Privacy Policy

Last updated: March 2026

Your Privacy Matters

BrainDrop is built on the principle that your knowledge is yours. We take your privacy seriously and are committed to being transparent about how we handle your data.

What We Collect

Browser extension (Chrome)

The BrainDrop extension collects only what is needed for the product: (1) Authentication — we use a session token (synced from your sign-in on our website) to keep you logged in; we do not collect or store passwords. (2) Web history (saved items only) — we store the URL and page title only for pages you explicitly choose to save; we do not collect your full browsing history. (3) Website content — we store only the text and links you explicitly save: highlighted text, notes you add, and the page URL/title. We do not collect images, audio, or video from pages. (4) We do not collect location, health, financial, or personal communications data in the extension.

Account information (personally identifiable information)

When you sign up on our website, we receive your name, email address, and profile picture from your OAuth provider (Google or GitHub). We use this to identify your account and personalize your experience. The extension does not collect additional PII; it only uses your session to authenticate API requests.

Saved content

When you save content using the BrainDrop extension or website, we store the URL, title, highlighted text, your notes, and tags. This data is used exclusively to build your personal knowledge graph and power the RAG query engine.

Embeddings & knowledge graph

We generate vector embeddings of your saved content to create semantic connections. These embeddings are stored alongside your content and are never shared with other users.

Query history

When you query your knowledge base, we store the query and response to improve your experience and provide query history. We do not monitor general browsing, clicks, scrolls, or keystrokes.

How We Use Your Data

  • Building and maintaining your personal knowledge graph
  • Powering AI-driven queries against your saved content
  • Generating your Brain Passport (only when you request it)
  • Detecting knowledge gaps and generating learning paths
  • Improving the service through aggregated, anonymized analytics

What We Don't Do

  • We never sell your personal data or knowledge graph to third parties
  • We never use your saved content to train AI models
  • We never share your data with advertisers
  • We never access your content for purposes beyond providing the service

Data Security

Your data is encrypted at rest and in transit. We use industry-standard security practices including TLS encryption, secure database access, and regular security audits. Your knowledge graph data is isolated per user — no other user can access your content.

Third-Party Services

We use the following third-party services:

  • AI API Providers — For generating embeddings and query responses. Your content is sent to generate embeddings but is not retained by these providers.
  • OAuth Providers — Google and GitHub for authentication only.
  • Stripe — For payment processing. We never store your full credit card details.

Your Rights

You have the right to:

  • Export all your data at any time
  • Delete individual items or your entire account
  • Control what's included in your Brain Passport
  • Revoke API tokens and disconnect integrations

Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (saved items, knowledge graph, embeddings, query history) is permanently deleted within 30 days.

Contact

Questions about privacy? Reach out to us at privacy@braindrop.youmeyou.ai.