Dot AI — Privacy Policy

Last updated: April 30, 2026

What Dot AI Does

Dot AI is a Chrome extension that analyzes lecture transcripts on Panopto and displays explanatory insight bubbles to help students understand difficult concepts.

Authentication

Dot AI requires signing in with a Google account. Authentication is handled via Google OAuth through a secure backend (Supabase). We receive your Google display name, email address, and profile picture solely to display them in the extension popup and to associate your usage with your account for rate limiting purposes.

Data We Collect

We do not collect or store personal data on our servers beyond what is needed for authentication, rate limiting, and the optional features described below (feedback and referral source). Dot AI does not use third-party analytics or cross-site tracking.

Data Processed Locally

• Authentication tokens: Your login session (JWT and refresh token) is stored locally in your browser via chrome.storage.local. These tokens never leave your device except when communicating with our backend.
• Google profile info: Your display name, email, and profile picture are stored locally to show in the extension popup.
• Cached insights: Analysis results are stored in your browser's local storage so you don't have to re-analyze the same lecture. This data never leaves your device.
• Language preference: Your chosen display language (English or Hebrew) is stored locally.
• Theme preference: Your chosen theme (light or dark) is stored locally.

Data Sent to Third Parties

• Supabase (backend): When you click "Analyze Lecture," the lecture transcript text is sent to our Supabase Edge Function backend. The backend uses your authentication to enforce rate limits (10 analyses per day) and caches results server-side to avoid redundant processing.
• Google Gemini API (via backend): Our backend forwards the transcript to Google's Gemini API for AI-powered analysis. The transcript is sent solely for generating insights. Google's use of this data is governed by Google's Privacy Policy.
• Explain Slide (via backend): When you use "Explain Slide," a screenshot of the current lecture slide is captured locally and sent to our backend, which forwards it to Google's Gemini Vision API for a visual explanation. The image is not stored — it is used only for generating the explanation.
• Explain Term (via backend): When you click a term inside an explanation, the term and surrounding context are sent to our backend, which forwards them to Google's Gemini API for a definition. The request is not stored.
• Feedback (via backend): If you submit feedback (thumbs up/down and an optional comment), it is sent to our Supabase backend and stored alongside your user ID and the lecture session ID. This helps us improve the extension.
• Referral source (via backend): If you answer the optional "how did you hear about us?" prompt, your free-text answer is stored alongside your user ID. This helps us understand how users discover Dot AI. You can skip the prompt without providing an answer.

Permissions

• activeTab: Used to access the Panopto lecture page and inject insight bubbles onto the video player.
• storage: Used to cache analysis results, authentication tokens, and user preferences (language, theme) locally in your browser.
• identity: Used to initiate Google OAuth sign-in via Chrome's identity API.
• alarms: Used to keep the background service worker alive during long-running AI analysis requests, preventing Chrome from suspending it before the response arrives.
• Host permissions (<all_urls>): Required for the "Explain Slide" feature. When the lecture slide video is hosted on a cross-origin domain (common in Panopto deployments), Chrome's captureVisibleTab API requires broad host permissions to capture a screenshot of the current tab. The extension only activates on Panopto lecture pages.
• Host permissions (supabase.co): Required to communicate with our secure backend for authentication, rate limiting, and transcript analysis.

Data Sharing

Dot AI does not sell, share, or transfer your data to any third party, except as described above (sending transcript text through our backend to Google Gemini API for analysis).

Changes to This Policy

If this policy changes, the updated version will be posted at this URL with a new "Last updated" date.

Contact

For questions about this privacy policy, contact us at tomer.shulman7@gmail.com.