Privacy Policy

Last updated: March 6, 2026

My Daily Brief ("we", "us", or "our") operates mydailybrief.co (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using the Service you agree to the practices described here.

1. Information We Collect

1.1 Account Information

When you register we collect your name, email address, and a securely hashed password (if you sign up with email/password). If you sign in with Google we receive your name, email address, and profile picture from Google.

1.2 Preferences & Content

To personalise your brief we store your selected interests and sub-interests, preferred delivery schedule, location (for local news, if provided), custom focus keywords, and favourite news sources.

1.3 Tasks

Premium users may create tasks manually or sync them from Google Tasks. We store task titles, notes, and due dates solely to include them in your daily brief.

1.4 Google User Data (Calendar & Tasks Integration)

Premium users may optionally connect a Google account to enable calendar and task features. When you connect a Google account, we request the following OAuth scopes and access the following specific data:

  • https://www.googleapis.com/auth/calendar.readonly — We read the title, start and end date/time, and location of events on your primary Google Calendar for the current day only. We do not access event descriptions, attendee lists, video conference links, or any other calendar metadata beyond what is needed to display your daily schedule.
  • https://www.googleapis.com/auth/tasks.readonly — We read your Google Task titles, notes, and due dates for incomplete tasks. We do not access completed tasks, subtasks, or task list metadata beyond what is needed to surface your to-do list.
  • https://www.googleapis.com/auth/userinfo.email & https://www.googleapis.com/auth/userinfo.profile — We read your Google account email address and display name solely to identify which Google account is connected to your MyDailyBrief account.

What we do not access: We do not access the content of your emails (Gmail), your contacts, Google Drive files, your full calendar history, private event details, attendee information, or any Google data beyond the specific scopes listed above.

We store your OAuth access token and refresh token in encrypted form in our database solely to fetch calendar events and tasks on your behalf at the time your brief is generated each morning. Calendar event data and task data are not stored permanently — they are fetched at generation time, included in your brief email, and then discarded. Only the OAuth tokens themselves are stored.

1.5 Usage & Engagement Data

We record which newsletter sections you click on (pillar and article URL) to gradually improve article ranking for your account over time. This data is associated with your account and is never shared with third parties for advertising purposes.

1.6 Payment Information

Payments are processed by Stripe. We do not store your card number or payment details on our servers. We store a Stripe customer ID and subscription status to manage your premium plan.

2. How We Use Your Information

We use the data we collect to:

  • Generate and deliver your personalised daily brief to your email address.
  • Include today's Google Calendar events and synced Google Tasks in your brief (premium feature, only when you have connected a Google account).
  • Adapt article ranking based on the topics you engage with most.
  • Manage your account, subscription, and preferences.
  • Send transactional emails (welcome email, password reset).
  • Improve the quality and relevance of the Service.

We do not use your data — including any Google user data — for advertising, and we do not sell your data to any third party.

3. Google API Services — Data Practices

My Daily Brief's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This section describes our specific data practices for Google user data in detail.

3.1 Data Accessed

When you connect a Google account, we access only the minimum data necessary to provide the requested features:

  • Google Calendar: event title, start/end date and time, and location for today's events only
  • Google Tasks: task title, notes, and due date for your incomplete tasks only
  • Google Account: your email address and display name to identify the connected account

We do not access Gmail, Google Drive, Google Contacts, full calendar history, attendee details, or any data beyond what is explicitly listed above.

3.2 Data Usage

Google user data is used exclusively to provide and improve the features you have explicitly enabled:

  • Calendar data is used solely to render a "Today's Schedule" section in your daily brief email, showing your meetings and events for the day.
  • Tasks data is used solely to render a "Your Tasks" section in your daily brief email, surfacing incomplete tasks as a morning reminder.
  • Account identity data (email, name) is used solely to link the Google account to your MyDailyBrief account and to display which account is connected in your dashboard.

We do not use Google user data to train AI or machine-learning models, to build user profiles for advertising, to personalise content outside your brief, or for any purpose beyond the features described above.

3.3 Data Sharing

Google user data is not sold, rented, or shared with any third party for advertising, analytics, or any commercial purpose. Specifically:

  • Your Google Calendar or Tasks data is never sent to OpenAI, NewsAPI, Meta, TikTok, or any advertising platform.
  • Your Google OAuth tokens are stored only in our database (Supabase) and are not shared with any third party.
  • The only service that handles your brief content (which includes calendar/task data rendered as text) is Resend, our email delivery provider, which receives the finished HTML of your brief solely to deliver it to your inbox.

