Privacy Policy

    Effective Date: February 27, 2026

    Our Commitment to Your Privacy

    DoppelBrain ("we," "our," or "us") is built on a simple principle: your browsing data belongs to you. We created DoppelBrain to help you recall and make sense of your own research — not to monetize your activity. This Privacy Policy explains how we collect, use, protect, store, and manage your personal information when you use the DoppelBrain browser extension, web dashboard, AI assistant, and related services (collectively, the "Service").

    By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

    1. Information We Collect

    1.1 Account Information

    When you create a DoppelBrain account, we collect:

    • Email address — used for authentication, account recovery, and essential service communications.
    • Display name (if provided) — used for personalization within the Service.
    • Authentication credentials — securely hashed passwords or third-party OAuth tokens (e.g., Google Sign-In). We never store passwords in plain text.

    1.2 Browsing Activity Data

    When the browser extension is enabled, DoppelBrain collects information about your web browsing activity, including:

    • Page URLs — the web addresses of pages you visit.
    • Page titles and headings — used to categorize and organize your knowledge graph.
    • Selected page content — text content from pages you visit, used to enable intelligent search and AI-powered analysis.
    • Timestamps — the date and time of each browsing event.
    • Interaction metadata — information about how you interact with web pages, which may include click events, copy actions, hover events, and manual saves.

    This data is collected passively and automatically while the extension is enabled. You may disable tracking at any time via the extension toggle, at which point no browsing data will be collected.

    1.3 Chat and Query Data

    When you use the DoppelBrain AI Assistant, we collect:

    • Messages you send to the AI Assistant.
    • AI-generated responses provided to you.
    • Search queries entered in the dashboard search functionality.

    This data is stored as part of your account to provide continuity of your conversational history and to improve the relevance of future responses.

    1.4 Technical and Usage Data

    We automatically collect certain technical information when you use the Service, including:

    • Device information — browser type and version, operating system.
    • Extension metadata — extension version, enabled/disabled status.
    • Usage patterns — feature usage frequency, dashboard interactions, session duration.
    • Error and performance logs — crash reports, error messages, and performance metrics used to diagnose and resolve technical issues.

    We do not collect IP addresses for tracking purposes. IP addresses may be temporarily processed by our infrastructure for security, rate-limiting, and abuse prevention, but are not stored in association with your browsing data.

    1.5 Information We Do NOT Collect

    DoppelBrain is designed with privacy-first principles. We explicitly do not collect:

    • Browsing activity on sensitive or blacklisted domains (see Section 2).
    • Passwords, financial account numbers, or payment card details from your browsing.
    • Government-issued identification numbers (SSN, passport numbers, etc.).
    • Health or medical information from browsing content.
    • Biometric data.
    • Contents of private messages, emails, or social media communications.
    • Keystrokes or screen recordings.

    2. How We Protect Your Privacy During Collection

    2.1 Domain-Level Blacklist

    DoppelBrain maintains an extensive blacklist of approximately 20 million domains classified as sensitive. The browser extension checks every URL against this blacklist before any data is collected or transmitted. If a domain is on the blacklist, no data of any kind — including the URL, page title, or page content — is collected, recorded, or sent to our servers.

    The blacklist includes, but is not limited to, domains in the following categories:

    • Banking and financial institutions
    • Payment processors and digital wallets
    • Social media platforms
    • Email providers and webmail services
    • Healthcare and medical portals
    • Government services and portals
    • Authentication and single sign-on pages
    • Adult content websites
    • Password managers and security tools

    The blacklist is updated periodically to ensure comprehensive and current coverage.

    2.2 Content-Level Sensitive Data Filtering

    In addition to domain-level filtering, DoppelBrain employs automated content-level filtering to detect and discard sensitive personal information that may inadvertently be present in collected browsing data. If our filtering systems identify content that appears to contain:

    • Financial account numbers or payment card information
    • Government-issued identification numbers
    • Health or medical records
    • Authentication credentials or security tokens
    • Other categories of sensitive personal data

    Such data will be automatically discarded and will not be stored in our systems. While we make commercially reasonable efforts to ensure the effectiveness of these filters, no automated filtering system is perfect. If you believe sensitive data has been inadvertently stored, please contact us immediately and we will promptly investigate and remove it.

    2.3 User-Controlled Tracking

    You are in full control of when DoppelBrain collects your browsing data:

    • Extension toggle: You can enable or disable tracking at any time via the browser extension popup. When disabled, no browsing data is collected or transmitted.
    • Selective browsing: Tracking only occurs while the extension is enabled. You may disable it at any time for any session, page, or period.

    3. How We Use Your Information

    We use the information we collect solely for the following purposes:

    3.1 Providing the Service

    • Capturing and organizing your browsing activity into a searchable knowledge graph.
    • Powering intelligent search, category filters, and the browsing history timeline.
    • Enabling the AI Assistant to answer your questions and analyze your browsing data.
    • Displaying your knowledge map (mindmap) and Trail view.
    • Personalizing the Service based on your usage patterns and preferences.

