Security

By default, your conversations, history, bookmarks, and files are encrypted and stored locally on your device. When you use Dia, the data needed to fulfill your request (such as your question and relevant context) is sent through our servers to trusted AI partners, who are contractually restricted from retaining or using your data to train their own models. Memory allows you to ask Dia about your previous activity. This is powered by summaries, created on our servers and stored locally on your device. Memory can be disabled in your Dia Settings at any time.

When you enable Sync, your data is sent off your device and passes through our servers so that we can sync the data to another device of your choosing. This data is end-to-end encrypted, and our servers cannot read the data. Sync can be disabled in your Dia Settings at any time. Read more on our Privacy page: Privacy ↗

Yes. By default, all ads are blocked in Dia natively. No ads, no ad-based tracking. You can control the ad blocking settings at Dia > Settings > Privacy

Your data is not for sale. We will never sell your personal data. Period. We only use it only to help Dia provide the most accurate and helpful results. Unlike many of our competitors, Dia doesn't collect your browsing data to build ad profiles.

The partners we rely on for AI (Anthropic, OpenAI, Gemini, Azure, AWS) are contractually restricted from retaining and using your data to train their own models.

By default, we use some content data to improve Dia. This content data isn’t tied to your account, is retained for 30 days, and then deleted. You can turn this off at any time in Settings. See our Privacy ↗ page for more details.

Enterprises can disable content sharing org-wide.

Requiring you to log in to an account lets us keep Dia’s AI features fast and available for everyone by managing how much traffic any single user can send to our systems.

Dia’s AI is built on top of the following models and providers: GPT (OpenAI Azure), Claude (Anthropic, Vertex, AWS), Gemini (Vertex). By default, we use some content data to improve Dia’s speed and accuracy. You can disable this by going to Settings → Privacy → Share content data to help improve Dia.

When you clear your local chats, files, or history, they are removed from your device. If you choose to share content data with Dia, it is not associated with your account and deleted from our servers after 30 days.

When you delete your account, associated data is deleted within 30 days in accordance with our privacy policy. Previously submitted feedback or content data is retained separately and is not linked to your account. Analytics data is retained but no longer linked to your profile. If you have Sync enabled, your synced data will also be deleted from our servers as part of the account deletion process.

Dia is based on Chromium, the same secure browser engine used by Chrome and Edge. When you use Dia’s AI features, the assistant is designed to avoid automatically processing data from sensitive sites. However, if you choose to include a sensitive site in a request, the assistant will process that content to answer your question.

Yes. The Browser Company completed a SOC 2 Type II examination for Dia covering security, confidentiality, and privacy for calendar year 2025. The final report was issued in 2026. To learn more about our compliance program and to request a copy, visit trust.diabrowser.com.

Prompt injections happen when a webpage or third party slips instructions into an assistant’s context, and the assistant follows those instructions instead of the user's instructions. All AI chat systems face this risk. Our stance is to assume prompt injections may occur and keep you safe through layered controls.

Examples of these layered controls include:

• Dia won't automatically open or follow LLM‑generated URLs . Attackers often use generated links to exfiltrate data; we block this class of action.
• Dia won't allow tools beyond what you intend to use. Dia’s chat session starts with no access to other tabs or ability to take write actions. Your review is needed to grant access before the assistant can use anything with real-world effects.
• Dia won't insert data into third-party sites without your approval. For actions like “fill form” or “draft email,” Dia shows you the exact content first in a Dia-controlled view. You choose whether to proceed.
• Dia won't take irreversible actions on behalf of the user. Items like calendar events stay in draft until you click “Create.”
• Dia won't run agentic mode on unapproved context. When Dia drives your computer (e.g., replying to email), the assistant only sees what you saw and approved, limiting third-party influence.
• Dia won't let agentic mode navigate to other websites. To contain the blast radius of actions, the assistant is unable to navigate on its own to another website
• Dia won't expose sensitive elements to the agent. Web form fields like passwords and irreversible action buttons are invisible to the agentic system.
• Dia won't pass URLs to the LLM verbatim. Links can hide instructions; Dia filters those so they can’t influence the AI.

We design Dia’s features so that, even if a prompt injection occurs, the potential impact is contained. The web is adversarial and we are constantly researching and finding more ways to protect you while you use Dia.

That said, prompt injections can still:

• Cause unexpected style or tone shifts (e.g., making the assistant “talk like a pirate”).
• Nudge content toward misinformation if a tab is treated as local “ground truth.” Context improves relevance, not universal correctness.
• Trigger unintended assistant actions, like searches or lookups you didn’t ask for.

Our layered controls are designed to prevent the most harmful outcomes like sending your data to an attacker or taking actions you didn’t approve, but no defense is perfect. We recommend reviewing the assistant’s responses carefully, especially when working with untrusted content.

Practical tips to reduce prompt‑injection risk:

• Be specific about what you want the assistant to do, and review its actions before approving.
• Be cautious when asking the assistant to work with content from unfamiliar or untrusted sources.
• Review the assistant’s responses carefully, especially when the output will be shared or acted on.

We sometimes keep a small set of AI-related data, if it helps with security or compliance. Think content moderation flags, suspected misuse (like trying to get the model to do something dangerous), or prompt‑injection and safety‑violation events. This data is only kept as long as we need to detect, investigate, and prevent abuse, meet legal obligations, and make Dia safer. It’s access‑controlled, used only for security and compliance, and never used to train models. When it’s no longer needed for those purposes, we delete it according to our policies.

Dia follows a strict patching schedule to keep you secure:

• Weekly updates: Dia releases every Thursday with the latest stable version of Chromium that Google has shipped to users.
• Critical security fixes: When Google releases a patch for a critical vulnerability, Dia publishes the fix to production within 48 hours.

This means Dia stays current with Google Chrome's security updates while maintaining our weekly release cadence.

Yes. Dia supports standard Chromium enterprise policies, including Google Chrome Cloud Management, and also provides Dia-specific MDM policies that let you disable all AI-powered features on specific websites.

Dia makes it easy for your IT team to be managed and deployed.

Yes. Dia supports SAML-based SSO with most identity providers, including Google, Okta, Microsoft Entra ID, and more. You can also use Dia’s MDM policies to restrict sign-ins to approved email domains, ensuring only your employees can access Dia securely.

While The Browser Company is now part of Atlassian, Dia continues to operate under its own privacy policy and data handling commitments. See https://diabrowser.com/privacy for the latest details.