Privacy Policy

Last updated: April 2026

DebriefKit is an AI-powered conversational intake tool for freelance developers and agencies. This privacy policy explains how we handle your data when you use the DebriefKit web application at debriefkit.com.

1. Information We Collect

Account Information

When you sign up, we collect your name and email address through our authentication provider, Clerk. If you sign in with a social provider (such as Google), we receive the profile information you authorize.

Business Profile

During onboarding, you may provide your business name, business type, and service descriptions. This information is used to customize your intake templates and AI conversations.

Conversation Data

When your clients complete an intake session, we store the full conversation between the client and the AI assistant. This includes all messages sent by the client and the AI responses generated during the session.

Structured Outputs

At the end of each intake session, the AI generates a structured brief summarizing the client's project requirements, budget, timeline, and other relevant details. These briefs are stored in your account.

Intake Link Configuration

Templates and intake links you create, including custom questions, welcome messages, and configuration settings.

2. How We Use Your Information

  • Power AI-driven intake conversations with your clients (via OpenAI)
  • Generate structured project briefs from conversation data
  • Authenticate and manage your account (via Clerk)
  • Store and sync your sessions, templates, and briefs in real time (via Convex)
  • Customize the AI conversation based on your business profile and template configuration
  • Send transactional emails related to your account and sessions

3. Third-Party Services

ServicePurposeData Shared
ClerkAuthentication & user managementEmail, name, profile photo, login credentials
OpenAI (GPT-5.4-nano)AI-powered intake conversations & brief generationClient messages, conversation context, template configuration
ConvexBackend database & real-time syncAll application data (sessions, messages, briefs, user profiles, templates)

Note: Client messages sent to OpenAI for intake conversations are processed via the OpenAI API with data retention disabled. OpenAI does not use API inputs to train its models.

4. Cookies & Tracking

DebriefKit uses cookies that are strictly necessary for the service to function:

  • Authentication cookies: Set by Clerk to manage your login session and keep you signed in.
  • Preference cookies: Used to store your theme preference (light/dark mode) and other UI settings.

We do not use advertising cookies, tracking pixels, or third-party analytics that follow you across websites.

5. Data Retention

  • Your data is retained as long as your account is active.
  • You can delete individual sessions and briefs at any time from your dashboard.
  • If you delete your account, all associated data (sessions, messages, briefs, templates, and profile information) is permanently removed from our servers.
  • Conversation data sent to OpenAI is processed in real time and not retained by OpenAI after the API response is returned.

6. Data Security

  • All data is transmitted over encrypted connections (TLS/SSL).
  • Authentication is handled by Clerk, which provides enterprise-grade security including password hashing, session management, and multi-factor authentication.
  • Backend data is hosted on Convex with enterprise-grade infrastructure security.
  • We collect only the minimum data necessary to provide the service.

7. Children’s Privacy

DebriefKit is a business tool designed for professionals. It is not directed at children under 13. We do not knowingly collect data from children under 13.

If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly.

If you believe a child under 13 has provided data, please contact us immediately.

8. Your Rights

  • Delete your data: Delete individual sessions from your dashboard, or request full account deletion by contacting us.
  • Access your data: Contact us to request a copy of the data we hold about you.
  • California residents (CCPA): We do not sell your personal information.
  • EU residents (GDPR): You have the right to access, correct, delete, and port your data. Contact us to exercise these rights.
  • You may contact us at any time regarding your data.

9. Changes to This Policy

We may update this policy from time to time.

Material changes will be communicated via email or through a notice in the application.

Continued use of DebriefKit after changes constitutes acceptance.

The "Last updated" date at the top of this page indicates the most recent revision.

10. Contact

For questions about this privacy policy, contact us at: [email protected]