Privacy Policy
Dossier is a Chrome extension for pre-call intelligence. It helps users prepare for meetings by combining Outlook calendar context, locally processed mailbox signals, and public web research into a structured brief.
Dossier does not sell your data, does not maintain a server-side database of your private workspace data, and does not view your mailbox, calendar, notes, or generated briefs in normal operation.
Microsoft API Data
When you sign in with Microsoft and grant permission, Dossier uses Microsoft Graph to provide the meeting-prep features shown in the extension.
- Calendar information: meeting title, time, attendees, organizer, location, and meeting links are used to display upcoming calls and schedule reminders
- Mailbox information: recent messages may be queried to resolve attendee names and summarize relevant prior communication context for the meeting
- Account information: your Microsoft account identity is used to keep the extension connected to the correct calendar and mailbox
How Dossier Uses Data
Dossier uses authorized Microsoft data only to operate the product features you request or enable.
- Meeting list: showing upcoming meetings and identifying the likely external attendee
- Pre-call alerts: scheduling local Chrome alarms before meetings and opening the alert window at the selected time
- Brief generation: preparing public company and attendee research for the selected meeting
- Prior communications: creating a concise local summary of relevant recent mailbox history with the attendee or company
- Prep notes: saving notes and edited titles that you create in the extension
Local Storage
Dossier is designed to keep user workspace data in the browser wherever possible. The extension stores working data in Chrome local storage on your browser profile.
- Microsoft OAuth tokens used to authenticate Graph requests
- Meeting snapshots, notification settings, generated brief cache, and user-created prep notes
- Prior-communication snippets generated for the meeting view
Brief Proxy Boundary
Dossier uses a server-side brief proxy to keep API keys out of the Chrome extension and to perform public web research. The proxy receives only the public identifiers needed for that research, such as the attendee email domain and attendee name when available.
Mailbox-derived context, Microsoft tokens, and user prep notes are not used as inputs to the public company-research proxy. The proxy is stateless by design and does not maintain a database of user meetings, mailbox content, Microsoft tokens, notes, or generated briefs.
Third-Party Services
Dossier relies on selected service providers to operate the extension and brief-generation workflow.
- Microsoft Graph: provides the authorized calendar and mailbox access used by the extension
- Vercel: hosts the Dossier brief proxy; Vercel has a SOC 2 Type 2 attestation and provides platform security features including encrypted transport
- Tavily: performs public web search and extraction for company and attendee research
- Text-model providers: Groq or Anthropic may be used to transform public source material into structured brief output, depending on deployment configuration
Dossier uses these vendors only to provide the requested product functions. Dossier does not authorize Microsoft Graph, Vercel, Tavily, Groq, or Anthropic to train models on Dossier user data, sell Dossier user data, or build advertising profiles from Dossier user data.
Data Sharing
Dossier uses data to provide the extension's user-facing features. Dossier does not sell user data, rent user data, use Microsoft mailbox data for advertising, or use mailbox data to determine creditworthiness, lending eligibility, employment eligibility, or insurance eligibility.
Dossier may process data through Microsoft Graph, Vercel, Tavily, Groq, and Anthropic when needed to provide authentication, reminders, public web research, and brief generation. Dossier does not store user mailbox content, Microsoft tokens, prep notes, or meeting history with Tavily, Groq, or Anthropic; public research inputs are sent only as needed to return the requested brief.
Human Access
Dossier is designed so user mailbox content, calendar details, notes, and generated briefs are processed by the extension rather than reviewed by people. The Dossier team does not see or review this data in normal operation. Human access is limited to situations where the user requests support, where access is needed to investigate security or abuse, or where access is required to comply with legal process.
Security
- Microsoft sign-in uses OAuth; Dossier does not receive or store your Microsoft password
- Tavily and text-model API keys are stored on the server side and are not included in the Chrome extension
- The hosted proxy runs on Vercel, whose security materials state that Vercel has a SOC 2 Type 2 attestation
- Notes and rendered brief content are sanitized before display in the extension UI
- Optional Outlook reminder suppression requests Outlook page access only after the user enables that setting
Retention and Deletion
Local extension data remains in Chrome local storage until you sign out, clear extension data, clear generated briefs, or uninstall the extension. Cached generated briefs are designed to expire after the configured cache period.
You can revoke Microsoft access through your Microsoft account permissions, and uninstalling the extension removes its local extension storage from Chrome.
Policy Updates
Dossier may update this Privacy Policy as the product changes. Updates will be reflected on this page with a revised "Last updated" date.
Contact
Questions about this Privacy Policy or Dossier's data handling can be directed to the Dossier product owner or administrator who provided the extension.