Privacy policy

Last updated: 13 February 2026


BZ Trade BV (“BZ Trade”, “we”, “our”), a Belgian limited liability company with its registered seat at Charlottalei 58, 2018 Antwerp, operates the online platform Brieflee.be (the “Service”). BZ Trade acts as Data Controller for the personal data described in this policy. Contact us at support@brieflee.be.

1. Who We Are


BZ Trade BV, operating as Brieflee, provides AI-assisted legal research tools to legal professionals and law students in Belgium and beyond. We are the Data Controller for the purposes of Regulation (EU) 2016/679 (GDPR) and applicable Belgian privacy legislation.

2. Scope of this Policy


This policy explains the personal data we collect from users of the Service, why we process it, how long we retain it, and the rights you can exercise under the GDPR. The Service is intended for legal professionals and law students and is not directed at children under 16 years old.

3. Data We Collect


We collect the following categories of personal data. Unless stated otherwise, data is required to deliver the Service securely.

Account Data: Name, email address, phone number (provided by you, mandatory for registration).

Billing Data: Address, VAT or enterprise number (provided by you, collected for paid plans only).

Technical Data: IP address, browser or user-agent, and server logs (collected automatically, required for security).

Support Data: Messages you send to support (provided by you, optional).

We do not intentionally collect special categories of personal data (Article 9 GDPR) such as health or biometric information.

4. Purposes and Legal Bases


Provide and administer your account, authenticate log-ins — Article 6(1)(b) GDPR (contract).

Processing payments and invoicing — Article 6(1)(b) and 6(1)(c) GDPR (contract and legal obligation).

Maintain and secure the Service (debugging, preventing fraud) — Article 6(1)(f) GDPR (legitimate interest).

Respond to support requests — Article 6(1)(b) GDPR (contract).

Direct email updates about critical changes — Article 6(1)(f) GDPR (legitimate interest, you may object at any time).

Marketing newsletters (if offered) — Article 6(1)(a) GDPR (consent, opt-in).

5. Sharing and Sub-Processing


We only share personal data when necessary to deliver the Service:

Microsoft Azure — EU (West Europe) region, for cloud hosting and storage.

Stripe — payment processing for paid plans.

All providers act under written Data Processing Agreements in accordance with Article 28 GDPR.

6. International Transfers


Primary data storage is located within the European Economic Area. If a sub-processor operates outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to protect your data.

7. Retention


Account data: retained while your account is active plus 12 months after deletion to resolve disputes.

Billing records: retained for 7 years as required by Belgian accounting law.

Server logs: retained for 6 months unless necessary for security investigations.

8. Security Measures


• TLS encryption in transit and AES-256 encryption at rest on Microsoft Azure.
• Network segmentation, firewalls, and regular vulnerability reviews.
• Role-based access controls with MFA for staff.
• Automated backups and integrity checks.

9. Your Rights


You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing based on legitimate interests. For self-service edits, log into the Service and visit Settings → Profile. To delete your account or exercise other rights, email support@brieflee.be. You may also lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels.

10. Changes to this Policy


We may update this policy as our practices evolve. We will notify you by email or in-app notice at least 14 days before material changes take effect if they impact your rights.