Privacy Policy

Last updated: [Month Day, 2026]

Bridgit DAO, a Wyoming-based organization, operates Canopi.

This Privacy Policy explains what data we collect, why we collect it, and how it is used.

Plain Language Summary

Our Purpose

Canopi has a single purpose: to provide a collaboration sidebar for discussing webpages in real time.

We do not sell your data. We do not run ads. We do not inject advertising into webpages.

What We Collect

• Email address

• Display name / handle

• Profile photo

• Messages and reactions you create

• Community membership

• Real-time presence (when enabled)

• Cursor position (only if you opt in)

We use Google Analytics for aggregate usage insights.

What We Do Not Do

• We do not sell personal data.

• We do not use your data for advertising.

• We do not modify webpage content beyond optional presence indicators.

Information We Collect

Account Information

When you sign in using Google or Web3Auth, we store:

• Email address

• Handle or display name

• Profile photo

You may change your display name.

User Content

We store:

• Messages

• Replies

• Reactions

• Edits (message history is retained)

Messages persist so conversations remain intact.

If you delete your account, your messages are anonymized.

Presence and URL Data

• Presence is real-time and indicates when you are actively viewing a page while visible.

• We record page URLs in order to associate discussions with the correct webpage and to enable community context.

• URL activity is tied to your account to support page-level discussions and continuity.

• We do not sell or share browsing activity for advertising purposes.

• In the future, we may use aggregated or account-level activity to improve relevance, recommendations, or community discovery. If we introduce new uses of activity data beyond what is described here, we will update this Privacy Policy.

• We may enable optional blockchain-based data retention tied to your cryptographic key, giving users greater control over their retained activity data.

Live Cursor

Cursor position is stored only when you opt in to live cursor sharing.

Analytics

We use Google Analytics to understand aggregate usage patterns.

AI and Agent Features

When you use the Agent feature:

• Prompts may be sent to third-party AI providers, currently DeepSeek.

• We may support multiple AI providers in the future.

• Agent interactions may be stored.

• Community-specific agents may access relevant community messages.

We do not use your data for advertising training purposes.

Infrastructure and Security

• Hosting provider: Vultr

• Primary database: Supabase (managed PostgreSQL)

• Data is encrypted in transit using TLS.

• Data stored in Supabase is protected using industry-standard security controls, including encryption at rest.

• Logs may be retained for up to 5 years for operational and security purposes.

We may begin logging IP addresses or device metadata in the future if required for security, abuse prevention, or system integrity.

Third Parties

We use:

• Google OAuth

• Web3Auth

• Resend (email delivery)

• Google Analytics

We do not use advertising networks.

Data Retention

• Account data persists while your account is active.

• Deleted accounts are anonymized.

• Server logs retained up to 5 years.

• Future blockchain retention may be user-controlled.

Your Controls

You can:

• Control visibility per page.

• Enable or disable live cursor sharing.

• Manage notifications.

• Delete your account (messages anonymized).

Data export features may be added in the future.

Children

Canopi is not directed to children under 13.

Changes

We may update this policy. Continued use constitutes acceptance of changes.

Contact

Privacy questions: info@canopi.live

Bridgit DAO Wyoming, United States