Privacy Policy

At ThirdLayer, Inc. (“ThirdLayer,” “we,” “our,” or “us”), we are committed to respecting your privacy and keeping any information you share with us secure. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose, and process your personal data when you use our browser extension, AI features, and related services (“Service”). It also informs you how to access and update your personal information and outlines the data protection rights that may be available under your country's or state's laws.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have been informed of and consent to our practices regarding your personal information and data.

1. Your Personal Workspace

We believe your browsing environment should remain under your control while enabling powerful AI assistance. Dex, our privacy-first AI assistant, processes only the minimal data necessary to deliver intelligent, contextually-aware responses that enhance your productivity.

When you interact with Dex, only data relevant to your specific request (like your question or current tab context) is briefly sent to our servers and securely transmitted to our certified AI partners solely to generate your response. Our AI partners are contractually prohibited from storing or training models on your data once processing is complete. Browsing summaries are encrypted in transit and stored locally.

2. Information We Collect

We collect the following types of information:

  • Account Information: Email address, name, and authentication credentials when you create an account
  • Usage Data: Information about how you interact with the Service, including features used and preferences
  • Browser Context: Tab information and page content when you explicitly invoke Dex for assistance
  • Device Information: Browser type, operating system, and device identifiers for compatibility purposes

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and respond to your AI assistant queries
  • Personalize your experience and remember your preferences
  • Send you technical notices and support messages
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

4. Information Sharing

We do not sell your personal data. We may share information with:

  • AI Processing Partners: Certified partners who process queries solely to generate responses, with strict contractual prohibitions on data retention or model training
  • Service Providers: Third parties that assist with hosting, analytics, and customer support under confidentiality agreements
  • Legal Requirements: When required by law, regulation, or legal process

5. Your Rights & Choices

Depending on your location, you may have the following rights:

  • Access, correct, or delete your personal data
  • Object to or restrict certain processing activities
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time for consent-based processing
  • Lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@thirdlayer.inc

6. Infrastructure Security

  • Hosting and Data Centers: Our backend services are hosted on Supabase, built on AWS infrastructure with enterprise-grade security and compliance certifications
  • Supabase provides comprehensive security controls including encrypted data at rest, network isolation, and continuous monitoring
  • Data residency: Primary infrastructure located in the United States with built-in redundancy

7. Data Retention

We retain your personal data only as long as needed for the Service and outlined purposes:

  • Chat History: Stored on local servers with an option to delete upon request
  • Browser Memory Summaries: Stored locally for one week
  • Browser State Data: Stored locally for one week

We follow procedures to delete, erase, or anonymize data when no longer needed. You may request deletion of your personal data at any time. However, we retain server logs for a 30-day rolling period for security, debugging, and abuse prevention. Automated daily backups of our systems are maintained for disaster recovery purposes and may contain your data until the backup cycle is overwritten (up to 30 additional days).

8. Data Security & Encryption

We use commercially reasonable technical and organizational measures to protect your data. However, no internet transmission is 100% secure.

All data transmitted between your device and our servers is secured using TLS 1.2 or higher. Data stored on our infrastructure is encrypted at rest using 256-bit AES encryption.

Access to personal data is restricted to authorized personnel who require it for operational purposes. All access is protected by multi-factor authentication and is logged for auditing.

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

ThirdLayer, Inc.

Email: privacy@thirdlayer.inc

Last Updated: December 2024