Skip to content
context-memory
Privacy
Privacy

Privacy Policy

Last updated: 9 July 2026

This policy explains what data context-memory collects, how we use it, what never leaves your machine, and how you can access or delete it. It covers this website, the Claude Code plugin, and the hosted backend that stores your memory.

The short version
  • Your Claude Code transcripts stay on your machine. We never receive them.
  • On each prompt, the plugin sends the first 500 bytes of that prompt to our backend and our embedding provider (OpenAI) to search your memory, plus a few identifiers (your project path and repository name) to scope recall. No other content from your prompt or files is sent.
  • The memories you save (and a small amount of account and technical data) are stored on our backend under your account.
  • We do not sell your data, and we do not use it to train AI models.
  • You can delete any memory, rotate your keys, or close your account at any time.

Information we collect

Account information

When you sign up we collect your email address and a password. If you sign up with GitHub instead, we receive the basic account information GitHub shares during sign-in (your GitHub identifier and the email address associated with your account). Passwords are stored only as a salted hash, never in plain text, and are checked against known-breached password lists at sign-up to discourage choosing a compromised one.

API keys

We issue you one or more API keys (the cm_ tokens) that authenticate the plugin to the backend. We store these so we can validate requests and let you rotate or revoke them.

Prompt text sent for search

On every prompt, the plugin sends the first 500 bytes of your prompt to our search API to find relevant memories. Running that search includes turning the text into a numerical embedding, which means sending it to our embedding provider, OpenAI (see Service providers). Alongside the query, the plugin sends a few identifiers used to scope recall to where you are working: your current project path (the working directory) and, in a git repository, the repository name (for example owner/repo). At the start of a session it also sends the repository name and your Claude Code session id to load that project's memory. No other content from your prompt, your files, or your session is transmitted.

Memory you and your agent save

The core of the service is the memory you store: Contexts and Topics. For each, we store the content you (or Claude, on your behalf) save, its tags, any structured properties you attach, and metadata used to organize and scope recall: the git_repo and project labels, a source_type, a visibility setting, and, for session summaries, the Claude Code session id. This is content you choose to save, so please avoid putting secrets or sensitive personal data into your memories. To make memories searchable, their text is also sent to our embedding provider (OpenAI) to generate a numerical embedding; under OpenAI's API terms, this content is not used to train their models.

What stays on your machine

Your Claude Code transcripts never leave your device. The /bootstrap-memory command reads them locally and uploads only the distilled memories you approve. We do not collect, receive, or store your raw session transcripts.

Technical and usage data

Our servers keep standard operational logs (for example IP address, timestamps, and error diagnostics) to run and secure the service. The sign-up page runs a bot-protection challenge (Cloudflare Turnstile). The website uses Cloudflare Web Analytics, a cookieless tool that measures aggregate traffic without tracking you across sites or building a profile of you. We do not use advertising or cross-site tracking cookies.

How we use your information

  • To provide the service: store your memories and return the relevant ones on recall.
  • To authenticate requests and let you manage, rotate, and revoke API keys.
  • To send you essential account email (verification and password resets).
  • To secure the service, prevent abuse, debug problems, and understand aggregate usage.
  • To respond when you contact us for support or send feedback.

We do not sell your personal information, and we do not use the memories you store or your prompt text to train our own or anyone else's machine-learning models.

Service providers

We use a small number of third-party providers to run the service, and share only what each needs to do its job:

  • Cloud hosting (Amazon Web Services) — runs our servers and databases.
  • AI embeddings (OpenAI) — turns the text of your memories and searches into numerical vectors so recall can find relevant results. Under OpenAI's API terms, this content is not used to train their models.
  • Email delivery — sends verification and password-reset messages.
  • Cloudflare — a bot-protection challenge on sign-up (Turnstile) and cookieless traffic analytics (Web Analytics).

We may also disclose information if required by law, or to protect the rights, safety, and security of our users and the service.

Data retention and deletion

We keep your account information and stored memories for as long as your account is active. You stay in control:

  • Delete individual memories any time with the delete_context and bulk_delete_contexts tools.
  • Rotate or revoke API keys from your account page.
  • Ask us to delete your account and its data by emailing [email protected]; we remove it within a reasonable period, except where we must retain something to meet a legal obligation.

Security

All traffic between the plugin and the backend uses HTTPS; the plugin refuses to send your API key over any non-encrypted connection. Passwords are salted and hashed, and API keys can be rotated or revoked at any time. No system is perfectly secure, but we work to protect your data and to respond promptly to issues.

Your rights

You can access, correct, and delete your data using the plugin's tools and your account page, or by contacting us. If you would like a copy of your stored data, email us and we will provide one. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to certain processing or to lodge a complaint with a supervisory authority. To exercise any of these, email [email protected] and we will respond.

Children

context-memory is a developer tool and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the service evolves. When we do, we will change the "last updated" date above, and for material changes we will provide a more prominent notice.

Contact

Questions about this policy or your data? Email [email protected]. context-memory is a service of Slova Applications.