We may disclose Google user data only if required by law or to protect the rights and safety of our users, and only to the minimum extent necessary.

3.4 Data Storage & Protection

  • OAuth access tokens and refresh tokens are encrypted at rest in our Supabase (PostgreSQL) database hosted on AWS infrastructure.
  • All data in transit between our servers and Google's APIs is protected by TLS 1.2 or higher.
  • Calendar event data and task data are not stored persistently. They are fetched from Google at brief generation time, rendered into your email, and discarded. Only the OAuth tokens are stored.
  • Access to stored OAuth tokens is restricted to the application service account. No employees have routine access to individual users' Google data.
  • We do not allow any human to read your Google Calendar or Tasks data unless you have explicitly requested support assistance, or we are required to do so by applicable law.

3.5 Data Retention & Deletion

Retention:

  • OAuth tokens are retained only while your Google account remains connected to MyDailyBrief. They are permanently deleted as soon as you disconnect your Google account from your dashboard, or when you delete your MyDailyBrief account.
  • Calendar and task data is not stored — it is fetched at brief generation time and exists only within the email delivered to your inbox. We retain no copy of this data.
  • Account identity data (your Google email and display name used to identify the connection) is retained until you disconnect the Google account or delete your MyDailyBrief account.

Deletion:

  • Disconnect Google: You can disconnect your Google account at any time from your dashboard. This immediately revokes our access and permanently deletes all stored OAuth tokens.
  • Delete your account: You may request full account deletion, including all Google user data, by emailing privacy@mydailybrief.co. We will complete the deletion within 30 days and confirm by email.
  • Revoke via Google: You can also revoke MyDailyBrief's access to your Google account at any time from your Google Account permissions page. Upon revocation, our refresh token becomes invalid and we will no longer be able to access your Google data.

4. Third-Party Services

We share data with the following service providers only to the extent necessary to operate the Service:

SupabaseDatabase hosting — stores your account data, preferences, tasks, and OAuth tokens. Data is encrypted at rest.
ResendTransactional email delivery — receives your email address and the HTML content of your brief in order to deliver it to your inbox.
OpenAIAI text generation — article headlines and descriptions from public news sources are sent to OpenAI to generate the narrative sections of your brief. We do not send your personal data, calendar events, or tasks to OpenAI.
NewsAPINews aggregation — we query NewsAPI with your selected interest keywords to retrieve public news articles. No personal data is shared.
StripePayment processing — handles subscription billing. Governed by Stripe's own privacy policy.
Google APIsCalendar events and Tasks are fetched directly from Google on your behalf using OAuth tokens you have authorised. Google's own privacy policy governs Google's handling of your data.

We do not sell, rent, or share your personal data with any other third parties.

5. Data Retention

We retain your account data for as long as your account is active. Newsletter history is kept for up to 90 days. Article interaction data used for engagement scoring is retained for up to 12 months. If you delete your account all personal data, OAuth tokens, tasks, and newsletter history are permanently deleted. You may request deletion at any time by contacting us at the address in Section 10.

6. Data Security

We implement and maintain reasonable and appropriate technical and organisational measures to protect your data:

  • OAuth tokens (including Google OAuth tokens) are stored encrypted at rest in our database.
  • Passwords are hashed using bcrypt and are never stored in plain text.
  • All data in transit between your browser, our servers, and third-party APIs is protected by TLS 1.2 or higher.
  • Access to user data is restricted to authorised application processes only. No employees have routine access to individual users' personal data or Google user data.

No method of transmission or storage is 100% secure. In the event of a data security incident that affects your personal data, we will notify you and any applicable regulatory authorities as required by applicable law, and without undue delay. Notification will be provided to the email address associated with your account and will describe the nature of the incident, the data affected, and the steps we are taking to address it.

If you believe your account has been compromised, please contact us immediately at privacy@mydailybrief.co.

7. Your Rights & Choices

  • Access & correction: You can view and update your name, email, interests, and preferences at any time from your dashboard.
  • Disconnect Google: You can disconnect any connected Google account from your dashboard at any time. This immediately revokes our access to your calendar and tasks data and deletes the stored OAuth tokens.
  • Delete your account: Contact us to permanently delete your account and all associated data.
  • Opt out of engagement tracking: Contact us to disable article click tracking for your account.
  • Unsubscribe: You can cancel your subscription and stop receiving briefs from your dashboard settings at any time.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at:

My Daily Brief

Email: privacy@mydailybrief.co

Website: mydailybrief.co