RoomBrief

Privacy Policy

Last updated: June 19, 2026

1. Introduction

RoomBrief (“we”, “us”, “our”) provides a software service that ingests LINE group chat messages, generates AI summaries, and optionally exports data to Google Sheets on your request.

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your choices. By creating an account or using RoomBrief, you agree to this policy.

2. Data we collect

Depending on how you use RoomBrief, we may process the following categories of data:

  • Account data: email address (including email you confirm when signing up with LINE), name, password hash (if you register with email/password), profile photo, language preference, organization membership, optional LINE user ID for login and in-chat permissions, and optional Google account ID when you sign in with Google or connect Google under Settings → Profile.
  • Authentication events: sign-in method used, OAuth state for Google flows, and audit log entries when you link or unlink LINE or Google in Profile.
  • LINE data: group and user identifiers, display names, profile images, chat messages, timestamps, stickers, and attachments that your workspace chooses to ingest through the LINE bot.
  • Summary and export data: AI-generated summaries, export settings, and files you download or send to Google Sheets.
  • Billing and usage: subscription plan, credit balance, token usage, and audit logs of administrative actions.
  • Technical data: IP address, browser type, API request logs, and security-related metadata (for example, authentication events).

3. Cookies and website analytics

On our public marketing website we may use cookies and similar technologies to remember your language choice, measure traffic, and improve our pages. The cookie consent banner appears on the marketing site only; your choice is stored in `roombrief-cookie-consent` and, in production, shared with the logged-in product app on the same parent domain (for example `www.roombrief.app` and `app.roombrief.app`) so we do not ask again.

  • Essential cookies: `roombrief-locale` stores your language preference so pages load in the language you chose. These cookies are required for that feature and do not need separate consent.
  • Analytics (optional): If you accept all cookies, we may load Google Tag Manager and related analytics tags (for example Google Analytics) to understand how visitors use our marketing pages. These tools may set cookies such as `_ga` and collect usage data including IP address and browser type.
  • Marketing (optional): If you accept all cookies and we enable Meta Messenger chat, Meta may set cookies when the chat plugin loads.
  • Your choice: A cookie banner on the marketing site lets you accept all cookies or use essential cookies only. If you open the product app directly without a stored choice, the same banner appears there once. The product app does not ask again after you have chosen on either site. You can change your browser settings to delete cookies at any time. Rejecting optional cookies does not block access to the marketing site or the product app.

4. Google user data

Sign in or register with Google: we receive your Google account identifier, email address, and basic profile information (such as your name and profile picture) to create your RoomBrief account or sign you in. Registering with Google creates a new workspace; signing in with Google on the login page does not create an account if none exists.

Connect Google in Settings → Profile: optional. We store your Google account identifier so you can sign in with Google later. Your RoomBrief primary email address does not change when you connect Google this way.

Google Sheets export (separate from sign-in): we request the Google Drive per-file scope (`drive.file`) so we can append summary rows only to spreadsheets you explicitly choose in the product app (via Google Picker). We do not access your other Google Drive files, Gmail, or spreadsheets you have not selected. We store an encrypted OAuth refresh token so exports can run without asking you to sign in every time.

You can disconnect Google sign-in from Settings → Profile, disconnect Google Sheets from export settings, and revoke RoomBrief’s access at any time in your Google Account permissions (https://myaccount.google.com/permissions).

5. How we use data

We use personal data only to operate, secure, and improve RoomBrief:

  • Authenticate you and manage your workspace and team access.
  • Ingest LINE messages, generate summaries with AI models you select, and deliver exports you request.
  • Describe image attachments with AI when your workspace enables that feature.
  • Calculate usage, enforce plan limits, and process billing credits.
  • Provide support, prevent abuse, and comply with legal obligations.

6. Sharing and processors

We do not sell your personal data. We share data only as needed to provide the service:

  • Infrastructure providers (for example, cloud hosting, PostgreSQL, Redis, and object storage such as AWS S3) under our control.
  • AI providers (OpenAI and/or Google Gemini) to generate summaries or describe attachments — chat content is sent only for processing your workspace’s requests.
  • Google APIs when you use Sign in with Google or Google Sheets export.
  • LINE Platform when sending or receiving messages through your connected bot.
  • Other members of your organization according to their role and your workspace settings.
  • Authorities when required by applicable law or to protect rights, safety, and security.

7. Data retention

We retain workspace messages, summaries, and attachments for as long as your organization uses RoomBrief or as needed to provide the service, comply with law, resolve disputes, and enforce agreements.

Short-lived summary share tokens in URLs expire within minutes and are not intended for long-term access. LIFF membership verification and related security logs may be kept for a limited period to investigate abuse.

You may request deletion of your account or workspace data by contacting us at [email protected]. Some billing, audit, or security logs may be kept for a limited period where required by law or legitimate business needs.

8. Security

We use technical and organizational measures including: encryption of sensitive credentials (such as third-party OAuth refresh tokens), role-based access in the product app, signed short-lived tokens for shared summary links, private object storage for attachments, and audit logging of administrative and billing actions.

When you open a shared summary from LINE, we verify your LINE identity token and confirm current membership in the relevant chat before returning content.

No method of transmission or storage is completely secure. Use a strong password, limit workspace membership to trusted colleagues, and only add the RoomBrief bot to groups you are authorized to monitor.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, and to object to certain processing or withdraw consent where applicable.

To exercise these rights, contact us at [email protected]. You may also manage Google access through your Google Account settings.

10. LINE LIFF summary access and shared links

When you open a shared summary link from LINE (including links opened via https://liff.line.me), we process LINE Login/LIFF identity data (for example LINE user ID), chat source identifiers, access timestamp, and verification outcomes to confirm that the viewer is currently a member of that LINE chat.

Summary URLs include a short-lived signed token (typically on the order of minutes). After expiry, the link cannot load the summary until a new link is issued from RoomBrief.

We use this processing to protect chat data from unauthorized access, investigate abuse, and enforce workspace security controls. Security verification logs may be retained for a limited period.

  • Shared summary links are designed to reduce unauthorized access, but no link-based mechanism can fully prevent screenshots, manual forwarding, or other out-of-band sharing.
  • If membership verification fails, access to the shared summary may be denied even when the viewer has the original URL.

11. Google API Services User Data Policy

RoomBrief’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

  • We use Google user data only to provide or improve user-facing features you request (Google sign-in, optional Google connection in Profile, and appending rows to spreadsheets you select for export).
  • We do not use Google user data for serving advertisements.
  • We do not sell Google user data.
  • We do not allow humans to read Google user data except with your consent, for security purposes, to comply with law, or in aggregated form for internal operations.

12. Children

RoomBrief is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date at the top of this page. Continued use of RoomBrief after changes means you accept the updated policy.

14. Contact us

For privacy questions or requests, contact us at [email protected].