Trust & security

Security at BriefMe

BriefMe is built as a private document review workspace for underwriting and lending teams. This page summarizes the security posture we are designing toward for pilots without claiming certifications we have not earned.

Last updated: June 11, 2026

Private document review workspace

BriefMe is designed to keep borrower documents, application records, reviewer notes, and AI-assisted draft outputs inside authenticated workspaces instead of public links or shared inboxes.

  • Access to the app is built with Supabase Auth so users must authenticate before entering protected workflows.
  • Workspace data is intended to be scoped by account-level access controls and Supabase Row Level Security policies.
  • Borrower documents are stored privately and are not intended for public browsing.

Document access controls

BriefMe is built with private borrower document storage. Where document access links are generated, they are intended to be private and short-lived rather than permanent public URLs.

  • Uploaded borrower and business files should only be available to authenticated users with permission to the related application.
  • Document access should flow through application-level checks before a reviewer can open a file.
  • Teams should avoid uploading documents they are not authorized to process in BriefMe.

Human review required

BriefMe supports reviewers; it does not replace them. AI-assisted analysis is a draft work aid and human review is required before any underwriting, credit, or lending action.

  • BriefMe does not approve or deny loans.
  • BriefMe does not make final income, credit, or lending determinations.
  • Reviewers are responsible for validating extracted data, assumptions, exceptions, and final workpapers.

AI data handling

No customer document data should be used to train public AI models. AI-assisted outputs should be treated as draft analysis for the authenticated workspace and reviewed by a human before use.

Deletion and retention

Data deletion is available by request. Contact support@briefme.ai with the account email and relevant application or business name. Some future enterprise or legal retention obligations may require a documented retention process before deletion is completed.

Certification roadmap

BriefMe is early-stage software. We do not claim SOC 2, ISO 27001, HIPAA, GLBA certification, bank-level certification, or similar third-party certifications unless and until those programs are completed and documented.

Report a security issue

Please report suspected vulnerabilities, exposed data, authentication issues, or document access concerns to security@briefme.ai. Include a clear description, affected account email, URLs or record identifiers if safe to share, and steps to reproduce.