Privacy policy
Last updated 2026-06-19
browserfog is a privacy-first browser-memory product operated by Victor Chasex Pvt Ltd, a company incorporated in India with registered office at L-149, Sector 6, HSR Layout, Bengaluru 560102, Karnataka, India ("we", "us", "our"). We store encrypted records of pages you explicitly save. We cannot read those records — they are end-to-end encrypted on your device with a vault key that never leaves your browser.
This policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. It also covers our obligations to users outside India.
What we collect
- /Account. Your email address and an Argon2id hash of your password (the plaintext is never stored). A timestamp of your last sign-in.
- /Sessions. An opaque session id stored in an HttpOnly cookie, plus the IP address and user-agent string of the device that signed in. Sessions auto-expire after 14 days and can be revoked from the dashboard at any time.
- /Paired browsers. A label you choose ("Chrome on MacBook"), the platform name, and an Argon2id hash of the per-device API key. The plaintext key is shown to you once and is never re-displayed.
- /Saved pages. AES-GCM ciphertext + IV of the page payload (URL, title, body, embeddings); an HMAC-SHA256 of the canonical URL, keyed by a vault-key-derived blind-index key (used only for dedup); a risk score (0–100) and an array of reasons strings produced by on-device heuristics ("suspicious_tld:.zip") describing the heuristic, not the page contents; the capture timestamp and the size of the encrypted payload in bytes.
- /Operational logs. Standard web-server logs (status code, path, latency, request id) for up to 30 days. We do not log request bodies.
- /Error reports. If error tracking is enabled, the dashboard and extension send stack traces and user-agent strings to our self-hosted GlitchTip. No captured-page content ever flows through this path.
What we never collect
- /The URL, title, body text, or any other content of any captured page. The server only ever sees ciphertext.
- /Your passphrase, your vault key, or your recovery mnemonic.
- /Your search queries. The dashboard runs search inside your browser tab against decrypted records — queries are never sent to the server.
- /The list of pages you have or haven't captured. Browsing activity outside of pages you explicitly save is invisible to us; the extension cannot read pages without your per-click activation of the "Save" UI.
- /Analytics or advertising trackers. We do not use them.
How we use what we have
We use the data we collect only to (a) run the service — authenticate sign-ins, serve your ciphertext back to your paired browsers, enforce storage quotas, send transactional email — and (b) keep the service safe and reliable — rate limit abuse, debug outages, and respond to legal process if it ever applies. We never sell user data. We never share it with third parties for marketing purposes.
Third parties we depend on
- /Cloudflare — fronts our API + dashboard via Cloudflare Tunnel and stores ciphertext blobs in R2. Cloudflare sees TLS handshakes and ciphertext; it does not see plaintext content.
- /Mailsetu (SMTP) — delivers verification emails and password resets. We transmit only the subject and body of those mails.
Your controls
- /Export. Download an encrypted JSON bundle of every record from the dashboard (decrypts in your tab) any time.
- /Delete records. Per-record delete from the dashboard memory page; the ciphertext is purged from our R2 bucket on the next scheduled GC.
- /Delete account. Hard-deletes every row tied to your user id and purges every R2 object under your per-user prefix. Once you confirm with your current password, recovery is not possible.
- /Sign out everywhere. Revokes every dashboard session except the one you're using to do it.
- /Per-device revoke. Each paired browser gets its own API key; revoking it from the dashboard immediately blocks that browser from syncing.
Data retention
Encrypted records stay until you delete them or your account. Soft-deleted records (you clicked "delete" in the dashboard) are kept for 10 minutes as a grace window, then purged from R2 and hard-deleted from the database. Sessions and one-shot verification tokens age out automatically — our hourly cleanup task removes them once expired. Standard server logs are kept for 30 days.
Children
browserfog is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.
Changes
We will update the date at the top of this page whenever we materially change anything. We will notify active accounts by email if a change reduces privacy in a way you should know about before it takes effect.
Your rights as a Data Principal
If you are a Data Principal under the DPDP Act, you have the following rights with respect to your personal data:
- §11Right to access — request a summary of the personal data we process about you and the identities of any data fiduciaries / processors we have shared it with.
- §12Right to correction and erasure — request correction, completion, or updating of inaccurate or incomplete personal data; request erasure of personal data that is no longer necessary for the purpose for which it was collected. Account deletion from the dashboard satisfies this end-to-end.
- §13Right of grievance redressal — raise a grievance with our Grievance Officer (named below). We will respond within thirty (30) days.
- §14Right to nominate — nominate another person to exercise these rights in the event of your death or incapacity. Email the Grievance Officer to file a nomination.
- §6(4)Right to withdraw consent — withdraw consent at any time, with the same ease as it was given. Deleting your account withdraws all consent and triggers erasure of personal data we no longer need to retain for a legitimate purpose or legal obligation.
- §27Right to complain to the Data Protection Board of India — if you are dissatisfied with our response, you may lodge a complaint with the Data Protection Board of India.
Lawful basis for processing
We process personal data on the following lawful bases under §6 and §7 of the DPDP Act:
- /Consent for account creation, capture of pages you explicitly save, paired-browser sync, and optional AI-chat auto-save (off by default).
- /Legitimate uses for security, fraud prevention, abuse rate-limiting, debugging, and responding to legal process.
Cross-border transfers
Our primary infrastructure is hosted in India. We use the following processors that may store or transit personal data outside India:
- /Cloudflare, Inc. (United States) — CDN, TLS termination, R2 ciphertext object storage (configured to Western Europe and Eastern North America regions). Cloudflare sees TLS handshakes and ciphertext only.
- /Mailsetu (India) — transactional email delivery (verification, password reset).
The DPDP Act permits cross-border transfers except to countries notified by the Central Government as restricted. We will update this section if any such notification affects our processors.
Reach our designated officer
In accordance with §8(10) of the DPDP Act and Rule 5(9) of the IT Rules, 2011, the designated Grievance Officer is:
- NAME
- Amit
- [email protected]
- POSTAL ADDRESS
-
Victor Chasex Pvt Ltd
L-149, Sector 6, HSR Layout
Bengaluru 560102, Karnataka, India - RESPONSE SLA
- Within 30 days of receipt
Contact
Privacy questions: [email protected]. Security disclosures: [email protected]. Grievances under Indian law: [email protected] (Grievance Officer). Registered office: Victor Chasex Pvt Ltd, L-149, Sector 6, HSR Layout, Bengaluru 560102, Karnataka, India.