Last updated: 20 May 2026 · Applies to cybriefing.com and all CyBriefing services
We take your privacy seriously. This policy explains clearly what data we collect, why we collect it, how we use it, and your rights as a user. We've written it in plain English — not legal jargon — because you deserve to understand what happens to your information.
1. Who we are
CyBriefing is a security awareness newsletter platform operated as an independent product. Our website is cybriefing.com.
For the purposes of UK GDPR, CyBriefing is the data controller for personal data collected through our service.
Business address: Unit 167595, PO Box 6945, London, W1A 6US
Email address — used to create your account and send your newsletters
Password — stored securely as a hashed value, never in plain text
Preference data
Industry sector — used to tailor your newsletter content
Company size — used to tailor your newsletter content
Company name — optional, used to personalise newsletter sign-offs
Preferred send date — used to schedule your monthly newsletter
Newsletter history
Subject lines, generated content, and send dates of newsletters we have delivered to you
Payment data
We do not store your card details. All payment processing is handled by Stripe, who are PCI-DSS compliant. We receive only a confirmation of payment and your subscription status from Stripe.
Technical data
IP address and browser type — collected automatically when you visit our site
Pages visited and time spent — collected via analytics (see Cookie Policy)
3. Why we collect it and our lawful basis
Lawful basis under UK GDPR
Contract performance — we need your email, preferences, and send date to deliver the service you signed up for.
Legitimate interests — we use technical data to keep the service secure and to understand how it is used so we can improve it.
Consent — we use cookies for analytics only with your consent (see Cookie Policy).
4. How we use your data
To create and manage your account
To generate and deliver your monthly security newsletter
To store your newsletter history in your dashboard
To process your subscription payments via Stripe
To send you transactional emails (account confirmation, receipts, password resets)
To improve the service based on usage patterns
To comply with legal obligations
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 5.
5. Who we share data with
Third party processors
Supabase — database and authentication provider. Stores your account and preference data securely. Privacy policy →
Stripe — payment processing. Handles all card data. We never see your full card number. Privacy policy →
Resend — email delivery service. Used to send your newsletters and transactional emails. Privacy policy →
Anthropic — AI platform used to generate newsletter content based on your industry and size. No personal data is sent to Anthropic — only your industry and company size. Privacy policy →
All third-party processors are bound by data processing agreements and are required to handle your data in accordance with UK GDPR.
6. How long we keep your data
Account data — kept for as long as your account is active, plus 30 days after deletion to allow for recovery
Newsletter history — kept for 24 months, then automatically deleted
Payment records — kept for 7 years as required by HMRC tax regulations
Technical logs — kept for 90 days
7. Your rights
Under UK GDPR you have the following rights regarding your personal data:
Right to access — request a copy of all data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data (subject to legal retention requirements)
Right to restrict processing — request that we limit how we use your data
Right to data portability — request your data in a machine-readable format
Right to object — object to processing based on legitimate interests
To exercise any of these rights, email us at privacy@cybriefing.com. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
8. Data security
We take reasonable technical and organisational measures to protect your data, including:
All data transmitted over HTTPS/TLS encryption
Passwords stored as bcrypt hashes — never in plain text
Database access restricted to authorised systems only
API keys and credentials stored securely and rotated regularly
In the event of a data breach that is likely to result in a risk to your rights, we will notify the ICO within 72 hours and affected users without undue delay.
9. International transfers
Some of our third-party processors may store or process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
10. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by email or by displaying a prominent notice on our website. The "last updated" date at the top of this page will always reflect the most recent revision.
Questions about your privacy?
Contact our data team at privacy@cybriefing.com. We aim to respond to all privacy enquiries within 5 working days.
Legal document
Terms of Service
Last updated: 20 May 2026 · Applies to cybriefing.com and all CyBriefing services
By creating an account or using CyBriefing, you agree to these terms. Please read them carefully. If you do not agree, please do not use the service.
1. The service
CyBriefing provides a platform for generating and delivering security awareness newsletters tailored to your organisation's industry and size. The service is provided "as is" and we reserve the right to modify, suspend, or discontinue it at any time with reasonable notice.
You must be at least 18 years old to create an account
You are responsible for maintaining the security of your account credentials
You must notify us immediately of any unauthorised access to your account
You may not share your account with others or create multiple accounts
You are responsible for all activity that occurs under your account
3. Acceptable use
You agree to use CyBriefing only for lawful purposes and in accordance with these terms. You must not:
Use the service to generate or distribute harmful, misleading, or illegal content
Attempt to reverse engineer, copy, or replicate any part of the service
Use automated tools to scrape or extract content from the platform
Resell or sublicense access to the service without our written permission
Attempt to circumvent any usage limits or access controls
Use the service in a way that could damage, disable, or impair it
4. Content accuracy
CyBriefing generates newsletter content using AI technology. While we strive to provide accurate, relevant, and up-to-date security information, we make no warranties regarding the completeness or accuracy of generated content.
You are responsible for reviewing all generated content before sending it to your staff. CyBriefing content should be treated as a starting point, not a substitute for professional cybersecurity advice.
We are not liable for any security incidents that occur as a result of reliance on CyBriefing-generated content.
5. Subscription and billing
Plans and pricing
Free plan — 1 newsletter per month, plain text output, no card required.
Pro plan — £12/month, 20 generations per month, HTML output, automated delivery, dashboard.
Team plan — £29/month, 100 generations per month, 5 client profiles, white-label branding.
