← Back to Home

Privacy Policy

Second Brain Chrome Extension & Web Application

Last Updated: January 10, 2026

Table of Contents

Introduction

Second Brain ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension, web application, and related services (collectively, the "Services").

Information We Collect

Information You Provide

  • Account Information: Email address and authentication credentials
  • Content Data: Text, images, audio recordings, links, and other content you capture
  • User Preferences: Settings and customization choices

Automatically Collected Information

  • Usage Data: How you interact with our Services
  • Device Information: Browser type, OS, device identifiers
  • Log Data: IP addresses, access times, error logs

Information from Third-Party Services

  • OAuth Authentication: Basic profile information if using third-party sign-in
  • Web Content: URLs and metadata from pages you choose to capture

How We Use Your Information

We use collected information for:

  • Service Delivery: Provide, maintain, and improve our Services
  • AI Processing: Categorize, tag, and generate insights from your content
  • Personalization: Customize your experience
  • Communication: Send notifications and updates
  • Security: Detect and prevent fraud and technical issues
  • Analytics: Understand usage patterns

AI and Data Processing

OpenAI Integration

We use OpenAI's GPT-4o and Whisper APIs to:

  • Automatically categorize entries (notes, todos, reminders)
  • Extract tags, priorities, and due dates
  • Transcribe audio recordings
  • Generate daily summaries and briefings

Important: Your content is sent to OpenAI's servers for processing. OpenAI's data practices are governed by their API data usage policies. As of our last update, OpenAI does not use API data to train their models.

Media Storage

Images and audio files are stored on Cloudinary's servers. Their privacy practices are governed by their Privacy Policy.

Data Storage and Security

Storage Location

  • Database: MongoDB databases on secure cloud infrastructure
  • Media Files: Cloudinary's CDN
  • Backups: Regular backups to prevent data loss

Security Measures

  • Encryption in transit (HTTPS/TLS)
  • Secure authentication with JWT tokens
  • Password hashing using bcrypt
  • Regular security updates and monitoring
  • Access controls and authentication

Note: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Chrome Extension Permissions

Our Chrome extension requires these permissions:

  • storage: Save authentication credentials and settings locally
  • activeTab: Capture content from the active tab when you request it
  • scripting: Enable the capture interface on web pages
  • cookies: Maintain your authenticated session
  • alarms: Schedule periodic syncs and notifications
  • host_permissions: Communicate with our backend API

We only access web page content when you explicitly trigger the capture function. We do not track your browsing history or access tabs in the background without your action.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data only with:

Service Providers

  • OpenAI: For AI processing
  • Cloudinary: For media storage
  • MongoDB Atlas: For database hosting
  • Hosting Providers: For web and API hosting

Legal Requirements

We may disclose information if required by law or to:

  • Comply with court orders or subpoenas
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Respond to law enforcement requests

Business Transfers

If involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

Your Rights and Choices

Access and Control

You have the right to:

  • Access: View and download your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Export your data in a portable format
  • Opt-out: Disable features like notifications

Data Retention

We retain your data while your account is active or as needed to provide Services. After account deletion:

  • Account data removed within 30 days
  • Backups may retain data for up to 90 days
  • Some data retained for legal compliance

Cookies and Tracking

Essential Cookies

We use cookies to:

  • Maintain your authenticated session
  • Remember your preferences
  • Ensure security and prevent fraud

Analytics

We may use analytics tools to understand usage patterns. These tools collect page views, navigation patterns, feature usage, and error reports.

You can control cookie preferences through your browser settings.

Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. By using our Services, you consent to the transfer of your information to the United States and other countries where we operate.

Changes to This Privacy Policy

We may update this policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending email notification (for significant changes)

Your continued use after changes constitutes acceptance of the updated policy.

Contact Us

Questions or concerns about this Privacy Policy? Contact us at:

Email: sanjeev.sapien@gmail.com

Compliance

We comply with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) for EU users
  • California Consumer Privacy Act (CCPA) for California residents
  • Other applicable privacy laws and regulations

GDPR Rights (EU Users)

If you are in the European Economic Area, you have additional rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information we collect
  • Right to know if we sell or disclose personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

© 2026 Second Brain. All rights reserved.

Home