Privacy Policy

• We do not sell, share, or monetize your data in any form.
• We do not use your data to train any AI model.
• We do not store images of minors on any server in any form. Reference photos uploaded for child monitoring are hashed on your device — only the hash is transmitted.
• We do not scan for, detect, identify, store, transmit, or interact with illegal content of any kind.

Account email, password (hashed and salted by Supabase Auth), and the data you choose to enter — broker scan results, breach acknowledgements, AI audit finding categories, child profile names and identifiers, and aggregate counters from the iOS app and browser extension.

Every database table uses Postgres Row-Level Security, so even with a stolen anonymous-key client you can only read rows that belong to your authenticated user. Storage is encrypted at rest via Supabase’s platform encryption (AES-256 full-disk). Gmail OAuth access and refresh tokens are additionally encrypted at the application layer with AES-256-GCM using a key we hold in our serverless environment (not in the database) — a database dump alone is useless without that key. Child profile identifiers are next on the same encryption path.

We do not run third-party tracking SDKs that transmit your behavior to external services.

We do not ship any third-party analytics SDK in the web app, iOS app, or browser extension. No Google Analytics, Mixpanel, Segment, Amplitude, or Posthog cloud beacon runs on dltd.app. The only request logs we have are the operational ones our hosting providers (Vercel, Supabase, Cloudflare) keep for routing and security — same as any production service — and we never join them to your account for behavioral analytics.

When we add a product-analytics layer it will be self-hosted, anonymized at ingest, and opt-in from Settings — not the default.

The DLTD browser extension scans ChatGPT, Claude, Gemini, and Grok memory on your device. Content stays in your browser. Only finding categories and severity flags are written back to your account.

When you connect a Gmail account to DLTD's Inbox Audit, you grant the following Google OAuth scopes:

• https://www.googleapis.com/auth/gmail.metadata — read message headers and labels only. Never message bodies, attachments, or snippets.
• https://www.googleapis.com/auth/userinfo.email — read the email address of the connected Google account so we know which inbox you connected.

What we read from your inbox: the From, Subject, Date, and List-Unsubscribe headers of messages in your INBOX label from roughly the last 90 days. We use these headers to identify the AI services, subscriptions, and newsletters tied to your inbox so we can surface the corresponding unsubscribe and account-deletion links to you.

What we never read or store: message bodies, attachments, snippets, full message lists, or contents of any folder other than what you authorize.

How we use it: exclusively to populate your Inbox Audit findings (one row per discovered sender domain, with the sender, an unsubscribe URL when present, and a known account-deletion URL when we have one on file). Findings are visible only to you, behind Postgres Row-Level Security keyed to your user id.

What we never do with your Google data:

• We do not sell, share, or transfer Google user data to any third party.
• We do not use Google user data to train any AI or machine-learning model, ours or anyone else's.
• We do not use Google user data for advertising, profile-building, or any purpose other than the Inbox Audit feature you opted into.
• We do not allow humans to read your Google user data, except (a) with your explicit consent, (b) for narrow security or abuse investigations, or (c) to comply with applicable law.

Tokens and storage. Your OAuth access and refresh tokens are stored under Supabase’s platform encryption at rest (AES-256 full-disk) and accessible only via server-side service-role credentials gated by Postgres Row-Level Security. Application-layer column encryption with a key we hold ourselves is on the roadmap and tracked publicly at our repo; we’re publishing that incremental hardening rather than waiting for it. Findings rows contain sender domains and metadata derived from headers — never message bodies.

Disconnecting and deletion. You can disconnect a Gmail account at any time from Settings— this revokes the OAuth token at Google and deletes the stored tokens from our database. You can additionally revoke DLTD's access at myaccount.google.com/permissions. Deleting your DLTD account cascade-deletes all Inbox Audit data tied to your user id.

DLTD's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can delete your account from Settings on the iOS app or the web dashboard. Deletion removes your public.users row and all associated rows that reference it. Backups are purged within 30 days.

Storage is encrypted at rest via Supabase’s platform encryption (AES-256 full-disk). Transport is TLS 1.2+ with HSTS preload. Two surfaces are additionally encrypted at the application layer with AES-256-GCM using a key we control (not stored in the database): per-org SSO client secrets for Business customers, and Gmail OAuth access and refresh tokens for Inbox Audit. A database dump alone is useless against either. Child profile identifiers are on the same encryption path next; we’re publishing what we actually do today rather than claiming a future state.

SOC 2 Type II is in progress, targeting Q4 2026 (see our Trust Center). A bug-bounty channel is open from day one — full disclosure policy at /security, vulnerability reports to security@dltd.app.

DLTD's Family Connect feature is operated by a parent on behalf of their child. Child profile fields stored are: display name, nicknames, birth year, email addresses, phone number, and known usernames. School name is used during initial scan only and is never persisted. Photos are hashed on-device and the original image never leaves the phone.

Under 18 USC 2258A, DLTD is required to report apparent violations of child sexual exploitation laws to NCMEC's CyberTipline. DLTD does not detect, identify, or store illegal content — but if such content is surfaced by any monitoring function, we report it immediately.

Privacy questions: privacy@dltd.app. Security reports: security@dltd.app.