Privacy Policy
Effective date: 2026-03-18
BridgeBoard ("we", "us", or "the Extension") is operated by Bridge and Bolt LLC. This policy explains what data the BridgeBoard Chrome extension and web dashboard collect, how that data is used, and the choices you have.
1. What We Collect
| Data | Source | Purpose |
|---|---|---|
| AI conversation text | Pages you visit on supported AI platforms (Claude.ai, ChatGPT, Granola) | Core feature — capturing conversations to your personal knowledge base |
| Page URL & title | Active tab when you interact with the extension popup | Detecting supported AI platforms; linking captures to source conversations |
| Supabase Auth identity | Google OAuth sign-in | Authenticating you and scoping your data with row-level security |
| Extension configuration | Chrome storage (local) | Persisting your preferences (automation rules, GitHub settings, Obsidian vault path) |
2. How We Use Your Data
- Captured conversations are stored in your Supabase database, protected by row-level security so only you can access them.
- If you enable GitHub export, captured events are pushed to a repository you control.
- If you enable Obsidian sync, events are formatted and stored in your local vault.
- We do not sell, rent, or share your conversation data with third parties.
- We do not use your conversation data to train AI models.
3. Data Storage & Security
- All data in transit uses HTTPS/TLS encryption.
- Database rows are protected by Supabase Row-Level Security (RLS) — each user can only access their own data.
- Authentication uses Supabase Auth with Google OAuth; we never see or store your Google password.
- Extension configuration is stored locally in Chrome storage and never leaves your device unless you explicitly export it.
4. Permissions Explained
| Permission | Why |
|---|---|
tabs | Read the URL of the active tab to detect if you are on a supported AI platform and show capture status. |
storage | Persist your configuration and pending event queue locally. |
alarms | Schedule background processing of the capture queue. |
identity | Authenticate with Google OAuth via Supabase Auth. |
Host: claude.ai | Inject the content script that reads conversation text. |
Host: *.supabase.co | Send captured events to your Supabase project. |
5. Your Choices
- Disable capture: Toggle automatic capture off in the extension popup at any time.
- Delete data: Use the dashboard to delete individual events, or contact us to request full account deletion.
- Uninstall: Removing the extension stops all data collection immediately. Your existing data remains in Supabase until you delete it.
6. Third-Party Services
The Extension interacts with the following third-party services only when you explicitly configure them:
- Supabase — database and authentication (Supabase Privacy Policy)
- GitHub — optional repository export (GitHub Privacy Statement)
- Google OAuth — sign-in only (Google Privacy Policy)
7. Children's Privacy
BridgeBoard is not directed at children under 13. We do not knowingly collect data from children.
8. Changes to This Policy
We may update this policy from time to time. Material changes will be announced via the extension's options page or a notice on this site. The "Effective date" at the top reflects the latest revision.
9. Contact
Questions or requests? Email us at privacy@bridgeandbolt.com.