Context — Privacy Policy

Last updated: May 21, 2026 · Effective: May 21, 2026

This Privacy Policy explains how Context (the "Extension"), provided by Histatical, LLC, a United States limited liability company ("we," "us," "our"), collects, uses, stores, shares, and protects your information when you use our Chrome extension and related services (collectively, the "Services").

Histatical, LLC is the data controller for personal data processed in connection with the Services. Questions? Contact jack@histatical.com.

1. What Context does

Context is a Chrome extension that captures audio from your active browser tab, transcribes it in real time, and extracts key terms, people, concepts, and insights to display in a sidebar. It works on any website that plays audio — including video platforms (YouTube, Netflix, Twitch), audio platforms (Spotify, SoundCloud, Google Podcasts), educational sites (Coursera, Khan Academy, Udemy, TED), news and finance sites (CNBC, Bloomberg, news streams), meeting tools, lecture recordings, and any other browser tab where audio plays.

Because audio can play on virtually any website, Chrome requires the Extension to request broad host permissions. The Extension only captures audio and reads page metadata when you explicitly start a Context session on a tab. Until you start a session, no audio is captured, no transcript is generated, and no information about the page is sent to our servers.

2. Data we collect

We collect only the data necessary to deliver the Extension's functionality. The categories below cover everything we collect.

2.1 Audio data

When you activate Context on a tab, we capture the audio playing in that tab using Chrome's tabCapture API. This audio is streamed in real time to our transcription provider (see Section 4). Audio is never recorded, saved, or stored — on your device or on any server — at any point in the pipeline.

2.2 Transcript data

Transcripts produced from your tab audio are sent in real time to our language-model provider for entity and insight extraction (see Section 4). Full transcripts are not stored on our servers or on the providers' servers beyond the lifetime of each API request.

2.3 Session and locally stored data (on your device only)

The following data is stored in your browser's local storage (chrome.storage.local) and never leaves your device unless you explicitly export it:

Extracted entities and insights from your sessions
Your accumulated knowledge base (terms across sessions)
Session history, including the URL and page title of the page where each session was started, the timestamp, and the duration of the session
Your preferences and settings
Local usage statistics (session count, total duration)

We do not record URLs or page titles for pages where you have not started a Context session. We do not track your general browsing history.

2.4 Account data (if you choose to sign in)

Google sign-in is optional. If you sign in:

We receive your email address, name, and profile picture URL from Google's basic profile scope (openid, email, profile)
This information is stored on Supabase servers hosted in the United States (us-west-2, Oregon) to identify your account, display your avatar in the sidebar, and sync preferences across devices. A copy is also cached locally in chrome.storage.local.
We do not access your Google Drive, Gmail, contacts, calendar, or any other Google data

2.5 Subscription and billing data

If you subscribe to a paid plan, payment is processed by Stripe. Stripe collects and stores your payment-method details (card brand, last four digits, expiration, billing address) directly on their PCI-compliant infrastructure. We do not see, store, or have access to your full card number or CVC.

What we store on our own servers (Supabase) about your subscription:

Your Stripe customer ID (a reference, not payment details)
Your subscription tier (free or paid) and status (active, cancelled, past_due, etc.)
Free-tier usage counters (e.g. daily transcription minutes used) to enforce plan limits such as the 30-minute daily cap on the free tier
Subscription start, renewal, and end dates

You can cancel your subscription at any time. Upon cancellation, your subscription record is retained for up to 7 years for tax and accounting purposes as required by U.S. law; you may request earlier deletion of non-required fields.

2.6 Anonymous analytics (opt-in only)

If you opt in to "Help improve Context" in Settings, we collect anonymous usage events to improve the product. These events contain:

Session start/stop events
Feature usage counts (which features were used, how often)
Anonymous installation ID (randomly generated, not tied to your identity)
Extension version and Chrome version

These events contain no transcripts, no entity data, no audio, no URLs, and no personally identifiable information. Analytics are off by default; you can opt out at any time in Settings.

