Privacy Policy for Engram
Effective Date: December 20, 2025
Last Updated: December 20, 2025
1. Introduction
Welcome to Engram, a privacy-first AI conversation memory extension. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Engram browser extension ("Extension", "Service", or "Engram").
Our Privacy Commitment: Engram is built with zero-knowledge encryption architecture. Your conversation data is encrypted on your device before it leaves your browser, and we cannot access or read your unencrypted data.
Operator: Engram is developed and maintained as a proprietary browser extension. For questions about this policy, contact: artha360.live@gmail.com
2. Information We Collect
2.1 Personal Information
User Account Information:
- Email address (for authentication and account recovery)
- Password (stored as salted, hashed credentials - we never see your actual password)
- Account creation date
Device Information:
- Device ID (randomly generated UUID for multi-device sync)
- Browser type and version
- Operating system
2.2 Conversation Data
Content You Save:
- AI conversation messages (from ChatGPT, Claude, Perplexity)
- User prompts and AI responses
- Timestamps and metadata
Important: All conversation content is encrypted end-to-end using XChaCha20-Poly1305 encryption on your device before storage or transmission. We cannot access your conversation data in readable form.
2.3 Usage Analytics
Anonymized Analytics (Privacy-Preserving):
- Extension usage patterns (without personal identifiers)
- Feature usage statistics
- Error reports (without conversation content)
- Performance metrics
We do NOT track:
- The content of your conversations
- Your browsing history
- Personally identifiable information in analytics
3. How We Store Your Data
3.1 Local Storage
On Your Device (IndexedDB):
- Encrypted conversation memories
- Encryption keys (derived from your password, never stored in plaintext)
- User preferences and settings
- Local cache for performance
Encryption: XChaCha20-Poly1305 (AEAD) with Argon2id key derivation
Access: Only you can decrypt this data with your password
3.2 Remote Storage (Optional Sync)
Supabase Cloud Storage (if you enable sync):
- Encrypted conversation data (encrypted blobs only)
- User email and account metadata
- Device synchronization state
- Vector clocks for conflict resolution
Zero-Knowledge Architecture:
- Your data is encrypted on your device BEFORE syncing
- Server stores only encrypted blobs (cannot decrypt)
- Encryption keys never leave your device
- We cannot access your conversation content
Third-Party Provider: Supabase (https://supabase.com)
Security: TLS 1.3 for data in transit, encrypted at rest on server
4. How We Use Your Information
4.1 Core Functionality
- Authenticate your account and manage sessions
- Store and synchronize your conversations across devices
- Provide search and retrieval of saved conversations
- Enable intelligent memory injection features
- Maintain data consistency across devices
4.2 Service Improvement
- Analyze anonymized usage patterns to improve features
- Identify and fix bugs
- Optimize performance
- Develop new features based on usage trends
5. Data Sharing and Disclosure
5.1 We Do NOT Sell Your Data
Engram does not sell, rent, or trade your personal information or conversation data to third parties for marketing or advertising purposes.
5.2 Third-Party Services
Infrastructure Providers:
- Supabase: Cloud database and authentication (receives encrypted data only)
These providers cannot access your conversation content due to end-to-end encryption.
6. Your Data Rights
6.1 Access and Export
- View all your stored memories via the Extension UI
- Export your data in JSON format
- Request a copy of your account data
6.2 Deletion Rights
- Delete individual memories within the Extension
- Delete your entire account and all associated data
- Request complete data deletion (contact support)
6.3 Opt-Out Rights
- Disable cloud sync (use local storage only)
- Disable analytics collection
- Uninstall the Extension at any time
7. Data Security
7.1 Encryption Standards
- Algorithm: XChaCha20-Poly1305 (AEAD)
- Key Derivation: Argon2id with per-user salt
- Transport: TLS 1.3 for all network communications
7.2 Security Measures
- Zero-knowledge architecture (we cannot decrypt your data)
- Secure password hashing (Argon2id)
- HTTPS-only connections
- Regular security audits
8. International Data Transfers
Your encrypted data may be transferred to and stored on servers in different countries where Supabase operates. However, since your data is encrypted end-to-end, the content remains protected regardless of server location.
9. Children's Privacy
Engram is not intended for use by children under 13 years of age. We do not knowingly collect information from children under 13.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy with an updated "Last Updated" date
- Displaying a notification in the Extension
- Sending an email to your registered address (for material changes)
11. Contact Information
For privacy-related questions, concerns, or requests:
12. Legal Compliance
12.1 GDPR (EU Users)
If you are in the European Union, you have additional rights under GDPR including:
- Right to access your data
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
12.2 CCPA (California Users)
California residents have the right to:
- Know what personal information is collected
- Request deletion of personal information
- Opt-out of sale of personal information (we do not sell data)