At ThirdLayer, Inc. (“ThirdLayer,” “we,” “our,” or “us”), we are committed to respecting your privacy and keeping any information you share with us secure. This privacy policy ("Privacy Policy") explains how we collect, use, disclose, and process your personal data when you use our browser extension, AI features, and related services ("Service"). It also informs you how to access and update your personal information and outlines the data protection rights that may be available under your country’s or state’s laws.
Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have been informed of and consent to our practices regarding your personal information and data.
Your Personal Workspace
We believe your browsing environment should remain under your control while enabling powerful AI assistance. Dex, our privacy-first AI assistant, processes only the minimal data necessary to deliver intelligent, contextually-aware responses that enhance your productivity.
When you interact with Dex, only data relevant to your specific request (like your question or current tab context) is briefly sent to our servers and securely transmitted to our certified AI partners solely to generate your response. Our AI partners are contractually prohibited from storing or training models on your data once processing is complete. Browsing summaries are encrypted in transit and stored locally.
To provide intelligent responses, Dex processes your content through secure vector embeddings—converting information into mathematical representations that help Dex understand and retrieve relevant context. Dex plans to actively avoid processing data from sensitive sites (healthcare, banking, financial).
When you delete conversations, snips, or browsing data, it's permanently removed.
We will never sell your personal data—we use it solely to provide accurate, helpful AI assistance tailored to your needs.
Our Commitment
We continuously enhance our security posture and compliance framework. For organizations operating in regulated environments, we provide customized security assessments, additional documentation, and can accommodate specific compliance requirements through our enterprise engagement process.
Our Commitment
We continuously enhance our security posture and compliance framework. For organizations operating in regulated environments, we provide customized security assessments, additional documentation, and can accommodate specific compliance requirements through our enterprise engagement process.
Our Commitment
We continuously enhance our security posture and compliance framework. For organizations operating in regulated environments, we provide customized security assessments, additional documentation, and can accommodate specific compliance requirements through our enterprise engagement process.
Personal Information We Collect
A. Personal Data You Provide to Us Directly
Account Information: When you download the Chrome extension, we access your linked account (including email and name). Integrating with third-party software via Pipedream provides us with OAuth permissions (e.g., Gmail, Notion, Google Calendar, Sheets, Slack, Outlook, Drive, Jira, Docs, Discord, Figma, Teams, Reddit, Hubspot, Linear).
Communication Information: If you contact us, we collect your name, contact information, and the contents of any messages you send.
Feedback: When you provide feedback about Dex, we may store the entire interaction.
B. Personal Data We Receive from Your Use of the Service
When you use Dex, we automatically collect certain data to provide AI-powered features:
Chat History: We store your conversations with Dex to maintain context and improve your experience across sessions.
Usage Data: Includes timestamps, features used, and interaction patterns.
Technical Data: Includes error logs and metrics.
C. AI Requests
To provide its features, Dex makes AI requests to our server, including when you send questions in chat or load pages so that Dex Autosuggest can make next action suggestions for you.
Your input and relevant browser context are shared with trusted AI partners to generate responses (e.g., OpenAI/Anthropic/Google). We generate summaries of your browsing activities on our servers and store them locally on your device. When you ask Dex a question, only data relevant to your request is sent off-device.
An AI request typically includes context such as recently visited URLs, tabs, and page content. Our prompt-building happens on our server.
Semantic Indexing and Retrieval
Dex allows you to semantically index information such as Snips and websites to better answer your questions with full context.
Indexing Process: Information you choose to index is sent to us, chunked into smaller segments, and converted into numerical embeddings. These embeddings are stored securely in Turbopuffer.
Browsing Summaries: Summaries of your browsing content are stored locally on your device. If you request a summarization, we send relevant page data to our servers to create the summary. We then compute a random identifier (ID) and associate each vector with this ID.
Retrieval at Inference: When answering your questions, we compute embeddings for your query, Turbopuffer performs a similarity search, and Dex retrieves the associated vectors. The matched content is then read from your local device to provide the final answer.
Snips: When saving Snips, Dex follows the same embedding process with Turbopuffer for later retrieval.
No Plaintext in Turbopuffer: At no point is your original, unprocessed content (plaintext) stored in Turbopuffer—only vector embeddings.
D. Information We Do Not Collect
Dex does not knowingly collect sensitive personal information (e.g., financial, health-related) unless explicitly provided during use.
We do not store your full browsing history or retain browser data beyond immediate use.
Personal Information We Collect
A. Personal Data You Provide to Us Directly
Account Information: When you download the Chrome extension, we access your linked account (including email and name). Integrating with third-party software via Pipedream provides us with OAuth permissions (e.g., Gmail, Notion, Google Calendar, Sheets, Slack, Outlook, Drive, Jira, Docs, Discord, Figma, Teams, Reddit, Hubspot, Linear).
