Privacy Policy
Effective date: 2026-05-08
BridgeBoard-AI ("we", "us", or "the Service") is operated by Bridge and Bolt LLC. This policy explains what data the BridgeBoard-AI Chrome extension and web dashboard collect, how that data is used, and the choices you have.
In short: BridgeBoard-AI stores your AI conversation history — similar to how a note-taking app stores your notes. When you choose to recall, we surface relevant content from your history back into the AI platform you're actively using. You control when recall happens and which platforms participate.
1. What We Collect
| Data | Source | Purpose |
|---|---|---|
| AI conversation text (user and assistant turns) | Pages you visit on supported platforms: Claude, Gemini, ChatGPT, and Perplexity | Core feature — capturing conversations to your knowledge base |
| Page URL, title, and thread ID | Active tab on supported platforms | Detecting supported platforms, de-duplicating captures, and linking to source conversations |
| Email address and user ID | Google OAuth sign-in via Supabase Auth | Authenticating you and scoping your data with row-level security |
| Extension configuration | Chrome local storage | Persisting your preferences (capture toggles, GitHub settings) |
We do not collect: passwords to AI platforms, browsing history outside the four supported sites, audio or video, or keystrokes. We do not log or store IP addresses.
2. How We Use Your Data
Storage
Captured conversations are stored in a Supabase PostgreSQL database operated by Bridge and Bolt, protected by row-level security so that only you can access your own data.
Recall
When you type //bb in a supported AI platform, BridgeBoard-AI searches your stored conversations and returns relevant context directly into the chat you are using. This is always user-initiated — recall never fires automatically.
To power recall, your data is processed in two ways:
- Embeddings: Conversation text is converted into numerical vectors (embeddings) so it can be searched semantically. This processing is performed by Supabase's built-in embedding model and, for enhanced search, by a hosted open-weight embedding model via DeepInfra.
- Synthesis: When recall returns results, a small language model summarizes the relevant excerpts into a concise answer. This synthesis is performed via OpenRouter, which routes to small open-weight or commercial language models. Only your search query and the matched conversation excerpts are sent — never your full conversation history.
What we never do
- We do not sell, rent, or share your conversation data with third parties for their own purposes.
- We do not use your conversation data to train or fine-tune AI models.
- We do not display advertising or use your data for ad targeting.
3. Third-Party Services
BridgeBoard-AI relies on the following third-party services. Data is shared only to the extent required to deliver the feature described.
| Service | What we send | Why |
|---|---|---|
| Supabase | Conversation content, auth identity | Database, authentication, and built-in embedding model (Privacy Policy) |
| DeepInfra | Conversation text chunks (for embedding) | Semantic search via open-weight embedding model (Privacy Policy) |
| OpenRouter | Search query + matched excerpts (for synthesis) | Recall answer generation via small language models (Privacy Policy) |
| Google OAuth | OAuth token exchange only | Sign-in (Privacy Policy) |
| Resend | Email address | Transactional email (account alerts, deletion confirmation) (Privacy Policy) |
| GitHub (optional) | Conversation content in Markdown | Repository export — only if you connect a repo (Privacy Statement) |
4. Data Storage & Security
- All data in transit uses HTTPS/TLS encryption.
- Database rows are protected by Supabase Row-Level Security (RLS) — each user can only access their own data.
- Authentication uses Supabase Auth with Google OAuth; we never see or store your Google password.
- Extension configuration is stored locally in Chrome storage and never leaves your device unless explicitly exported.
- Third-party API keys (such as a GitHub personal access token) you provide are stored in Chrome local storage on your device and transmitted only to the respective service over HTTPS.
5. Chrome Permissions Explained
| Permission | Why |
|---|---|
storage | Persist your configuration and pending capture queue locally. |
tabs | Read the URL of the active tab to detect supported AI platforms and show capture status. |
alarms | Schedule background processing of the capture queue. |
identity | Authenticate with Google OAuth via Supabase Auth. |
scripting | Inject content scripts on supported AI platforms to read conversation text. |
activeTab | Access the active tab when you click the extension icon, so we can detect the current platform. |
Host: claude.ai, gemini.google.com, chatgpt.com, perplexity.ai | Inject content scripts to capture conversations and deliver recall results on each supported platform. |
Host: feqjcjaoafhvxmmgmbnt.supabase.co | Send captured events, authenticate, and retrieve recall results from BridgeBoard-AI's backend. |
6. Data Retention
We retain your conversation data for as long as your account is active. When you delete a conversation, it is removed from your view immediately and the underlying data is permanently purged within 30 days.
If you delete your account, a 7-day cooling-off period begins during which you can cancel the request. After the cooling-off period, all associated data — events, embeddings, and metadata — is permanently removed. No data survives past 30 days from the deletion request.
7. Your Rights & Choices
- Disable capture: Toggle automatic capture off in the extension popup at any time.
- Delete individual events: Use the dashboard to remove specific conversations.
- Delete your account: Initiate full account deletion from the dashboard settings page. This permanently removes all your data.
- Export your data: Contact us to request a full export of your stored conversations.
- Uninstall: Removing the extension stops all data collection immediately. Your existing data remains on our servers until you delete it or your account.
8. Children's Privacy
BridgeBoard-AI by Bridge and Bolt is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be announced via the extension's options page or a notice on this site. The "Effective date" at the top reflects the latest revision.
10. Contact
Questions or requests? Email us at privacy@bridgeandbolt.com.