Security & privacy

Your business data is safe with Briskly

We're a small team building Briskly carefully. Here's what we do — and what we don't — with your data, in plain English.

We do not train AI models on your conversations

What you tell Briskly stays Briskly's working memory for your business — it is not used to train any AI model, ours or our providers'. We send prompts to model providers with their training opt-outs set.

Encrypted in transit and at rest

All traffic uses TLS 1.3. Your data is encrypted at rest in our database. Application secrets and credentials are encrypted and access-controlled.

Payments handled by Stripe — we never see your card

Card details are tokenized by Stripe and never touch Briskly's servers. Stripe is PCI-DSS Level 1 compliant. We process subscriptions through Stripe's hosted flows.

Database on Neon with point-in-time recovery

Your business data lives in a Postgres database hosted on Neon. Neon provides continuous backup with point-in-time recovery, so accidental deletions can be rewound rather than lost.

Built on SOC 2 Type II–compliant infrastructure

Briskly runs on Railway (application compute) with the database on Neon and payments via Stripe. All three providers are SOC 2 Type II compliant. We inherit their security posture for the layers we depend on.

You own your domain, phone number, and email

If you ever leave Briskly, your domain, business phone number, and business email address are yours to take with you. We do not hold them hostage.

What we don't claim

Briskly is pre-launch. We have not completed our own SOC 2 Type II, ISO 27001, or HIPAA audit. If you need formal third-party certification for your use case, please reach out at support@usebriskly.com and we'll be honest about where we are.

Report a security issue

Found a vulnerability or have a concern? Email security@usebriskly.com and we'll respond within one business day. Please don't publicly disclose until we've had a chance to fix it.

Back to home·Privacy policy·Terms