Privacy Policy

Last updated: January 2025

Zero-Knowledge Architecture

ContextMover operates on a zero-knowledge privacy model for your conversation data. Your AI conversations are captured and stored exclusively in your browser extension's local IndexedDB. They never travel through ContextMover servers.

Conversation content never stored on ContextMover servers

Optional sync to YOUR personal Supabase — ContextMover has zero access

AES-256-GCM encrypted vault credentials, keys never leave your device

You own all your data — export or delete at any time

1. What We Collect — and What We Don't

ContextMover is built on the principle of minimal data collection. Here is a precise breakdown:

Data stored on ContextMover servers

Authentication credentialsEmail, hashed password (managed by Supabase Auth)

Subscription statusPlan tier, payment status only — no payment card data

Prompt marketplace templatesPublic, opt-in templates you choose to share

Prompt assignmentsWhich template is assigned to which platform — no conversation content

Anonymous analyticsAggregate feature usage, no personally identifiable information

Data that NEVER touches ContextMover servers

The content of your AI conversations (prompts and responses)

Your conversation titles and metadata

Timestamps and turn counts of captured sessions

Any personal Supabase vault credentials

IDE snapshots, git diffs, or code context

2. Local Storage and the Browser Extension

When you install the ContextMover browser extension, your AI conversations are captured and stored in your browser's IndexedDB — a local database accessible only to the extension on your own machine. This data never leaves your device unless you explicitly connect a personal Supabase vault.

3. Personal Vault (Optional)

If you choose to connect your own Supabase project as a “personal vault,” your session data syncs to your Supabase project — not ContextMover's. The vault URL and anon key are stored with AES-256-GCM encryption in your local browser storage, with the decryption key derived from your account credentials via PBKDF2. The encrypted credentials are never transmitted to ContextMover servers.

You may disconnect or delete your vault data at any time from Settings → Personal Vault. Disconnecting does not delete local or vault data — you retain full control.

4. Cookies and Authentication

We use Supabase Auth to manage user accounts. Authentication state is stored in cookies and localStorage strictly for session management. We do not use tracking cookies, advertising pixels, or third-party analytics.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties, except: (a) Supabase Inc., our database and authentication provider; (b) Stripe, our payment processor, for subscription billing only; (c) as required by applicable law.

6. Your Rights

You have the right to access, export, correct, or delete any personal data we hold about you. To exercise these rights, contact us at privacy@contextmover.app.

Because your AI conversation data is stored locally and/or in your personal vault, ContextMover cannot access it — requests for conversation data must be handled directly by you in your browser extension or Supabase dashboard.

7. Security

We employ industry-standard security measures including TLS in transit, encrypted database storage (Supabase), and AES-256-GCM for vault credential encryption. Our zero-knowledge architecture means that even in the event of a ContextMover server breach, your conversation content cannot be compromised because it was never there.

8. Changes to This Policy

We will post any changes to this policy on this page with an updated date. Continued use of ContextMover after changes constitutes acceptance of the revised policy. For material changes, we will notify you via email.

9. Contact

Questions about this policy? privacy@contextmover.app