2.7 Data we do not collect

We do not store audio recordings
We do not store full transcripts on any server
We do not record URLs or page titles for pages where you have not started a Context session
We do not track your general browsing history
We do not read page text, HTML, form inputs, or other page content
We do not sell, rent, or trade your data
We do not share your data with advertisers
We do not display ads
We do not use your data to train AI models
We do not use cookies or tracking pixels
We do not see or store your full credit card number or CVC

3. How we use your data

We use the data described above only for the following purposes:

Data	Purpose	Legal basis (GDPR)
Tab audio	Real-time transcription to deliver the core feature	Performance of a contract
Transcripts	Entity and insight extraction to deliver the core feature	Performance of a contract
Session history (URL, title, timestamp)	Let you revisit prior sessions and the entities they generated	Performance of a contract
Locally stored knowledge base & settings	Provide accumulated knowledge across sessions and personalize the Extension	Performance of a contract
Account data	Authenticate you, display your avatar, sync preferences across devices	Performance of a contract / Consent
Subscription & billing data	Process payments, enforce plan limits, send service notices	Performance of a contract / Legal obligation (tax records)
Anonymous analytics	Improve product quality and reliability	Consent (opt-in)

We do not use your data for any other purpose without your explicit consent.

4. How we share data with third parties

We share data only with the service providers strictly required to deliver the Extension. Each provider acts as a processor on our behalf and is contractually bound to handle your data securely.

Deepgram — real-time audio transcription. Tab audio is streamed to Deepgram for speech-to-text. Audio is processed in transit and is not retained. Privacy policy: deepgram.com/privacy
Anthropic (Claude API) — entity and insight extraction. Transcript text is sent to Anthropic's API. Per Anthropic's API terms, this data is not retained beyond the request lifecycle and is not used to train models. Privacy policy: anthropic.com/legal/privacy
Supabase — account storage (if signed in), subscription records, and opt-in anonymous event logging. Hosted in the United States (us-west-2, Oregon). Privacy policy: supabase.com/privacy
Stripe — payment processing for subscriptions. Stripe receives and stores your payment-method details directly. Privacy policy: stripe.com/privacy
Vercel — hosting for our website and API endpoints. Privacy policy: vercel.com/legal/privacy-policy
Upstash — rate limiting for our API endpoints. Stores only anonymous installation IDs and request counts. Privacy policy: upstash.com/trust/privacy
Google — sign-in authentication (only if you choose to sign in). Privacy policy: policies.google.com/privacy
Wikipedia API — thumbnail images for entities. No personal data is sent beyond standard HTTP request metadata. Privacy policy: foundation.wikimedia.org/wiki/Policy:Privacy_policy

We do not share your data with any other third party except (a) when required by law (subpoena, court order, valid legal request), (b) to protect the rights, property, or safety of users or the public, or (c) in connection with a merger, acquisition, or sale of assets, in which case you will be notified before your data is transferred.

5. Where data is stored and for how long

Data	Storage location	Retention
Tab audio	Streamed in transit only; not stored	Not retained
Transcripts	Processed in transit only; not stored on our servers	Not retained
Session history (URLs, titles, timestamps), entities, knowledge base, settings	Your device, in `chrome.storage.local`	Until you clear it, uninstall the Extension, or clear Chrome data
Account data (name, email, profile picture URL)	Supabase, US (us-west-2, Oregon); cached copy in `chrome.storage.local`	Until you delete your account or request deletion
Subscription records (Stripe customer ID, status, usage counters)	Supabase, US (us-west-2, Oregon)	Up to 7 years post-cancellation, as required for U.S. tax and accounting
Payment-method details (card brand, last 4, etc.)	Stripe (we do not store these ourselves)	Per Stripe's retention policy
Anonymous analytics	Supabase, US (us-west-2, Oregon)	12 months from the event date, then permanently deleted
Rate-limit counters	Upstash	24 hours (rolling window)

You can clear all locally stored data at any time using the "Clear" button in the extension sidebar.

6. International data transfers

Our service providers primarily process data in the United States. If you access the Extension from outside the United States — including from the European Economic Area, the United Kingdom, or Switzerland — your data may be transferred to and processed in the United States, which has different data-protection laws than your home jurisdiction.

