Last updated: May 26, 2026

Privacy Policy

1. Who we are

MorningBrief (“MorningBrief,” “we,” “our,” or “us”) operates the website usemorningbrief.com and provides a sales-briefing service that reads upcoming calendar meetings and Salesforce account history to generate a daily pre-call brief delivered by email.

For privacy questions, contact us at privacy@usemorningbrief.com.

2. What data we collect

We collect only the data necessary to generate your daily brief. We do not sell, rent, or share your data with third parties for advertising or marketing.

a. Account data you provide

  • Email address and password (passwords are hashed; we never store them in plain text).
  • Timezone and delivery preferences.

b. Google Calendar data (accessed via Google OAuth)

  • Read-only access to upcoming calendar events on your primary calendar via the https://www.googleapis.com/auth/calendar.readonly scope.
  • We read event titles, attendees, start/end times, and event descriptions to identify which accounts you are meeting with tomorrow.
  • We never write to, modify, or delete events on your calendar.
  • We never share Google user data with any third party for advertising, analytics, or training of AI/ML models.

c. Salesforce data (accessed via Salesforce OAuth)

  • Read-only access to Accounts, Opportunities, Contacts, and Tasks associated with the meetings on your calendar.
  • We never write to, modify, or delete records in your Salesforce org.

d. Usage and security data

  • Session cookies (HTTP-only) used to keep you signed in.
  • Server logs containing IP address, request path, user-agent, and timestamp, retained for up to 30 days for security and debugging.

3. How we use your data

We use your data strictly to:

  • Generate and email your daily pre-call brief.
  • Authenticate you and maintain your session.
  • Notify you of service changes, security issues, or billing matters.
  • Improve reliability, debug errors, and detect abuse.

We do not use Google user data or Salesforce data to train any AI or machine-learning model, for advertising, or for any purpose unrelated to delivering the service to you.

4. How we store and protect your data

  • All data is stored in encrypted Postgres databases hosted on Vercel and Neon (US-East region).
  • OAuth refresh tokens are encrypted at rest with AES-256-GCM before being written to the database.
  • All traffic to and from usemorningbrief.com is encrypted in transit via TLS 1.2+.
  • Access to production systems is restricted to authorized personnel using multi-factor authentication.

5. Data retention

  • Generated briefs are retained for up to 90 days so you can read them in your dashboard, then automatically deleted.
  • Calendar event data is fetched on-demand the night before each brief and is not persisted long-term.
  • When you delete your account or disconnect an integration, the associated OAuth refresh tokens and cached data are deleted from our systems within 30 days.

6. Your rights and choices

  • Access & deletion. You may request a copy of your data or full account deletion by emailing privacy@usemorningbrief.com. We will respond within 30 days.
  • Disconnect Google.You can revoke MorningBrief’s access to your Google account at any time at myaccount.google.com/permissions.
  • Disconnect Salesforce.You can revoke MorningBrief’s access in your Salesforce org under Setup → Connected Apps OAuth Usage → Revoke.
  • Unsubscribe from email. Every brief email includes an unsubscribe link.

7. Google API Services Limited Use

MorningBrief’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve user-facing features that are prominent in MorningBrief’s user interface.
  • We do not transfer Google user data to others unless necessary to provide or improve those features, comply with applicable law, or as part of a merger or acquisition with adequate notice to users.
  • We do not use or transfer Google user data for serving ads, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read Google user data unless we have your explicit consent to read specific items, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations and the data has been aggregated and anonymized.

8. Subprocessors

We rely on the following subprocessors to deliver the service:

  • Vercel— web hosting and serverless compute (United States).
  • Neon— managed Postgres database (United States).
  • Resend— transactional email delivery (United States).
  • Google LLC— OAuth and Calendar API.
  • Salesforce, Inc.— OAuth and Salesforce REST API.

9. Children

MorningBrief is not directed to children under 16, and we do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date. Material changes will be communicated by email to all active users at least 14 days before they take effect.

11. Contact

Questions? Email privacy@usemorningbrief.com.