Privacy Policy
Last Updated: June 14, 2026
Effective Date: December 10, 2025
Version 1.2 - Updated Browser Permissions & Security Features
Browsist AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
1. Information We Collect
1.1 Personal Information
We collect the following personal information:
- Account Information: Email address, name (obtained via Google Sign-In)
- Authentication Data: Google account information (name, email, profile picture) - all accounts use Google Sign-In
- Device Information: Android Device ID (ANDROID_ID) for account management and security
- Payment Information: Subscription plan, purchase tokens, payment history (processed via Google Play Billing - we do NOT store credit card details)
1.2 Usage Information
- Chat History: Your conversations with AI models (stored locally in encrypted Room database on your device, optionally synced to MongoDB cloud servers with your consent)
- Browsing Activity: URLs visited within the app browser, web search queries
- Usage Statistics: Message count per model, image generation count, subscription quota tracking
- Device Technical Data: Device model, Android OS version, app version, network status
- User Preferences: Selected AI model, temperature, max tokens, research mode settings (stored in encrypted DataStore)
- AI Memories: Information you share with the AI assistant that it chooses to remember for personalization (e.g., your name, preferences, interests, timezone). This is stored on our servers to personalize future conversations. Maximum 20 memories per user, each limited to 500 characters. You can view, modify, or delete these memories at any time by asking the AI to "forget" specific information.
- Session Data: Last login timestamp, authentication tokens (JWT, expires after 7 days)
- IP Address & Location Data (PRO/PREMIUM only): When you use Research Mode (available only with PRO or PREMIUM subscription), we automatically collect your IP address to determine your approximate location (country and city) for providing geographically relevant search results. This helps deliver localized content such as regional news, nearby businesses, and location-appropriate search results. IP-based location data is cached temporarily (24 hours) for performance optimization and is not permanently stored in our database.
1.3 Content You Provide
- Text Input: Messages, prompts, and questions sent to AI models
- Voice Input: Audio recordings for voice-to-text conversion (processed in real-time and immediately discarded - NOT stored)
- Voice Chat Audio: Real-time audio streamed to Google Gemini Live API during voice chat sessions. Audio is processed in real-time for AI responses and is NOT stored on our servers or by Google beyond the session duration.
- Video Chat Camera Feed: Camera frames captured during video chat sessions and sent to Google Gemini Live API for real-time visual understanding. Video frames are processed in real-time and immediately discarded - NOT stored on our servers. Camera access requires explicit user permission and can be revoked at any time.
- Images: Photos uploaded for AI vision analysis (temporarily processed, not permanently stored unless in chat history)
- Documents: PDFs and Word documents for AI document analysis (text extracted, originals not stored, max 10MB)
2. Browsist Features & Services
Browsist AI provides a comprehensive suite of AI-powered features:
- AI Chat Assistant: Conversational AI with multiple models (OpenAI GPT-4.1-mini, GPT-4o; Google Gemini 2.5 Flash, Gemini 2.5 Pro)
- AI Voice Chat: Real-time voice conversations with AI using Google Gemini Live API. Supports multiple voice options, hands-free browsing commands (open websites, search, get weather via voice), and tool integration. Voice sessions consume messages from your plan quota. Audio is streamed in real-time and not stored.
- AI Video Chat (PRO/PREMIUM only): Live video conversations with AI where you share your camera feed. The AI can see and answer questions about your surroundings. Supports front/back camera switching, picture-in-picture, and fullscreen modes. Camera frames are processed in real-time and immediately discarded.
- Research Mode (PRO/PREMIUM only): AI chat enhanced with real-time web search and credible sources with images. This feature requires an active PRO or PREMIUM subscription.