Paid subscriptions are billed monthly in advance
Annual subscriptions are billed annually and receive a 20% discount
All prices are in GBP and inclusive of VAT where applicable
We reserve the right to change pricing with 30 days notice
You will be notified by email of any price changes before they take effect
6. Cancellation and refunds
You may cancel your subscription at any time from your account dashboard
Cancellation takes effect at the end of your current billing period — you retain access until then
We offer a 14-day money-back guarantee on all paid plans — no questions asked
Refunds after 14 days are at our discretion and assessed on a case-by-case basis
Annual plan refunds are prorated for unused months within the 14-day window
7. Intellectual property
CyBriefing and its underlying technology, branding, and design are owned by us and protected by intellectual property law.
Newsletter content generated for you using our platform is yours to use freely within your organisation. You may not resell or republish generated content as your own product.
The CyBriefing name, logo, and brand may not be used without our written permission.
8. Limitation of liability
To the maximum extent permitted by law, CyBriefing shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or goodwill.
Our total liability to you for any claim arising from use of the service shall not exceed the amount you paid us in the 12 months preceding the claim.
9. Termination
We may suspend or terminate your account immediately if you breach these terms. We may also terminate accounts that have been inactive for more than 24 months, with 30 days notice by email.
You may delete your account at any time from your account settings. Upon deletion, your data will be removed in accordance with our Privacy Policy.
10. Governing law
These terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
11. Changes to these terms
We may update these terms from time to time. We will notify you of material changes by email at least 14 days before they take effect. Continued use of the service after changes take effect constitutes acceptance of the new terms.
Last updated: 20 May 2026 · Applies to cybriefing.com
This policy explains what cookies we use on cybriefing.com, why we use them, and how you can control them. We keep it minimal — we only use cookies that are necessary or that you explicitly consent to.
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the website remember information about your visit — like whether you're logged in or what your preferences are.
2. Cookies we use
Essential cookies — always active
These are required for the service to function. They cannot be disabled.
Cookie
Purpose
Duration
sb-auth-token
Keeps you logged in to your account (set by Supabase)
Session
sb-refresh-token
Refreshes your login session automatically
7 days
sn-theme
Remembers your light/dark theme preference
1 year
cookie-consent
Remembers whether you've accepted or declined optional cookies
1 year
Analytics cookies — optional, requires consent
We use Plausible Analytics to understand how the site is used. Plausible is privacy-friendly — it does not use cookies by default and does not track you across websites.
Cookie
Purpose
Duration
_plausible
Counts unique visitors without tracking personal data
Session
Payment cookies — set by Stripe
When you visit our checkout, Stripe sets cookies to process your payment securely and prevent fraud.
Cookie
Purpose
Duration
__stripe_mid
Fraud prevention and security (set by Stripe)
1 year
__stripe_sid
Fraud prevention and security (set by Stripe)
30 minutes
3. How to control cookies
You can control optional cookies at any time:
Cookie banner — use the consent banner when you first visit to accept or decline optional cookies
Browser settings — most browsers allow you to block or delete cookies. Note that blocking essential cookies will prevent you from logging in
Last updated: 20 May 2026 · UK GDPR and Data Protection Act 2018
CyBriefing is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our obligations, your rights, and how we fulfil them in practice.
1. Data controller
Controller details
Organisation: CyBriefing Website: cybriefing.com Data protection contact:privacy@cybriefing.com Supervisory authority: Information Commissioner's Office (ICO) — ico.org.uk
2. Lawful basis for processing
Processing activity
Lawful basis
Creating and managing your account
Contract performance (Art. 6(1)(b))
Generating and delivering newsletters
Contract performance (Art. 6(1)(b))
Processing payments
Contract performance (Art. 6(1)(b))
Sending transactional emails
Contract performance (Art. 6(1)(b))
Analytics and service improvement
Legitimate interests (Art. 6(1)(f))
Analytics cookies
Consent (Art. 6(1)(a))
Legal and tax record keeping
Legal obligation (Art. 6(1)(c))
3. Your rights under UK GDPR
Right of access
Request a copy of all personal data we hold about you. We will respond within 30 days.
Right to rectification
Request correction of inaccurate or incomplete personal data. Most data can be updated directly in your account settings.
Right to erasure
Request deletion of your personal data. We will comply unless we are required to retain it by law (e.g. tax records).
Right to portability
Request your data in a structured, machine-readable format (JSON or CSV) so you can transfer it to another service.
Right to restrict processing
Request that we limit how we process your data while a dispute is resolved or a request is being handled.
Right to object
Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds.
Right to withdraw consent
Withdraw consent for analytics cookies at any time. This does not affect the lawfulness of processing before withdrawal.
Right to complain
Lodge a complaint with the ICO at ico.org.uk if you believe we have mishandled your data.
To exercise any of these rights, contact us at privacy@cybriefing.com. We will respond within 30 days. We may need to verify your identity before acting on a request.
4. Data retention schedule
Data type
Retention period
Reason
Account and profile data
Duration of account + 30 days
Service delivery, account recovery
Newsletter history
24 months
Dashboard access, service improvement
Payment records
7 years
HMRC legal requirement
Technical logs
90 days
Security monitoring
Support communications
3 years
Dispute resolution
5. Data breach procedure
In the event of a personal data breach, we will:
Assess the risk to individuals within 24 hours of discovery
Notify the ICO within 72 hours if the breach is likely to result in a risk to individuals' rights
Notify affected users without undue delay if the breach is likely to result in a high risk to their rights
Document all breaches in our internal breach register regardless of severity
6. International data transfers
Some of our service providers may process data outside the UK or EEA. Where this occurs, we ensure one of the following safeguards is in place:
The country has been deemed adequate by the UK government
Standard Contractual Clauses (SCCs) are in place
The provider has binding corporate rules approved by a supervisory authority
7. Children's data
CyBriefing is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from a child, please contact us immediately at privacy@cybriefing.com.
Exercise your GDPR rights
Email privacy@cybriefing.com with your request. Include your account email address so we can verify your identity. We will acknowledge your request within 5 working days and respond in full within 30 days.