used may vary, but no provider we work with is permitted to use your content for model training under our terms of use with them.

Data Storage and Security

All data is stored in a hosted PostgreSQL database (Supabase) with the following protections:

  • Row Level Security (RLS) is enabled on all tables. Public API access is blocked entirely — data is only accessible through authenticated backend requests.
  • Credentials are encrypted at rest. Your Jira API token and GitHub personal access token are stored encrypted and are never exposed in logs, responses, or API outputs.
  • Access is workspace-scoped. Every database record is tied to a specific Slack workspace ID. Cross-workspace data access is architecturally impossible.
  • The admin panel is JWT-protected. Only authorized Brevi operators can access workspace management tools, and access requires authenticated credentials.
  • HTTPS everywhere. All data in transit between Slack, Brevi, and external APIs is encrypted via TLS.

While we implement industry-standard security practices, no system is completely immune to risk. If you become aware of a security issue, please contact us immediately at brevi.support@gmail.com.

Data Retention

We retain your data for as long as your Slack workspace has Brevi installed. Specifically:

  • Workspace credentials are retained for the duration of the installation and deleted upon uninstall request.
  • Task records and activity logs are retained for the duration of the installation to power historical views and digests.
  • Generated AI briefs are retained for the duration of the installation to power /my-tasks and /brevi-status commands.

To request deletion of all your workspace's data, email us at brevi.support@gmail.com with your Slack workspace name. We will permanently delete all associated records within 7 business days.

Third-Party Services We Use

Brevi integrates with the following third-party services to function. Each has its own privacy policy:

Service Purpose Data sent to them
Slack Bot platform and communication Bot tokens, message content, user IDs
Atlassian (Jira) Ticket fetching via your credentials Your API token (used to authenticate requests to your own Jira)
GitHub Repository file tree scanning Your personal access token (used to authenticate read requests to your own repos)
OpenRouter AI brief generation Jira ticket title and description for brief generation
Supabase Database hosting All stored workspace and task data
Lemon Squeezy Payment processing Payment details and workspace ID for subscription linking
Render Backend hosting All server-side processing occurs here

Your Rights

You have the following rights with respect to your data:

  • Right to access. You can request a copy of all data we hold for your workspace.
  • Right to deletion. You can request permanent deletion of all workspace data at any time by emailing brevi.support@gmail.com.
  • Right to correction. If any stored data about your workspace is incorrect, contact us and we will correct it.
  • Right to uninstall. Removing Brevi from your Slack workspace immediately revokes our access to your workspace. To delete stored records as well, contact us separately.
  • Right to know. You have the right to know exactly what data we hold about your workspace. Email us and we will respond within 7 business days.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify workspace admins via a Slack DM from the Brevi bot.

Continued use of Brevi after changes are posted constitutes acceptance of the updated policy.

Questions about your privacy?

We're a small team and we respond to every email. If you have any questions, concerns, or requests related to this Privacy Policy, reach out directly.

brevi.support@gmail.com