- Built-in Browser: Integrated web browser with seamless navigation, ad blocking, and privacy features
- Browser AI Summarization: Instant webpage summaries (Quick, Detailed, Key Points, Action Items) with metadata
- My Notes: Personal note-taking and organization system
- AI Image Generation: Text-to-image creation using advanced AI models (Google Imagen, DALL-E)
- Trending Topics: Discover trending content across categories with instant AI research
- Voice Input: Speech-to-text capabilities for hands-free interaction in chat
- Document Analysis: AI-powered analysis of PDFs, Word documents, and images
- Multi-Device Sync: Optional cloud synchronization of chat history
2.1 Built-in Browser Privacy Features
Our integrated browser includes the following privacy and functionality features:
- Ad Blocking: Optional ad blocking feature that prevents loading of known advertising and tracking domains. You can enable or disable this in browser settings. When enabled, requests to advertising networks are blocked locally on your device - no data is sent to us about blocked ads.
- User Agent: To ensure optimal website compatibility, our browser may present itself as a standard mobile or desktop browser (Chrome/Firefox) rather than an Android WebView. This is a common practice to prevent websites from serving limited functionality to in-app browsers. No personal information is transmitted through this identification.
- Website Cookies: Websites you visit within our browser may set their own cookies. These cookies are stored locally on your device and are subject to each website's own privacy policy. You can clear browsing data including cookies in the browser settings.
- Desktop Mode: You can toggle between mobile and desktop viewing modes. In desktop mode, the browser identifies as a desktop browser to receive the full desktop version of websites.
- Browsing History: Your browsing history is stored locally on your device for your convenience. History is NOT synced to our servers and is NOT shared with third parties. You can clear your history at any time.
- Bookmarks: Saved bookmarks are stored locally on your device and optionally synced to your account if cloud sync is enabled.
2.2 Browser Permissions & Device Access
Our browser may request the following device permissions when websites need them:
- Location Access (Geolocation API): When a website (such as Google Maps, weather sites, or location-based services) requests your location, you will be prompted to grant permission. Location access is ONLY granted to HTTPS (secure) websites. HTTP websites cannot access your location for security reasons. You can deny location access at any time, and we never share your location with third parties. Location data is provided directly from your device to the requesting website.
- Camera & Microphone (WebRTC): For video calling websites (such as Google Meet, Zoom Web, or video chat sites), you may be prompted to grant camera and microphone access. These permissions are ONLY granted to HTTPS (secure) websites. Your camera and microphone streams are sent directly to the website you're using - we do not intercept, record, or store any audio/video data. You can revoke these permissions at any time in Android settings.
- File Upload: When uploading files to websites, you will be prompted to select files from your device. We do not access or store any files you upload - they are sent directly to the destination website.
- Downloads: Files you download from websites are saved to your device's Downloads folder using Android's built-in Download Manager. Download history is visible in your device's notifications and download manager.
2.3 Browser Security Features
Our browser includes security measures to protect you while browsing:
- HTTP Website Support: Our browser can load both HTTP (non-secure) and HTTPS (secure) websites. When you visit an HTTP website, a "Not Secure" warning indicator is displayed in the address bar. We recommend using HTTPS websites whenever possible for your security.
- SSL Certificate Warnings: If a website has an invalid, expired, or untrusted SSL certificate, you will see a security warning dialog explaining the specific issue (expired certificate, hostname mismatch, untrusted authority, etc.). You can choose to go back (recommended) or proceed at your own risk. We strongly recommend not entering sensitive information on websites with certificate errors.
- Google Safe Browsing: Our browser uses Google Safe Browsing to warn you about potentially dangerous websites (phishing, malware). When a threat is detected, you will see a warning page before the site loads. This feature helps protect you from online threats.
- HTTP Authentication: For websites that require username/password authentication (HTTP Basic Auth), you will see a login dialog. Your credentials are sent directly to the website - we do not store or have access to these credentials.
- Secure Permission Handling: Sensitive permissions (location, camera, microphone) are ONLY granted to HTTPS websites. This prevents malicious HTTP sites from accessing your device's sensors.