Communication Information: If you contact us, we collect your name, contact information, and the contents of any messages you send.
Feedback: When you provide feedback about Dex, we may store the entire interaction.
B. Personal Data We Receive from Your Use of the Service
When you use Dex, we automatically collect certain data to provide AI-powered features:
Chat History: We store your conversations with Dex to maintain context and improve your experience across sessions.
Usage Data: Includes timestamps, features used, and interaction patterns.
Technical Data: Includes error logs and metrics.
C. AI Requests
To provide its features, Dex makes AI requests to our server, including when you send questions in chat or load pages so that Dex Autosuggest can make next action suggestions for you.
Your input and relevant browser context are shared with trusted AI partners to generate responses (e.g., OpenAI/Anthropic/Google). We generate summaries of your browsing activities on our servers and store them locally on your device. When you ask Dex a question, only data relevant to your request is sent off-device.
An AI request typically includes context such as recently visited URLs, tabs, and page content. Our prompt-building happens on our server.
Semantic Indexing and Retrieval
Dex allows you to semantically index information such as Snips and websites to better answer your questions with full context.
Indexing Process: Information you choose to index is sent to us, chunked into smaller segments, and converted into numerical embeddings. These embeddings are stored securely in Turbopuffer.
Browsing Summaries: Summaries of your browsing content are stored locally on your device. If you request a summarization, we send relevant page data to our servers to create the summary. We then compute a random identifier (ID) and associate each vector with this ID.
Retrieval at Inference: When answering your questions, we compute embeddings for your query, Turbopuffer performs a similarity search, and Dex retrieves the associated vectors. The matched content is then read from your local device to provide the final answer.
Snips: When saving Snips, Dex follows the same embedding process with Turbopuffer for later retrieval.
No Plaintext in Turbopuffer: At no point is your original, unprocessed content (plaintext) stored in Turbopuffer—only vector embeddings.
D. Information We Do Not Collect
Dex does not knowingly collect sensitive personal information (e.g., financial, health-related) unless explicitly provided during use.
We do not store your full browsing history or retain browser data beyond immediate use.
Personal Information We Collect
A. Personal Data You Provide to Us Directly
Account Information: When you download the Chrome extension, we access your linked account (including email and name). Integrating with third-party software via Pipedream provides us with OAuth permissions (e.g., Gmail, Notion, Google Calendar, Sheets, Slack, Outlook, Drive, Jira, Docs, Discord, Figma, Teams, Reddit, Hubspot, Linear).
Communication Information: If you contact us, we collect your name, contact information, and the contents of any messages you send.
Feedback: When you provide feedback about Dex, we may store the entire interaction.
B. Personal Data We Receive from Your Use of the Service
When you use Dex, we automatically collect certain data to provide AI-powered features:
Chat History: We store your conversations with Dex to maintain context and improve your experience across sessions.
Usage Data: Includes timestamps, features used, and interaction patterns.
Technical Data: Includes error logs and metrics.
C. AI Requests
To provide its features, Dex makes AI requests to our server, including when you send questions in chat or load pages so that Dex Autosuggest can make next action suggestions for you.
Your input and relevant browser context are shared with trusted AI partners to generate responses (e.g., OpenAI/Anthropic/Google). We generate summaries of your browsing activities on our servers and store them locally on your device. When you ask Dex a question, only data relevant to your request is sent off-device.
An AI request typically includes context such as recently visited URLs, tabs, and page content. Our prompt-building happens on our server.
Semantic Indexing and Retrieval
Dex allows you to semantically index information such as Snips and websites to better answer your questions with full context.
Indexing Process: Information you choose to index is sent to us, chunked into smaller segments, and converted into numerical embeddings. These embeddings are stored securely in Turbopuffer.
Browsing Summaries: Summaries of your browsing content are stored locally on your device. If you request a summarization, we send relevant page data to our servers to create the summary. We then compute a random identifier (ID) and associate each vector with this ID.
Retrieval at Inference: When answering your questions, we compute embeddings for your query, Turbopuffer performs a similarity search, and Dex retrieves the associated vectors. The matched content is then read from your local device to provide the final answer.
Snips: When saving Snips, Dex follows the same embedding process with Turbopuffer for later retrieval.
No Plaintext in Turbopuffer: At no point is your original, unprocessed content (plaintext) stored in Turbopuffer—only vector embeddings.
D. Information We Do Not Collect
Dex does not knowingly collect sensitive personal information (e.g., financial, health-related) unless explicitly provided during use.
We do not store your full browsing history or retain browser data beyond immediate use.
