Privacy Policy

Last Updated: November 5, 2025

Privacy First: Your Data Stays With You

DapLinks is designed with privacy at its core. All your bookmarks, folders, tasks, analytics, and browsing habits are stored locally on your device using Chrome's secure storage API. We do not track your browsing activity, collect usage analytics, or send your personal data to external servers.

1. Information We Collect

1.1 Data Stored Locally on Your Device (Not Sent to Servers)

The following data is stored exclusively in your browser using Chrome's local storage API and never leaves your device:

Bookmarks & Links: All URLs, titles, descriptions, and metadata you save
Folders & Organization: Your custom folders, tags, and organizational structure
Tasks & Notes: To-do lists, task boards, and personal notes
Analytics & Habits: Your productivity statistics, browsing patterns, and usage insights
Settings & Customization: Themes, backgrounds, preferences, and configurations
AI Configuration: Your OpenAI API key (if provided) for AI features

1.2 Data Stored on Our Servers (Minimal, Authentication Only)

We only collect and store the following information on our servers, which is necessary to provide authentication and subscription services:

Email Address: Used for account creation, login, and password recovery
Password Hash: Securely hashed and salted (we never store plain-text passwords)
Subscription Status: Your premium subscription status and trial eligibility
Stripe Customer ID: Required to manage your subscription through Stripe

1.3 Data We DO NOT Collect

Browsing History: We do not track or record which websites you visit
Usage Analytics: We do not collect data about how you use the extension
Device Information: We do not collect browser type, version, OS, or hardware details
Location Data: We do not access or store your physical location
Third-Party Tracking: We do not use Google Analytics, Facebook Pixel, or any tracking scripts
Cookies: We do not use cookies for tracking (only session authentication)

2. How We Use Your Information

We use the minimal information we collect (email and authentication data) solely to:

Authenticate your account and keep you logged in
Process subscription payments through Stripe
Send password reset emails (via SendGrid)
Provide customer support when you contact us
Send critical service announcements (security alerts, terms updates)

We do NOT use your information for:

Marketing or promotional emails (unless you explicitly opt-in)
Selling or renting to third parties
Behavioral advertising or profiling
Analytics or usage tracking

3. Data Storage and Security

3.1 Local Storage Security

Your bookmarks, tasks, and personal data are stored using Chrome's built-in storage API, which:

Encrypts data at rest on your device
Restricts access to only the DapLinks extension
Never transmits your data over the internet
Remains under your complete control

3.2 Server Security (Authentication Data Only)

For the minimal data we do store on servers (email, password hash, subscription status):

Passwords: Hashed using SHA-256 with email-based salting
Data in Transit: Protected with TLS/SSL encryption (HTTPS)
Hosting: Secure servers provided by Railway with regular security updates
Access Control: Strict authentication required for all API requests

4. Data Sharing and Third Parties

We share your information only with essential third-party services required to operate DapLinks:

4.1 Stripe (Payment Processing)

What we share: Email address and subscription details
Purpose: Process payments and manage subscriptions
Privacy Policy: stripe.com/privacy
Note: Your credit card details are entered directly into Stripe's secure form—we never see or store them

4.2 SendGrid (Email Delivery)

What we share: Email address only
Purpose: Send password reset and verification emails
Privacy Policy: twilio.com/legal/privacy

4.3 Railway (Infrastructure)

What we share: Server-hosted data (email, password hash, subscription status)
Purpose: Cloud hosting infrastructure
Privacy Policy: railway.app/legal/privacy

We do NOT share your data with:

Advertising networks
Data brokers or analytics companies
Social media platforms
Any party for marketing purposes

5. AI Features and OpenAI

DapLinks offers optional AI-powered features (semantic search, smart tagging, auto-organization):

Your OpenAI API Key: Stored locally on your device (never sent to our servers)
AI Requests: Sent directly from your browser to OpenAI's API using your key
Data Sent to OpenAI: Only the specific bookmarks/data you choose to analyze with AI features
Your Control: AI features are completely optional—you can use DapLinks without them
OpenAI Privacy: Subject to OpenAI's Privacy Policy

Important: When you use AI features, bookmark data is sent to OpenAI for processing. This is a direct connection between your browser and OpenAI—DapLinks does not intercept or store this data.

6. Your Data Rights

You have complete control over your data:

6.1 Local Data (Bookmarks, Tasks, Settings)

Export: Export all your data anytime through the extension settings
Delete: Clear all local data through the extension or by uninstalling
Control: Your data never leaves your device, so you have total ownership

6.2 Server Data (Email, Account)

Access: View your account details anytime in the extension
Update: Change your email or password through account settings
Delete: Request account deletion by emailing support@daplinks.com
Deletion Timeline: Account data deleted within 30 days of request

7. Data Retention

Local Data: Stored on your device indefinitely until you delete it or uninstall the extension
Active Accounts: Email and authentication data retained while your account is active
Deleted Accounts: All server data permanently deleted within 30 days
Subscription Data: Stripe retains payment records per their legal requirements (typically 7 years)

8. No Cross-Device Syncing

Important: DapLinks stores all data locally on your device. We do NOT offer cloud syncing or cross-device synchronization. This means:

Your bookmarks, tasks, and settings are specific to each browser installation
Installing DapLinks on a new device starts with a fresh local database
You can manually export/import your data to transfer between devices
This design ensures maximum privacy—your data never touches our servers

9. Children's Privacy

DapLinks is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at support@daplinks.com, and we will delete it promptly.

10. International Users and Data Transfers

DapLinks is operated from the United States. If you are located outside the U.S.:

Your authentication data (email, password hash) is stored on U.S.-based servers
Your bookmarks and personal data remain on your local device (no international transfer)
By creating an account, you consent to the transfer and processing of authentication data in the U.S.
We comply with applicable data protection laws, including GDPR for EU users

11. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights:

Right to Know: Request details about personal information we collect (limited to email and authentication data)
Right to Delete: Request deletion of your account data
Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email us at support@daplinks.com with "CCPA Request" in the subject line.

12. GDPR Compliance (EU Users)

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

Legal Basis for Processing

Contract Performance: Processing your email and authentication data is necessary to provide the service
Consent: You provide consent when creating an account
Legitimate Interest: Preventing fraud and ensuring security

Your GDPR Rights

Right of Access: Obtain a copy of your data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Limit how we process your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

Data Controller

DapLinks is the data controller for the personal information we collect. To exercise your GDPR rights, contact us at support@daplinks.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

We will update the "Last Updated" date at the top of this policy
We will notify you via email (to the address on file)
We may display a notification within the extension
Continued use of DapLinks after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Security Incidents

In the unlikely event of a data breach affecting your authentication data:

We will notify affected users within 72 hours
We will provide details about the breach and steps we're taking
We will report to relevant authorities as required by law

Note: Because your bookmarks and personal data are stored locally on your device (not on our servers), they are not at risk in a server-side breach.

Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have privacy concerns:

Email: support@daplinks.com
Subject Line: "Privacy Inquiry" or "Data Rights Request"
Website: daplinks.com

We will respond to all privacy inquiries within 30 days (or as required by applicable law).