Privacy Policy
Last updated: February 2026
ContextFlow ("the Extension") is a browser extension that analyzes web page content using AI to provide summaries, comprehension quizzes, and risk flags. This Privacy Policy explains how the Extension handles your data.
1. Data We Collect
ContextFlow processes the following data:
- Page text content: When you visit a web page with ContextFlow enabled, the Extension reads the visible text content of the page for analysis. This content is processed locally and sent to an AI language model API for analysis.
- API keys: If you use the free tier (BYOK), your OpenAI API key is stored locally in your browser using Chrome's storage API. It is never sent to our servers.
- Usage statistics: The Extension tracks the number of pages analyzed and tokens used per day, stored locally in your browser for displaying usage information.
- License information: If you subscribe to a paid plan, your license key, email address, and subscription tier are stored locally.
2. How We Use Your Data
- Page analysis: Text content from web pages is sent directly from your browser to the AI provider's API (e.g., OpenAI) for generating summaries, quizzes, and risk flags. This data is not routed through our servers.
- License validation: When activating a license key, the key is sent to our validation endpoint to verify your subscription status. Only the license key is transmitted; no page content or browsing data is sent.
- Cached analyses: Analysis results are cached locally in your browser to avoid redundant API calls. You can clear this cache at any time through the Extension settings.
3. Data We Do NOT Collect
- We do not collect or store your browsing history.
- We do not collect or store the content of pages you visit on our servers.
- We do not use cookies or tracking pixels.
- We do not sell, rent, or share any user data with third parties.
- We do not collect analytics, telemetry, or crash reports.
4. Third-Party Services
The Extension sends page text content to AI language model providers for analysis. The specific provider depends on your configuration:
- OpenAI (api.openai.com) — default provider. Subject to OpenAI's Privacy Policy. OpenAI states that API inputs are not used to train models.
- Anthropic (api.anthropic.com) — optional alternative.
- OpenRouter (openrouter.ai) — optional alternative for non-US models.
For payment processing, we use Stripe, subject to Stripe's Privacy Policy. Stripe collects payment information directly; we never see or store your credit card details.
5. Data Storage
All data is stored locally in your browser using Chrome's storage APIs:
chrome.storage.sync — settings, license info, usage stats (synced across your Chrome browsers)chrome.storage.local — cached page analyses (local to this device, up to 10 MB)
No data is stored on our servers. The only server communication is license key validation and Stripe payment processing.
6. Your Rights
- Access: All your data is stored locally in your browser. You can view it via Chrome DevTools (Application → Storage).
- Deletion: You can delete all Extension data by: (1) clearing the cache via Extension Settings, (2) removing the Extension, or (3) clearing Chrome's extension storage.
- Portability: You can export cached analyses as a JSON file from the Extension settings.
- Opt-out: You can disable the Extension at any time using the master toggle in the popup. When disabled, no data is collected or processed.
7. Data Security
API keys are stored in Chrome's encrypted storage and transmitted only to the relevant API provider over HTTPS. The Extension does not inject scripts from external sources. All code runs locally within the browser's extension sandbox.
8. Children's Privacy
ContextFlow is not directed at children under 13. We do not knowingly collect data from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the Extension after changes constitutes acceptance.