3. How We Use Your Information
3.1 Third-Party Authentication
We use Google Sign-In as our sole authentication method. When you sign in with Google:
- We receive your name, email address, and profile picture from Google
- Google's Privacy Policy applies to data collected by Google during authentication
- We do NOT store passwords - authentication is handled securely by Google
- You can revoke Browsist's access anytime via your Google Account settings
- Email registration has been disabled to prevent spam and ensure account security
Review Google's Privacy Policy: https://policies.google.com/privacy
3.2 AI Memory & Personalization
Our AI assistant can remember information you share to provide personalized experiences:
- What AI Remembers: When you share personal details (name, preferences, interests, location, job, hobbies), the AI may save this to personalize future conversations
- Automatic & Transparent: The AI proactively saves useful context but will indicate when it's remembering something
- Your Control: You can ask the AI to "forget" any information, view what it remembers, or request complete memory deletion
- What's NOT Saved: Passwords, financial information, health data, or other sensitive information are never saved in AI memories
- Storage Limits: Maximum 20 memories per user, each up to 500 characters
- Deletion: All AI memories are permanently deleted when you delete your account
3.3 General Usage
We use your information for:
- Service Delivery: Provide AI chat, image generation, and browser features
- Account Management: Authenticate users, manage subscriptions
- Usage Tracking: Monitor quotas, enforce subscription limits
- Personalization: Improve user experience based on preferences and AI memories
- Analytics: Understand feature usage, improve app performance
- Support: Respond to inquiries, troubleshoot issues
- Security: Prevent fraud, abuse, and unauthorized access
- Legal Compliance: Comply with applicable laws and regulations
4. Information Sharing & Third-Party Services
4.1 AI Service Providers
IMPORTANT: Your messages are sent through our secure backend servers to these AI providers:
- OpenAI (GPT Models): We send your messages to OpenAI's GPT-4.1-mini and GPT-4o models for AI chat responses. Your API keys are NOT required - we handle this securely. OpenAI may use data per their policies. See OpenAI Privacy Policy
- Google Gemini AI: We send your messages to Google's Gemini 2.5 Flash and Gemini 2.5 Pro models for AI chat responses, and use Google Gemini Live API for real-time voice and video chat sessions. During voice/video chat, audio and camera frames are streamed directly to Google's servers for real-time processing. See Google Privacy Policy
- Google Imagen/Vertex AI: Image generation requests are sent to Google Imagen models. Prompts are processed to generate images. See Google Cloud Privacy Notice
- DALL-E (OpenAI): Alternative image generation if configured. Subject to OpenAI policies
Data Retention by AI Providers: OpenAI retains data for 30 days for abuse monitoring, then deletes it (per their API policy). Google's retention policies apply to Gemini/Imagen.
4.2 Authentication & Cloud Services
- Google Sign-In: If you use Google Sign-In, we receive basic profile information (name, email, profile picture). We verify your identity token with Google's servers. See Google Privacy Policy
- MongoDB Atlas: Your synced chat history and account data are stored on MongoDB Atlas cloud servers (encrypted at rest, located in US/India regions). See MongoDB Privacy Policy
- Railway.app: Our backend API is hosted on Railway infrastructure. See Railway Privacy Policy
4.3 Payment Processing
4.4 Search & Webpage Services
- Serper API / Tavily Search (PRO/PREMIUM only): When using Research Mode (available only with PRO or PREMIUM subscription), your search queries and approximate location (country and city derived from IP address) are sent to third-party search APIs (Serper, Tavily) to provide geographically relevant web sources and images. Only your query and location parameters (country code, city name) are shared - no personal identifiers are sent. FREE plan users do not have access to Research Mode and their data is not shared with these services.
