Privacy Policy

Last updated: 10/24/2025

1. Introduction

Deepdive.so ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered conversation platform.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, profile picture (when using Google OAuth). When you sign in with Google, we collect your name, email address, and profile picture (if available) from your Google account. This information is used solely for authentication and creating your account on our platform.
  • Authentication Data: Google OAuth tokens and identifiers
  • Usage Data: Chat conversations, mind maps, document uploads, and feature usage
  • Payment Information: Billing details processed through Paddle (we do not store payment card information)
  • Technical Data: IP address, browser type, device information, and usage analytics

2.2 Automatically Collected Information

  • Log data and analytics information
  • Cookies and similar tracking technologies
  • Performance and error data

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide and maintain our AI-powered conversation platform
  • Authentication: To authenticate users and manage account access
  • Personalization: To customize your experience and provide relevant content
  • Communication: To send service-related notifications and updates
  • Analytics: To analyze usage patterns and improve our services
  • Billing: To process payments and manage subscriptions
  • Legal Compliance: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Third-Party Service Providers

  • Google: For authentication services (OAuth)
  • Paddle: For payment processing and subscription management
  • Supabase: For database and backend services
  • Vercel: For hosting and analytics
  • OpenAI: For AI chat functionality

4.2 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or security issues
  • Protect user safety

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure data storage and backup procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Except to the extent prohibited by law, we are not liable for unauthorized access to your data that is beyond our reasonable control, including incidents arising from third-party service providers, sophisticated cyberattacks, or force majeure events, provided we have implemented reasonable and appropriate safeguards. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and/or relevant authorities as required by applicable law.

5.1 Data Storage Location

Your data is stored on secure servers provided by Supabase, primarily located in the United States. Depending on your location and service configuration, data may also be processed in other regions to ensure performance and availability.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Usage Data: Retained for analytics and service improvement purposes
  • Payment Data: Retained as required by law and for billing purposes
  • Chat Conversations: Stored securely and can be deleted upon request

7. Your Rights and Choices

7.1 General Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your personal information
  • Object to processing of your information
  • Data portability
  • Withdraw consent where applicable

7.2 GDPR Rights (EU Residents)

If you are in the European Union, you have additional rights under GDPR:

  • Right to be informed about data processing
  • Right of access to your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

7.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights

We do not sell your personal information to third parties.

To exercise these rights, please contact us at support@deepdive.so. We will respond within 30 days in accordance with applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. You can control cookie settings through your browser preferences. You can also opt out of analytics cookies by adjusting your settings in the app or your browser. Types of cookies we use:

  • Essential Cookies: Required for basic functionality
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings and preferences

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Other appropriate transfer mechanisms

9.1 AI Processing Disclosure

Conversations you have with our platform are processed by OpenAI’s API to generate responses. These conversations may be stored temporarily by OpenAI for abuse monitoring and research, as described in their privacy policy. We take care to minimize personal information sent to third-party AI providers.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: support@deepdive.so

Data Protection Officer: support@deepdive.so

Website: https://www.deepdive.so

For EU residents, you also have the right to lodge a complaint with your local data protection authority.