The Operator's Brief
operatorsbrief.co

Privacy Policy

Effective May 8, 2026. Last updated May 8, 2026.

1. Who we are

The Operator's Brief is operated by Setlist Capital, the owner of the website at operatorsbrief.co. Questions or requests under this policy go to hello@operatorsbrief.co.

2. What we collect

  • Account data. Email address and full name at signup. Optional onboarding answers — your role, team size, industry, AI (artificial intelligence) experience level, top pain points, and stated goals — used to recommend a starting lesson.
  • Course progress. Which lessons you've started or completed, time spent on lesson pages, homework submissions, reflections, and the AI feedback returned on them. Tutor conversations you have with the in-lesson Q&A widget.
  • Playbook entries. The prompts and notes you save to your Playbook — including anything you paste into them. Treat the Playbook as content you have intentionally stored with us.
  • Billing data. All payment information (card number, billing address, transaction history) is handled directly by Stripe. We store only your Stripe customer ID and the metadata of your active subscription (tier, status, current period end). We never see your card number.
  • AI interaction data. Prompts and lesson content you submit to the in-product AI features are sent to Anthropic's Claude API (application programming interface) for inference. The prompt you sent and the model response are stored on our servers so the conversation, the Playbook, and the homework grading history remain available to you.
  • Product events. We log structured events — page views, lesson starts and completions, scroll depth, homework submissions, tutor escalations, and similar — to improve the product and detect when learners get stuck.
  • Analytics. Aggregate page-view and scroll-depth data, captured via a first-party analytics tool.
  • Technical data. Browser user-agent string, approximate IP-derived region, and the URL you arrived from — standard web-server log fields.

3. What we don't collect

  • No tracking pixels from Meta, TikTok, or other ad networks that build cross-site behavioral profiles.
  • No selling of personal data to third parties. Ever.
  • No reading or scanning of your email inbox. The course discusses email patterns; we do not connect to your mailbox. If you paste an email into a Playbook entry or homework submission, that text becomes content you stored with us — see Section 2.
  • No biometric data, no precise geolocation, no children's data. The product is for working adults.

4. Why we collect it

  • To run your account and deliver the course you paid for.
  • To produce the AI features — tutor responses, homework grading, Playbook generation — that the course is built around.
  • To process payments and manage your subscription.
  • To diagnose where learners get stuck so we can revise lessons that aren't landing.
  • To send you transactional email — receipts, account alerts, lesson availability — and, if you opt in, occasional product updates.
  • To comply with applicable law and respond to legal process.

5. Who we share it with

We use a small set of subprocessors to operate the product. Each processes only what it needs and is bound by its own privacy terms.

  • Anthropic — provides the Claude API used for tutor responses, homework grading, and the in-product AI features. Receives the prompts and lesson context required to generate a response. Anthropic privacy policy.
  • Stripe — processes payments and manages subscriptions. Receives your name, email, billing address, and card details (which you enter on Stripe's hosted checkout, never on our pages). Stripe privacy policy.
  • Supabase — provides authentication and the database that stores your account, progress, homework, Playbook, and tutor history. Supabase privacy policy.
  • Resend — sends transactional and announcement email. Receives your email address and the contents of the message we're sending you. Resend privacy policy.
  • Vercel — hosts the website and routes every request. Receives standard web-server log data. Vercel privacy policy.
  • LinkedIn and Google — if and when we run paid acquisition on these platforms, they may receive aggregated conversion data (e.g., that a signup occurred following a click). We do not send them your prompts, Playbook contents, or course progress. LinkedIn privacy policy. Google privacy policy.

We will also disclose information when required by law, court order, or to protect the rights, property, or safety of users and the public.

6. AI-specific disclosure

The Operator's Brief is built on AI (artificial intelligence). Two things you should know about how that works.

Where your prompts go. When you submit a question to the tutor, paste work for homework grading, or use any in-product AI feature, your prompt and the relevant lesson context are sent to Anthropic's Claude API for inference. Anthropic processes that input under its commercial API terms. Per Anthropic's published commitments, prompts and completions sent through the commercial Claude API are not used to train Anthropic's models.

Redact PII before pasting. PII (personally identifiable information) — client names, deal terms, salary figures, anything covered by an NDA (non-disclosure agreement) — should be redacted before you paste it into the tutor, a homework submission, or a Playbook entry. The course teaches redaction technique in Module 1, Lesson 4. If you paste it, it gets stored in our database and sent to Anthropic — the standard rule for any AI product applies here too. The course teaches redaction technique in Module 1, Lesson 2 (Email and Written Communication).

7. Data retention

  • While your subscription is active: we retain everything tied to your account — profile, progress, homework, tutor history, Playbook.
  • After cancellation: account data is retained for twelve (12) months so you can restore the account and pick up where you left off. After twelve months, the account and its associated data are deleted.
  • If you request deletion: Playbook entries, homework submissions, tutor messages, and your profile are deleted within thirty (30) days. Backup copies are purged on the standard ninety-day (90) backup-rotation cycle.
  • Billing records: Stripe retains transaction records under its own retention policy and applicable tax law, independent of your subscription status.
  • Anonymized analytics: aggregate event counts that are no longer linked to your account may be retained indefinitely to inform product decisions.

8. Your rights

You can:

  • Access the data we hold about you.
  • Correct data that's inaccurate.
  • Delete your account and the data tied to it.
  • Export a portable copy of your Playbook, homework, and progress.
  • Opt out of marketing email at any time, via the unsubscribe link in any message or by emailing us. You can't opt out of strictly transactional email (receipts, security alerts) while your account is active.

To exercise any of these rights, email hello@operatorsbrief.co from the address on your account. We respond within thirty (30) days.

9. California and EU specifics

California residents (CCPA — California Consumer Privacy Act). You have the rights described in Section 8, plus the right to know which categories of personal information we've collected and the categories of subprocessors we've shared them with (see Sections 2 and 5). You also have the right to opt out of the sale of personal information — this right does not apply to us, because we do not sell personal information. We do not knowingly collect or sell personal information of California residents under sixteen (16).

EU and UK residents (GDPR — General Data Protection Regulation, and UK GDPR). The legal bases on which we process your data are: contract performance — to deliver the course you paid for and to operate your account; legitimate interest — for product analytics, abuse prevention, and improving the curriculum; and consent — for marketing email, withdrawable at any time. You have the right to lodge a complaint with your supervisory authority (e.g., the ICO in the UK or your national data protection authority in the EU) if you believe we've mishandled your data. Setlist Capital acts as the data controller for purposes of GDPR.

10. Cookies

We use the minimum cookies needed to run the site:

  • Authentication session cookie — set when you sign in, so the site knows it's still you on the next page. Cleared when you sign out or when the session expires.
  • CSRF (cross-site request forgery) token — set per-session to protect form submissions.

We do not set advertising cookies. We do not load tracking pixels from social networks. If we add a first-party analytics cookie in the future, this section will be updated and existing users will be notified.

11. Updates to this policy

We'll update this page when our practices change. For material changes — new categories of data collected, new subprocessors with access to your data, or shorter retention windows that affect already-stored data — we'll email registered users at least thirty (30) days before the change takes effect. Non-material edits (clarifications, typos, section reordering) will be reflected here with a new “Last updated” date.

12. Effective date

This policy is effective as of May 8, 2026 and was last updated on May 8, 2026. Questions go to hello@operatorsbrief.co.