    3.2 Maintaining and Improving the Service

    • Diagnosing technical issues, bugs, and errors.
    • Monitoring Service performance and reliability.
    • Developing new features and improving existing functionality.
    • Conducting internal analytics on aggregated, anonymized usage patterns to understand how the Service is used.

    3.3 Security and Abuse Prevention

    • Detecting and preventing unauthorized access, fraud, and abuse.
    • Enforcing our Terms and Conditions.
    • Protecting the rights, property, and safety of DoppelBrain, our users, and the public.

    3.4 Communications

    • Sending essential service communications (e.g., account verification, password resets, security alerts).
    • Notifying you of material changes to the Service, these policies, or your account.
    • Responding to your support requests and inquiries.

    We will only send marketing or promotional communications if you have opted in, and you may opt out at any time.

    4. How We Do NOT Use Your Information

    To be unambiguous about our commitments:

    • We do not sell your personal data. We have never sold user data to third parties and have no plans or intention to do so.
    • We do not rent, lease, or commercially distribute your data to advertisers, data brokers, or any other third parties.
    • We do not use your browsing data to serve advertisements. DoppelBrain does not display ads and does not share data with advertising networks.
    • We do not use your individual browsing data to train general-purpose AI models. Your personal data is not fed into external AI training pipelines. AI features within the Service operate on your data solely to serve you.
    • We do not build behavioral profiles for third parties. Your data is used only within the context of your own DoppelBrain account.

    5. Data Sharing and Disclosure

    5.1 We Do Not Sell Your Data

    DoppelBrain does not sell, trade, or otherwise transfer your personal information to third parties for their own commercial purposes.

    5.2 Service Providers

    We may engage trusted third-party service providers to assist in operating and delivering the Service. These providers may have access to your personal information only to the extent necessary to perform their functions and are contractually bound to:

    • Use your data only for the purposes specified by DoppelBrain.
    • Maintain the confidentiality and security of your data.
    • Not use your data for any independent purpose, including marketing or profiling.

    Categories of service providers we may use include:

    • Cloud infrastructure and hosting providers.
    • Authentication and identity verification services.
    • Error monitoring and performance analytics tools.
    • Customer support platforms.
    • Payment processors (for subscription billing only — we do not store your payment card details).

    5.3 Legal Requirements

    We may disclose your personal information if required to do so by law, or if we believe in good faith that such action is necessary to:

    • Comply with a legal obligation, court order, or lawful government request.
    • Protect and defend the rights, property, or safety of DoppelBrain, our users, or the public.
    • Detect, prevent, or address fraud, security incidents, or technical issues.

    If legally permitted, we will make reasonable efforts to notify you before disclosing your data in response to a legal request.

    5.4 Business Transfers

    In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. In such cases, we will require the acquiring entity to honor this Privacy Policy or provide you with notice and an opportunity to opt out before your data is subject to a different privacy policy.

    6. Data Storage and Security

    6.1 Storage Location

    Your data is stored in secure, access-restricted hosting environments. We use enterprise-grade cloud infrastructure with data centers that maintain industry-standard physical and logical security controls.

    6.2 Encryption

    • In transit: All data transmitted between your browser, the extension, and our servers is encrypted using TLS 1.2 or higher (TLS 1.3 preferred).
    • At rest: All stored data, including browsing activity, chat history, and account information, is encrypted at rest using industry-standard encryption algorithms (AES-256 or equivalent).

    6.3 Access Controls

    Access to user data within our infrastructure is strictly limited to authorized personnel and systems on a need-to-know basis. We enforce:

    • Multi-factor authentication for all administrative access.
    • Role-based access controls with the principle of least privilege.
    • Audit logging of all data access events.

    6.4 Security Practices

    We maintain a security program that includes:

    • Regular security assessments and vulnerability testing.
    • Continuous monitoring of our systems for unauthorized access or anomalous activity.
    • Incident response procedures to promptly address any security events.
    • Secure software development practices.

    6.5 No Absolute Guarantee

    While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable law.

    7. Data Retention

    7.1 Active Accounts

    We retain your personal data and browsing activity for as long as your account remains active and you continue to use the Service. Your data is available to you at all times through the dashboard.

    7.2 Data Clearing

    You may clear all of your browsing data at any time through the dashboard settings. Once cleared, this data is permanently removed from our active systems and cannot be recovered.

    7.3 Account Deletion

    When you delete your account, all associated personal data — including account information, browsing activity, knowledge graph data, chat history, and any other data linked to your account — is permanently deleted from our systems. Account deletion is irreversible.

    We will complete the deletion process within thirty (30) days of your request. During this period, your data may remain in encrypted backups, which are purged on their regular rotation cycle and no later than ninety (90) days following your deletion request.

