1. Introduction and scope

Dodl Notes is a Chrome extension for secure, encrypted note-taking and organization. Dodl uses a Dodl account, browser storage, encrypted cloud sync, and secure backend services to provide sync, recovery, optional AI features, and account-linked settings.

You are responsible for the content you choose to store in notes, group names, member names, or other fields. If you store personal or sensitive information, you are responsible for compliance with any laws or policies that apply to your use case, including school, district, or local privacy requirements.

2. What Dodl collects and processes

Dodl processes only the information needed to run the product and the optional features you choose to use.

  • Authentication information such as your Dodl account email address, Firebase Authentication session metadata, and locally entered password or recovery-key inputs.
  • Preferences and settings such as auto-lock duration, notifications, draft settings, telemetry controls, and feature toggles.
  • User activity timestamps used to support inactivity-based auto-lock behavior.
  • User-inputted note content, group names, member names, and descriptions, which are encrypted locally before persistence.
  • Encrypted key material used to unlock your workspace through your password or recovery method.
  • Optional AI prompts and responses when you choose AI-supported features.
  • Optional report template data, guideline support content, report timelines, and Google Docs export data.
  • Limited billing and subscription metadata for Pro access.
  • Optional feedback and support messages you submit.
  • Lifecycle metadata such as install, uninstall, version, sync, and migration state.

3. Why Dodl processes data

  • To provide the core note-taking, organization, sync, and recovery workflow.
  • To authenticate your Dodl account and restore access to encrypted cloud data across devices.
  • To save and sync settings where supported.
  • To run optional features like AI insights, AI drafting, report templates, guideline assistance, legacy template migration, and Google Docs export.
  • To manage Pro subscriptions and service continuity.
  • To improve reliability, security, and support, including product analytics when telemetry is enabled.

4. Storage locations

  • Encrypted cloud data in Firebase Firestore, including encrypted snapshots, backups, templates, lifecycle data, and limited billing metadata.
  • Browser local storage for drafts, caches, sync state, onboarding state, and performance-related local data.
  • Browser sync storage for lightweight settings such as timelines, terminology, toggles, telemetry preferences, and optional remembered email.
  • Browser session storage for the unlocked encryption key while Dodl is open and unlocked.
  • Optional IndexedDB file-handle records and user-chosen `.dodlpack` recovery file locations for offline recovery.

5. Encryption and security

Dodl uses AES-GCM 256-bit encryption through the Web Crypto API. Notes are encrypted in the browser before local persistence and before cloud sync.

  • Your encryption keys do not leave your device in unencrypted form.
  • The raw decrypted data key is session-scoped while Dodl is unlocked.
  • Password-based and recovery-based wrapped key material may be stored as encrypted payloads, but the developer cannot decrypt your notes.
  • Losing both your password-based and recovery-based access methods may lead to permanent data loss.

6. Third-party services and international transfers

Dodl uses Firebase Authentication and Firestore, Google Cloud functions, optional Google Docs export, optional Google-based legacy template migration, Google's Generative AI API for selected features, and Stripe for subscriptions.

By using Dodl, you acknowledge that certain account and backend data may be processed in countries outside your home jurisdiction, including the United States, where some of these providers operate.

7. Logging and analytics

Dodl uses local console logging for debugging. Dodl may also send limited product analytics using anonymous extension identifiers and product metadata. These analytics do not include note content, passwords, or recovery keys.

If you enable Reduced Telemetry, Dodl turns off analytics, review prompts, proactive share prompts, and in-app feedback, though limited operational lifecycle records may still be stored to support the service.

8. Data retention and deletion

  • Deleting notes, groups, members, or templates in Dodl removes them from your encrypted workspace or template store on the next save and sync.
  • Clearing browser data may remove local drafts, cached snapshots, session data, and saved recovery handle records.
  • Account reset attempts to remove encrypted cloud snapshot data, encrypted backend key material, and local extension data.
  • Uninstalling the extension removes local browser data but does not automatically delete your encrypted cloud records or any recovery package file saved elsewhere on your device.

9. Your rights

Depending on your jurisdiction, you may have rights over personal data controlled by Dodl, such as your account email address, limited billing metadata, lifecycle metadata, and backend support records. Because the developer cannot read your encrypted notes, requests about readable note content must be managed by you directly inside Dodl.

10. Updates, jurisdiction, and liability

This policy may be updated to reflect changes in Dodl's functionality, data handling, or legal requirements. Material updates may appear through release notes, the Chrome Web Store listing, or related Dodl policy pages.

This policy is governed by the laws of Ontario, Canada, with disputes subject to the courts in Toronto, Ontario, Canada.

Dodl is provided as-is. You assume responsibility for the content you store, the recovery materials you maintain, and your compliance obligations.