Privacy Policy
Last Updated: December 13, 2025
Quick Navigation
DeployBrief ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our deployment brief generation service.
By using DeployBrief, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
Information We Collect
Account Information
When you authenticate with Microsoft Entra ID (Azure Active Directory), we collect:
- • Email address - Used as your unique identifier
- • Display name - For personalization
- • Profile picture - If available from Microsoft
- • Microsoft subject identifier - For authentication
Azure DevOps Connection Data
When you connect Azure DevOps workspaces to generate deployment briefs, we collect and store:
- • Personal Access Tokens (PATs) - Encrypted and securely stored to access Azure DevOps APIs
- • Workspace names and projects - To identify which data sources to query
- • Connection metadata - Creation date, last used, validation status
Azure DevOps Retrieved Data
When generating deployment briefs, we retrieve the following data from Azure DevOps (not permanently stored unless part of a saved brief):
- • Work items - Titles, descriptions, types, states, assignees
- • Pull requests - Titles, descriptions, reviewers, merge dates, repositories
- • Pipeline information - Build numbers, release names, deployment stages, dates
- • Test results - Test names, pass/fail status, execution times, test suites
- • Code coverage metrics - Line coverage percentages, uncovered code locations
Note: This data remains in Azure DevOps and is only retrieved temporarily to generate briefs. Generated briefs (markdown content) are stored in our database.
Generated Content
When you generate and save deployment briefs, we store:
- • Brief content - Markdown-formatted deployment documentation
- • Brief metadata - Title, creation date, pipeline information, template used
- • Custom templates - Your template configurations and customizations
- • Pipeline presets - Saved pipeline configurations for quick access
API Keys
For CI/CD integration, when you generate API keys:
- • API key hashes - Securely hashed (never stored in plain text)
- • Key metadata - Name, scopes, creation/expiration dates, last used date
Usage and Diagnostic Data
We automatically collect certain information to improve our service:
- • Session information - Login timestamps, session duration, IP addresses
- • Usage metrics - Number of briefs generated, features used, API calls
- • Error logs - Application errors, performance issues (no personal data)
- • Browser/device information - User agent, browser type, operating system
Contact Form Submissions
When you use our contact form, we collect your name, email, subject, and message content. These submissions are logged for support purposes.
How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery
- • Authenticate and authorize your access to DeployBrief
- • Connect to your Azure DevOps workspaces and retrieve deployment data
- • Generate, store, and display deployment briefs
- • Enable multi-workspace and team collaboration features
- • Provide API access for CI/CD integration
Service Improvement
- • Analyze usage patterns to improve features and user experience
- • Monitor application performance and identify technical issues
- • Track feature adoption and prioritize development
Communication
- • Respond to your support requests and inquiries
- • Send important service updates and security notifications
- • Notify you of new features or changes to the service (with opt-out)
Security and Compliance
- • Detect and prevent fraud, abuse, and security incidents
- • Enforce our Terms of Service and usage policies
- • Comply with legal obligations and respond to lawful requests
Data Storage & Security
Data Storage
- • Database: PostgreSQL database for user accounts, briefs, templates, and metadata
- • Location: Cloud infrastructure with data redundancy and backups
- • Retention: Data is retained while your account is active. See "Data Retention" below
Security Measures
We implement industry-standard security measures to protect your data:
- • Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
- • Encryption at Rest: Sensitive data (PATs, API keys) is encrypted using AES-256 encryption
- • Password Hashing: API keys are hashed using bcrypt with high work factors (never stored in plain text)
- • Session Security: HTTP-only, secure session cookies with expiration (7 days default)
- • Access Control: Workspace-scoped data access with role-based permissions
- • Rate Limiting: API rate limiting and request throttling to prevent abuse
- • Monitoring: Continuous security monitoring and logging with OpenTelemetry
Data Retention
- • Active Accounts: Data is retained while your account is active
- • Deleted Accounts: Upon account deletion, all personal data and briefs are permanently deleted within 30 days
- • Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., transaction records)
- • Anonymized Analytics: Aggregated, anonymized usage data may be retained indefinitely for analytics
Important: While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the security of your Azure DevOps PATs and API keys.
Third-Party Services
DeployBrief integrates with the following third-party services:
Microsoft Entra ID (Azure Active Directory)
Purpose: User authentication and identity management
Data Shared: OAuth authorization code, state parameters
Privacy Policy: Microsoft Privacy Statement
Azure DevOps
Purpose: Retrieve deployment data (work items, PRs, pipelines, tests, coverage)
Data Shared: Your Azure DevOps Personal Access Tokens (PATs) are used to authenticate API requests. We do not share your PATs with any third parties.
Privacy Policy: Microsoft Privacy Statement
Cloud Infrastructure Provider
Purpose: Hosting, database, and infrastructure services
Data Stored: All application data is stored on secure cloud infrastructure with encryption at rest and in transit.
Future Third-Party Services
As we expand DeployBrief's features, we may integrate additional third-party services (e.g., payment processing via Stripe, email services, analytics). We will update this privacy policy to reflect any new integrations.
Note: We do not sell, trade, or rent your personal information to third parties. We only share data with service providers necessary to operate DeployBrief, and they are bound by confidentiality obligations.
Your Rights
Depending on your location and applicable laws (such as GDPR, CCPA), you have certain rights regarding your personal information:
Access
You have the right to request a copy of the personal information we hold about you.
Correction
You can update your profile information directly in the DeployBrief application. If you need assistance, contact us.
Deletion
You have the right to request deletion of your account and personal information. Once deleted, all your data (briefs, templates, connections) will be permanently removed within 30 days.
Portability
You can export your deployment briefs in markdown or PDF format at any time. For a complete data export, contact us.
Opt-Out
You can opt out of non-essential communications (marketing emails, feature announcements). Security and service-critical notifications cannot be disabled.
Restriction or Objection
You may request restriction of processing or object to certain data uses. Contact us to discuss your specific concerns.
To Exercise Your Rights: Contact us at privacy@deploybrief.com with your request. We will respond within 30 days. You may need to verify your identity before we can process your request.
International Data Transfers
DeployBrief operates globally. If you access our service from outside the region where our servers are located, your data may be transferred across international borders. By using DeployBrief, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.
Children's Privacy
DeployBrief is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Cookies and Tracking
DeployBrief uses the following cookies:
- • db_session - Essential session cookie for authentication (HTTP-only, secure, 7-day expiration)
- • oauth_state - Temporary OAuth flow validation (HTTP-only, secure, 10-minute expiration)
We do not use third-party tracking cookies or advertising cookies. Essential cookies are required for the service to function and cannot be disabled.
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- • Updating the "Last Updated" date at the top of this page
- • Sending an email notification to your registered email address
- • Displaying a prominent notice in the application
Your continued use of DeployBrief after changes become effective constitutes acceptance of the updated policy.
Contact Us
If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
Email (Privacy Matters)
privacy@deploybrief.comEmail (General Support)
support@deploybrief.comContact Form
Submit a contact formWe take your privacy seriously and will respond to all requests within 30 days. For urgent matters, please indicate "URGENT" in your subject line.