    7.4 Post-Termination

    If you terminate your account or cease using the Service, we do not retain your personal data beyond the periods described in this section, except where required by applicable law (e.g., for tax, legal, or regulatory compliance purposes).

    8. Your Rights

    8.1 Universal Rights

    Regardless of your location, you have the following rights with respect to your personal data:

    • Access. You can view all data DoppelBrain has collected about you at any time through the dashboard — including via the Trail view, History view, and by querying the AI Assistant.
    • Deletion. You can delete your browsing data (partially or completely) or your entire account at any time through the Service settings.
    • Control. You can enable or disable tracking at any time via the extension toggle.
    • Export. Where available through the Service, you may request a copy of your data in a portable format.
    • Opt-out. You can opt out of non-essential communications at any time.

    8.2 European Economic Area and United Kingdom (GDPR)

    If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

    • Right of access (Article 15) — to request a copy of the personal data we hold about you.
    • Right to rectification (Article 16) — to request correction of inaccurate personal data.
    • Right to erasure (Article 17) — to request deletion of your personal data.
    • Right to restriction of processing (Article 18) — to request that we limit how we process your data.
    • Right to data portability (Article 20) — to receive your personal data in a structured, commonly used, machine-readable format.
    • Right to object (Article 21) — to object to the processing of your personal data for certain purposes.
    • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

    Legal basis for processing: We process your personal data based on the following legal grounds:

    • Performance of a contract — processing necessary to provide you with the Service (Article 6(1)(b)).
    • Legitimate interests — processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your data protection rights (Article 6(1)(f)).
    • Consent — where you have given us specific consent for a particular processing activity (Article 6(1)(a)).
    • Legal obligation — processing necessary to comply with applicable laws (Article 6(1)(c)).

    To exercise your GDPR rights, please contact us at the address provided in Section 13.

    8.3 California Residents (CCPA/CPRA)

    If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

    • Right to know — You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
    • Right to delete — You may request that we delete the personal information we have collected from you, subject to certain exceptions.
    • Right to correct — You may request that we correct inaccurate personal information.
    • Right to opt out of sale or sharing — DoppelBrain does not sell or share your personal information as defined under the CCPA/CPRA. Therefore, there is no need to opt out. However, if this practice ever changes, we will provide a clear and conspicuous opt-out mechanism.
    • Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

    To exercise your CCPA/CPRA rights, please contact us at the address provided in Section 13.

    8.4 Canadian Residents (PIPEDA)

    If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including:

    • The right to access your personal information held by DoppelBrain.
    • The right to challenge the accuracy and completeness of your personal information and have it amended as appropriate.
    • The right to withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
    • The right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

    DoppelBrain collects, uses, and discloses personal information only for purposes that a reasonable person would consider appropriate in the circumstances, and only with your knowledge and consent.

    9. Cookies and Tracking Technologies

    9.1 Website Cookies

    The DoppelBrain website (doppelbrain.com) may use the following types of cookies:

    • Strictly necessary cookies — required for core website functionality, such as authentication, navigation, and security. These cannot be disabled.
    • Analytics cookies — used to understand how visitors interact with the website, including page views, traffic sources, and navigation patterns. These are only activated with your explicit consent.

    9.2 Browser Extension

    The DoppelBrain browser extension does not use cookies. It communicates with our servers via secure API calls authenticated with your account token.

    9.3 Managing Cookies

    You can manage your cookie preferences through:

    • The cookie consent banner displayed on our website.
    • Your browser settings, where you can block or delete cookies at any time.
    • The privacy preferences link in the website footer, which allows you to modify your consent choices.

    10. Third-Party Links

    The Service may display links to third-party websites as part of your browsing history and knowledge graph. These links direct you to sites that are not operated by DoppelBrain. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

    11. Children's Privacy

    DoppelBrain is not intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete such information from our systems. If you believe that a child has provided us with personal information, please contact us at the address provided in Section 13.

    12. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes:

    • We will update the "Last Updated" date at the top of this document.
    • We will notify you via email to the address associated with your account.
    • We will provide a prominent notice within the Service (e.g., an in-app notification or banner).
    • For material changes, we will provide at least thirty (30) days' notice before the changes take effect.

    Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised Privacy Policy, you should discontinue use of the Service and delete your account.

    13. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    DoppelBrain Inc.

    Privacy Inquiries: privacy@doppelbrain.com

    General Support: support@doppelbrain.com

    Website: doppelbrain.com

    For complaints regarding our handling of your personal data, you may also contact the applicable data protection authority in your jurisdiction.

    14. Legal Compliance

    DoppelBrain is committed to complying with applicable data protection laws and regulations, including but not limited to:

    • General Data Protection Regulation (GDPR) — European Union and United Kingdom.
    • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — State of California, United States.
    • Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada.
    • Canada's Anti-Spam Legislation (CASL) — for electronic communications.
    • Other applicable federal, provincial, state, and local privacy laws.

    By using DoppelBrain, you acknowledge that you have read and understood this Privacy Policy.