When data is transferred internationally, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses (SCCs) with each processor, and we ensure each processor maintains GDPR-compliant data-handling practices.

7. Security

In transit: All data is transmitted over HTTPS / TLS 1.2 or higher. Tab audio is streamed to Deepgram over an encrypted WebSocket connection.
At rest: Data stored on Supabase is encrypted at rest using AES-256. Payment-method details are stored by Stripe on PCI-DSS-compliant infrastructure.
On your device: Locally stored data is held in Chrome's sandboxed extension storage and is inaccessible to other extensions or websites.
Access controls: Only authorized personnel can access production infrastructure, and access is logged and audited.
No long-term audio storage: We minimize risk by not retaining audio or transcripts at all.

No method of transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you
Right of rectification — request that we correct inaccurate or incomplete data
Right of erasure ("right to be forgotten") — request that we delete your data (subject to legal record-keeping obligations such as tax records)
Right to restrict processing — request that we limit how we use your data
Right to data portability — request a machine-readable copy of your data
Right to object — object to processing based on legitimate interests
Right to withdraw consent — withdraw any consent you've given (e.g. for analytics) at any time
Right to lodge a complaint with your local data-protection authority

For California residents (CCPA/CPRA): You also have the right to know what categories of personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as defined under California law.

To exercise any of these rights, email jack@histatical.com. We will respond within 30 days. You can also clear most of your local data directly using the "Clear" button in the sidebar or by uninstalling the Extension.

9. Children's privacy

Context is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact jack@histatical.com and we will delete it promptly.

10. Permissions used by the Extension

tabCapture — captures audio from the active tab for real-time transcription. Used only when you start a session.
activeTab — injects the sidebar into the current page when you activate Context.
scripting — injects the content script that renders the sidebar UI.
storage — stores your knowledge base, settings, session history, and cached account data locally (chrome.storage.local).
offscreen — required to process tab audio capture under Chrome's Manifest V3 architecture.
alarms — fires a per-minute timer during active capture sessions to track free-tier usage time and enforce the 30-minute daily cap. No data leaves your device through this permission.
identity — optional. Used only if you choose to sign in with Google.
Host permissions (<all_urls>) — required for the Extension to inject its sidebar and capture audio on whichever site you choose to use it on, since audio can play on virtually any website. The Extension does not read page content or transmit any data from any site unless you explicitly start a Context session on that tab. Additional narrow host permissions for wss://api.deepgram.com (transcription) and https://www.googleapis.com (sign-in) cover those service connections.

We request the narrowest set of permissions required to deliver the Extension's functionality.

11. Consent

By installing and using the Extension, you consent to this Privacy Policy. Before any audio is captured for the first time, the Extension displays an in-product disclosure explaining that audio will be streamed to Deepgram for transcription and that transcripts will be sent to Anthropic for analysis. You must affirmatively confirm this before any data leaves your browser.

You can withdraw consent at any time by:

Stopping a Context session (audio capture stops immediately)
Toggling off "Help improve Context" in Settings (analytics stops immediately)
Signing out of Google (account data is no longer accessed)
Cancelling your subscription (no further billing; existing subscription record retained per Section 5)
Uninstalling the Extension (all locally stored data is removed by Chrome)

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last updated" date at the top of this page
For material changes, post a notice in the Extension and/or notify signed-in users by email at least 7 days before the changes take effect

Your continued use of the Extension after changes take effect constitutes acceptance of the updated policy.

13. Chrome Web Store Limited Use compliance

Context's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

We use Google user data only to provide and improve user-facing features that are prominent in the Extension's Chrome Web Store listing
We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (with user notice)
We do not use Google user data for serving advertisements
We do not allow humans to read Google user data, except: (a) with your explicit consent; (b) for security purposes (e.g. investigating abuse); (c) to comply with applicable law; or (d) where the data is aggregated and used for internal operations

14. Contact

Questions, requests, or complaints regarding this Privacy Policy or your data:

Histatical, LLC
Email: jack@histatical.com

We aim to respond to all inquiries within 7 business days, and to formal data-subject requests within 30 days.