Privacy Policy
ContextFlow — AI Web Assistant
Last updated: February 15, 2026
ContextFlow ("we", "our", "the app") is a Safari browser extension with a companion native app that provides AI-powered answers about web page content. This policy describes how we collect, use, and protect your information.
In short: We collect only what's necessary to run the service. We don't track you, don't sell your data, and don't show ads.
1. Information We Collect
Account information:
- Email address — used for account authentication and subscription management. Stored in our database (Supabase).
- Password — hashed and stored securely by Supabase Auth. We never have access to your plain-text password.
Subscription data:
- Purchase history — subscription plan type, status, and payment provider (Apple App Store or Stripe). Used to manage your access level.
- App Store transaction ID — stored to process subscription renewals and cancellations via Apple's server notifications.
Usage data:
- Request count — we track the number of AI requests for trial limits and rate limiting. This is linked to your account.
2. Information We Do NOT Collect
- We do not track your browsing history
- We do not collect analytics, device IDs, or advertising identifiers
- We do not use cookies or tracking pixels
- We do not share or sell any data to third parties
3. How We Use Your Data
Page content processing: When you ask a question, the current page content (or selected text) is sent to the OpenAI API to generate an answer. This content is:
- Sent directly to OpenAI's API and processed according to OpenAI's privacy policy
- Not stored on our servers — we only proxy the request
- Not used for training — OpenAI's API usage is not used for model training
API keys (BYOK plan): If you use the BYOK plan, your OpenAI API key is stored locally on your device only (in the app's shared storage). It is sent directly to OpenAI from your device and never passes through our servers.
4. Data Storage and Security
- Account data is stored in Supabase (hosted on AWS) with row-level security policies
- All network communication uses HTTPS/TLS encryption
- Passwords are hashed using industry-standard algorithms (bcrypt)
- API keys and settings are stored locally on your device using Apple's App Group shared storage
5. Third-Party Services
- Supabase — authentication and database (privacy policy)
- OpenAI — AI response generation (privacy policy)
- Apple App Store — subscription payments (for Safari/iOS users)
- Stripe — subscription payments (for Chrome users)
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, all associated data (subscription records, usage logs) will be permanently deleted within 30 days.
7. Your Rights
You can:
- Access your data — your subscription status and usage are visible in the app
- Delete your account — contact us at the email below
- Export your data — contact us at the email below
- Cancel your subscription — via Settings > Subscriptions on your device
8. Children's Privacy
ContextFlow is not directed at children under 13. We do not knowingly collect information from children.
9. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app after changes constitutes acceptance.
10. Contact Us
If you have questions about this privacy policy or your data, contact us at:
top10resource@gmail.com