How We Use Personal Data
We use your data to:
Provide and maintain the Service
Communicate with you about support and updates
Improve the service through debugging, research, and development
Ensure security and prevent abuse
Comply with legal obligations
We do not use Inputs or Suggestions to train our models unless you explicitly report them to us or agreed to their use for training purposes. We may aggregate or de-identify personal data so that it no longer identifies you to improve our services.
How We Use Personal Data
We use your data to:
Provide and maintain the Service
Communicate with you about support and updates
Improve the service through debugging, research, and development
Ensure security and prevent abuse
Comply with legal obligations
We do not use Inputs or Suggestions to train our models unless you explicitly report them to us or agreed to their use for training purposes. We may aggregate or de-identify personal data so that it no longer identifies you to improve our services.
How We Use Personal Data
We use your data to:
Provide and maintain the Service
Communicate with you about support and updates
Improve the service through debugging, research, and development
Ensure security and prevent abuse
Comply with legal obligations
We do not use Inputs or Suggestions to train our models unless you explicitly report them to us or agreed to their use for training purposes. We may aggregate or de-identify personal data so that it no longer identifies you to improve our services.
How We Share Personal Data
We do not sell or rent your data. Specifically, we do not:
Sell your data to third parties
Use or transfer your data for unrelated purposes
Use or transfer your data for credit assessment or lending
However, limited sharing may occur in these situations:
AI Partners: Data may be processed by OpenAI’s GPT models, Anthropic’s Claude models. Our AI partners may temporarily store request data for abuse monitoring and troubleshooting. They do not use your data to train their models unless you explicitly opt in. Please refer to their respective privacy policies for details.
Service Providers: We share data with vendors that support hosting, analytics, support, and IT services.
Legal Compliance: We may disclose data to comply with laws, respond to legal requests, or enforce terms.
Business Transfers: In the event of a merger or acquisition, personal data may be transferred.
With Your Consent: We share data only when you give permission.
How We Share Personal Data
We do not sell or rent your data. Specifically, we do not:
Sell your data to third parties
Use or transfer your data for unrelated purposes
Use or transfer your data for credit assessment or lending
However, limited sharing may occur in these situations:
AI Partners: Data may be processed by OpenAI’s GPT models, Anthropic’s Claude models. Our AI partners may temporarily store request data for abuse monitoring and troubleshooting. They do not use your data to train their models unless you explicitly opt in. Please refer to their respective privacy policies for details.
Service Providers: We share data with vendors that support hosting, analytics, support, and IT services.
Legal Compliance: We may disclose data to comply with laws, respond to legal requests, or enforce terms.
Business Transfers: In the event of a merger or acquisition, personal data may be transferred.
With Your Consent: We share data only when you give permission.
How We Share Personal Data
We do not sell or rent your data. Specifically, we do not:
Sell your data to third parties
Use or transfer your data for unrelated purposes
Use or transfer your data for credit assessment or lending
However, limited sharing may occur in these situations:
AI Partners: Data may be processed by OpenAI’s GPT models, Anthropic’s Claude models. Our AI partners may temporarily store request data for abuse monitoring and troubleshooting. They do not use your data to train their models unless you explicitly opt in. Please refer to their respective privacy policies for details.
Service Providers: We share data with vendors that support hosting, analytics, support, and IT services.
Legal Compliance: We may disclose data to comply with laws, respond to legal requests, or enforce terms.
Business Transfers: In the event of a merger or acquisition, personal data may be transferred.
With Your Consent: We share data only when you give permission.
Pipedream as Our OAuth Integration Manager
We use Pipedream to securely manage OAuth connections between Dex and the third-party services you choose to connect (e.g., Gmail, Notion, Google Calendar, Slack, Jira).
When you connect a service through Dex:
You are redirected to that service’s OAuth authorization page to grant access.
Pipedream receives and securely stores the OAuth tokens needed for Dex to interact with that service on your behalf.
These tokens are encrypted and stored by Pipedream, not by us directly.
Pipedream processes the minimum amount of data required to enable the integration you authorize. They do not use your data for their own purposes. For details on their privacy practices, please review the Pipedream Privacy Policy.
We only request the specific permissions needed to enable the features you select. You may revoke these permissions at any time through the connected service’s settings or by contacting us at founders@joindex.com. If you revoke access, Pipedream will delete the corresponding OAuth tokens.
Client Security
Dex operates as a Chrome extension and communicates securely with our backend services.
Domain Communication: The extension only makes authenticated requests to our backend domain: app.getdexterity.com.
Authentication Required: You must be signed in and authenticated to use Dex’s features.
Transport Security: All data transmitted between the Dex extension and our backend is encrypted in transit using HTTPS/TLS.
Extension Permissions: Dex only requests the minimum Chrome extension permissions necessary to provide its features.
Local Storage: Certain data, such as browsing summaries and user preferences, is stored locally on your device to minimize server-side storage.
