Privacy policy

Last updated: 15 March 2026


BZ Trade BV (“BZ Trade”, “we”, “our”), a Belgian limited liability company with its registered seat at Charlottalei 58, 2018 Antwerp, operates the online platform Brieflee.be (the “Service”). BZ Trade acts as Data Controller for the personal data described in this policy. Contact us at support@brieflee.be.

1. Who We Are


BZ Trade BV, operating as Brieflee, provides AI-assisted legal research tools to legal professionals and law students in Belgium and beyond. We are the Data Controller for the purposes of Regulation (EU) 2016/679 (GDPR) and applicable Belgian privacy legislation.

2. Scope of this Policy


This policy explains the personal data we collect from users of the Service, why we process it, how long we retain it, and the rights you can exercise under the GDPR. The Service is intended for legal professionals and law students and is not directed at children under 16 years old.

3. Data We Collect


We collect the following categories of personal data. Unless stated otherwise, data is required to deliver the Service securely.

Account Data: Name, email address, phone number (provided by you, mandatory for registration).

Billing Data: Address, VAT or enterprise number (provided by you, collected for paid plans only).

Technical Data: IP address, browser or user-agent, and server logs (collected automatically, required for security).

Support Data: Messages you send to support (provided by you, optional).

We do not intentionally collect special categories of personal data (Article 9 GDPR) such as health or biometric information.

Connected Account Data (Google Drive Integration):

If you choose to connect your Google account, we may access Google Drive file metadata (such as file names, folder structure, file types, and modification dates) and the contents of files you explicitly select within the Service. This access is provided through Google API Services and is only initiated by you.

4. Purposes and Legal Bases


Provide and administer your account, authenticate log-ins — Article 6(1)(b) GDPR (contract).

Processing payments and invoicing — Article 6(1)(b) and 6(1)(c) GDPR (contract and legal obligation).

Maintain and secure the Service (debugging, preventing fraud) — Article 6(1)(f) GDPR (legitimate interest).

Respond to support requests — Article 6(1)(b) GDPR (contract).

Direct email updates about critical changes — Article 6(1)(f) GDPR (legitimate interest, you may object at any time).

Marketing newsletters (if offered) — Article 6(1)(a) GDPR (consent, opt-in).

Processing documents imported from connected services (e.g., Google Drive) to provide AI-assisted analysis and document workflows — Article 6(1)(b) GDPR (contract).

5. Sharing and Sub-Processing


We only share personal data when necessary to deliver the Service:

Microsoft Azure — EU (West Europe) region, for cloud hosting and storage.

Stripe — payment processing for paid plans.

All providers act under written Data Processing Agreements in accordance with Article 28 GDPR.

6. International Transfers


Primary data storage is located within the European Economic Area. If a sub-processor operates outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to protect your data.

7. Retention


Account data: retained while your account is active plus 12 months after deletion to resolve disputes.

Billing records: retained for 7 years as required by Belgian accounting law.

Server logs: retained for 6 months unless necessary for security investigations.

8. Security Measures


• TLS encryption in transit and AES-256 encryption at rest on Microsoft Azure.
• Network segmentation, firewalls, and regular vulnerability reviews.
• Role-based access controls with MFA for staff.
• Automated backups and integrity checks.

9. Your Rights


You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing based on legitimate interests. For self-service edits, log into the Service and visit Settings → Profile. To delete your account or exercise other rights, email support@brieflee.be. You may also lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit), Rue de la Presse 35, 1000 Brussels.

10. Changes to this Policy


We may update this policy as our practices evolve. We will notify you by email or in-app notice at least 14 days before material changes take effect if they impact your rights.

11. Google API Services — User Data Policy


This section describes how Brieflee accesses, uses, stores, and protects data obtained through Google API Services, in compliance with the Google API Services User Data Policy.

a) Data Accessed

When you choose to connect your Google account to Brieflee, our application requests access to the following Google user data via the Google Drive API:

  • Google Drive file metadata — file names, folder structure, file types, and modification dates.

  • Google Drive file content — the contents of files you explicitly select or grant access to within the Service.


We only request the minimum scopes necessary to deliver the Service’s functionality. Access is initiated by you and can be revoked at any time (see section (e) below).

b) Data Usage

Brieflee uses Google Drive data exclusively to provide you with the Service’s core features, including AI-assisted legal research and document analysis.

Specifically, we use the data to:

  • Retrieve and display documents you select from your Google Drive within the Brieflee interface.

  • Analyse document content using our AI-assisted tools to support your legal research workflow.

  • Organise and present your files within the Service workspace.


We do not use Google user data for advertising, marketing profiling, or any purpose unrelated to the Service’s core functionality.

We do not use Google user data to train general-purpose AI or machine-learning models.

c) Data Sharing

Brieflee does not sell, rent, or share Google user data with third parties except as strictly necessary to operate the Service.

Google user data may be processed by:

  • Microsoft Azure (EU – West Europe region) — cloud infrastructure provider hosting the Service.


All processing occurs under a Data Processing Agreement in accordance with Article 28 GDPR.

We do not share Google user data with advertisers, data brokers, or analytics providers.

d) Data Storage and Protection

Google user data is stored on Microsoft Azure servers located in the European Union (West Europe region).

We protect this data using the same security measures described in Section 8, including:

  • TLS encryption for data in transit

  • AES-256 encryption for data at rest

  • Role-based access controls with multi-factor authentication

  • Network segmentation, firewalls, and regular vulnerability assessments


e) Data Retention and Deletion

Google Drive data retrieved by the Service is retained only for as long as your account remains active and the Google Drive integration is connected.


You may disconnect your Google account at any time via:

Settings → Integrations


Upon disconnection:

  • All cached Google Drive data is deleted from our servers within 48 hours.


If you delete your Brieflee account:

  • All associated Google user data is permanently deleted within 48 hours.


You may also request deletion at any time by contacting:

support@brieflee.be


You can additionally revoke Brieflee’s access through your Google Account permissions page.

f) Compliance with Google API Services User Data Policy

Brieflee’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.