- IP Geolocation Services (PRO/PREMIUM only): We use third-party IP geolocation services (ip-api.com, ipapi.co) to determine your approximate location from your IP address when you use Research Mode. These services receive only your IP address and return location data (country, city, region). This only applies to PRO and PREMIUM subscribers using Research Mode. See their privacy policies: ip-api.com, ipapi.co
- Webpage Content Extraction: For Browser AI Summarization (available to all users), webpage content is extracted and sent to AI providers (OpenAI/Google) for summarization
- Trending Topics API: Real-time trending topic data fetched from external news and social media APIs (available to all users)
4.5 We DO NOT:
- Sell your personal information to third parties
- Use your data for advertising purposes
- Share your chat content with anyone except the AI providers necessary for service functionality
- Track you across other websites or apps
- Use third-party analytics (no Google Analytics, Facebook Pixel, etc.)
4.6 On-Device (Offline) AI — Optional Add-on
The optional Offline AI Pack add-on runs AI models entirely on your device. When you use on-device AI:
- Nothing is sent to our servers or to any AI provider. Your prompts and the AI's responses are processed 100% locally on your phone.
- Offline conversations are stored only on your device (in the app's local, encrypted Room database) and are never synced to the cloud or our backend.
- On-device AI does not consume your message quota and works without an internet connection.
- The only network activity is the one-time model download and a small, authenticated request to verify your add-on subscription — no chat content is ever involved.
- The add-on's active status is verified via your Google Play subscription; this check involves only your subscription state and no chat content.
- You can delete the downloaded model at any time from Settings → Offline AI Pack.
4.7 On-Device AI Model Licenses
The Offline AI Pack uses the following open models, downloaded to your device. Each remains under its own license:
5. Data Storage & Security
- Local Storage: Chat history, user preferences stored on your device using:
- Room Database (encrypted, for chat messages and history)
- DataStore Preferences (encrypted, for settings and tokens)
- Cloud Storage: Optional cloud sync (opt-in only):
- MongoDB Atlas servers (encryption at rest with AES-256)
- Data centers: US and India regions
- Automatic backups retained for 7 days
- Data Transmission: All data transmitted over HTTPS with TLS 1.3+ encryption
- Authentication: JWT tokens (expires after 7 days), Google OAuth 2.0 authentication, device-based authentication
- Access Controls: Role-based access, rate limiting (1000 requests per 15 minutes), device-based authentication
- API Security: All backend APIs protected with JWT authentication, input validation, and SQL injection prevention
- No Analytics/Tracking: We do NOT use Google Analytics, Firebase Analytics, or any third-party tracking SDKs
6. Your Rights & Choices
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your chat history and data
- Opt-Out: Disable cloud sync, analytics collection
- Subscription: Cancel subscription anytime via Google Play
- Opt-Out of Location-Based Search (PRO/PREMIUM only): If you have a PRO or PREMIUM subscription, you can disable location-based search results by turning off Research Mode in the app settings, or by using a VPN to mask your IP address. When Research Mode is disabled, your IP address is not used for geolocation lookups. FREE plan users do not have access to Research Mode and no location-based searches are performed.
7. Data Retention
We retain your personal information for as long as your account is active. Upon account deletion, most data is removed within 30 days.
7.1 Standard Data Retention
- Account Data: Retained while your account is active and for 30 days after account deletion
- Chat History (Local): Stored on your device until you manually delete conversations
- Chat History (Cloud): Synced chats stored on MongoDB Atlas, deleted within 30 days of account deletion
- AI Memories: Personalization data saved by the AI (stored on MongoDB Atlas), deleted within 30 days of account deletion. You can also delete individual memories anytime by asking the AI to "forget" specific information.
- Usage Statistics: Message and image counts reset monthly on your billing date
- Server Logs: Backend API logs retained for 30 days for debugging and security (contains timestamps, endpoints, status codes - NO chat content)
- Payment Records: Google Play Billing retains payment history per their policies (minimum 7 years for tax compliance)
- Voice Recordings: Processed in real-time and immediately deleted (0 retention)
- Uploaded Files: Temporarily stored in memory during processing, deleted immediately after (no permanent storage)
- IP Location Data (PRO/PREMIUM only): For PRO and PREMIUM subscribers using Research Mode, IP-based location information (country, city) is cached for 24 hours to improve search performance and reduce API calls. After this period, the cached data is automatically deleted. We do not store raw IP addresses in our permanent database. FREE plan users are not subject to IP geolocation processing.