Infrastructure Security
Hosting and Data Centers: Our backend services are hosted on Supabase, built on AWS infrastructure with enterprise-grade security and compliance certifications
Supabase provides comprehensive security controls including encrypted data at rest, network isolation, and continuous monitoring
Data residency: Primary infrastructure located in the United States with built-in redundancy
Infrastructure Security
Hosting and Data Centers: Our backend services are hosted on Supabase, built on AWS infrastructure with enterprise-grade security and compliance certifications
Supabase provides comprehensive security controls including encrypted data at rest, network isolation, and continuous monitoring
Data residency: Primary infrastructure located in the United States with built-in redundancy
Infrastructure Security
Hosting and Data Centers: Our backend services are hosted on Supabase, built on AWS infrastructure with enterprise-grade security and compliance certifications
Supabase provides comprehensive security controls including encrypted data at rest, network isolation, and continuous monitoring
Data residency: Primary infrastructure located in the United States with built-in redundancy
Data Retention
We retain your personal data only as long as needed for the Service and outlined purposes:
Chat History: Stored on local servers with an option to delete upon request
Browser Memory Summaries: Stored locally for one week
Browser State Data: Stored locally for one week
We follow procedures to delete, erase, or anonymize data when no longer needed. You may request deletion of your personal data at any time. However, we retain server logs for a 30-day rolling period for security, debugging, and abuse prevention. Automated daily backups of our systems are maintained for disaster recovery purposes and may contain your data until the backup cycle is overwritten (up to 30 additional days).
Data Security & Encryption
We use commercially reasonable technical and organizational measures to protect your data. However, no internet transmission is 100% secure.
All data transmitted between your device and our servers is secured using TLS 1.2 or higher. Data stored on our infrastructure is encrypted at rest using 256-bit AES encryption.
Access to personal data is restricted to authorized personnel who require it for operational purposes. All access is protected by multi-factor authentication and is logged for auditing.
Incident Response: In the event of a data breach or security incident that is likely to result in a risk to your rights or freedoms, we will notify affected users and relevant regulatory authorities without undue delay, in accordance with applicable laws. Our incident response process includes identifying and containing the incident, assessing impact, notifying affected parties, and implementing corrective measures to prevent recurrence.
To report vulnerabilities, contact: founders@joindex.com.
Your Rights and Choices
Depending on your location, you may have rights to:
Access: View the personal data we hold
Deletion: Request removal, subject to exceptions
Correction: Fix inaccurate data
Portability: Obtain a copy of your data
Objection: Object to processing in certain cases
Restriction: Limit processing under specific conditions
Contact founders@joindex.com to exercise these rights. We may verify your identity.
Managing Your Data
You can:
Adjust data collection preferences
Revoke OAuth access
Disable/remove the Extension
Delete chat history
Clear browser memory summaries
Third-Party Services and Integrations
Dex integrates with third-party services. When you use them, their privacy policies apply. We are not responsible for their practices.
Jurisdiction-Specific Disclosures
For California Residents (CCPA)
Right to Know: What data we collect and with whom we share it
Right to Delete: Request deletion, with exceptions
Right to Correct: Request correction
Right to Opt-Out: We do not “sell” or “share” personal data as defined by CCPA
For EU Residents (GDPR)
We process data based on contract performance, legitimate interests, consent, or legal obligations
Data Protection Officer: regina@thirdlayer.inc
Supervisory Authority: You may lodge complaints with your local data protection authority
Changes to This Policy
We may update this Privacy Policy periodically. When we do, we’ll update the "Last updated" date and notify you of material changes through the Service or other appropriate means.
Continued use of the Service after updates means you accept the revised policy.
Last Updated: July 31, 2025
Effective Date: July 31, 2025
For privacy inquiries, contact:
Email: founders@joindex.com
Address: 74 Brady Street, San Francisco, CA
ThirdLayer, Inc.
Changes to This Policy
We may update this Privacy Policy periodically. When we do, we’ll update the "Last updated" date and notify you of material changes through the Service or other appropriate means.
Continued use of the Service after updates means you accept the revised policy.
Last Updated: July 31, 2025
Effective Date: July 31, 2025
For privacy inquiries, contact:
Email: founders@joindex.com
Address: 74 Brady Street, San Francisco, CA
ThirdLayer, Inc.
Changes to This Policy
We may update this Privacy Policy periodically. When we do, we’ll update the "Last updated" date and notify you of material changes through the Service or other appropriate means.
Continued use of the Service after updates means you accept the revised policy.
Last Updated: July 31, 2025
Effective Date: July 31, 2025
For privacy inquiries, contact:
Email: founders@joindex.com
Address: 74 Brady Street, San Francisco, CA
ThirdLayer, Inc.