7.2 Data Retention After Account Deletion
IMPORTANT DISCLOSURE: When you delete your account, we retain limited information for fraud prevention and service security purposes.
What We Retain After Account Deletion:
- Email Address: Your email address is retained in our DeletedUser database
- Google Account ID: If you signed in with Google, your Google ID is retained
- Account ID: Your original account identifier (MongoDB ObjectId)
- Deletion Timestamp: Date and time when your account was deleted
- Usage Statistics at Deletion: Message count and image generation count at the time of deletion
- Subscription Information at Deletion: Your subscription plan and status at the time of deletion
Purpose of Retention:
- Fraud Prevention: Prevents abuse of our free tier service by users creating multiple accounts
- Security: Blocks re-registration attempts from deleted accounts (default policy)
- Compliance: Maintains audit trail for regulatory and legal requirements
How This Data Is Used:
- Stored in a separate, secure DeletedUser database collection
- Used exclusively to check registration eligibility when new users sign up
- NOT used for marketing, analytics, or any other purposes
- NOT shared with third parties
- Retained indefinitely to maintain service integrity and prevent abuse
Re-Registration Policy:
- By default, deleted accounts cannot re-register with the same email or Google account
- This prevents abuse where users repeatedly create accounts to exploit free usage limits
- If you wish to restore your account or request complete data removal (including DeletedUser records), contact us at support@browsistai.com
- Account restoration or complete data removal requests are reviewed on a case-by-case basis
Your Rights Regarding Retained Data: You have the right to request complete removal of your information from our DeletedUser database. Please contact us at support@browsistai.com with the subject line "Complete Data Removal Request." We will process such requests within 30 days and may ask for identity verification to prevent fraudulent requests.
Except for the deletion records mentioned above, anonymized usage statistics may be retained for service improvement.
8. Children's Privacy (COPPA Compliance)
Age Restriction: Browsist AI is not intended for children under 13 years of age (or under 16 in the European Economic Area).
- We do NOT knowingly collect personal information from children under 13
- We do NOT target children with marketing or features
- Parents/guardians: If you believe your child has provided us with personal information, contact us immediately at support@browsistai.com
- We will delete any data from children under 13 within 48 hours of notification
9. International Data Transfers
Your data may be processed in countries outside your residence, including the United States and India. We ensure appropriate safeguards are in place for international transfers as required by GDPR and other data protection laws.
10. GDPR Compliance (EU Users)
If you are in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to access, rectify, erase, or restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with your supervisory authority
11. CCPA Compliance (California Users)
California residents have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed
- Opt-out of the sale of personal information (we do not sell data)
- Request deletion of personal information
- Non-discrimination for exercising CCPA rights
12. Cookies & Tracking Technologies
Mobile App: Our Android app does NOT use cookies or browser tracking.
Web Backend: Minimal use of cookies for backend authentication:
- Authentication Tokens: JWT tokens stored in encrypted DataStore (essential for app functionality)
- NO Third-Party Cookies: We do not use advertising cookies, social media pixels, or analytics trackers
- NO Cross-Site Tracking: We do not track you across other websites or apps
- Web Browser Data: URLs you visit within the app's built-in browser are stored locally for history/bookmarks only
Do Not Track: Our app respects "Do Not Track" browser signals (though not applicable to native Android apps).
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via:
- In-app notification
- Email to registered users
- Updated "Last Modified" date
14. Contact Us & Data Protection Officer
© 2025-2026 BMT CREATIONS PRIVATE LIMITED. All rights reserved.
Home | Privacy Policy | Terms of Service