Privacy Policy

Last updated: February 22, 2026

Claudafinil (“we”, “our”, “us”) is a Chrome extension that visualizes conversation branches as interactive trees on claude.ai and chatgpt.com, and provides prompt storage at the individual and team level. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Data We Collect

Account Information

When you sign in with Google, we receive and store the following from your Google profile:

  • Email address
  • Display name
  • Profile picture URL

We also generate a unique user identifier based on your Google account.

Conversation Data

Claudafinil intercepts conversation data (message IDs, parent–child relationships, sender role, message text, and timestamps) from claude.ai and chatgpt.com locally in your browser to render the branch tree visualization.

This conversation data is not sent to our servers unless you explicitly create an annotation (bookmark). When you create an annotation, we store:

  • Conversation ID and name
  • Message ID and a truncated excerpt of the message text (up to 500 characters)
  • Your note

User-Created Content

We store data you explicitly create through the extension:

  • Prompts: title, content, and folder organisation
  • Annotations: bookmarked messages with your notes
  • Teams: team names, membership, and roles

Subscription & Billing Data

If you subscribe to a paid plan, Stripe (our payment processor) collects your payment information directly. We store Stripe customer and subscription identifiers, subscription status, and billing period dates. We do not store your credit card number or full payment details.

Error Reports

We use Sentry for error tracking. When an error occurs, Sentry may collect error messages and stack traces, browser and environment information, and truncated console breadcrumbs (up to 200 characters each). Personally identifiable information (PII) collection is explicitly disabled in our Sentry configuration.

Data We Do Not Collect

  • Your claude.ai or chatgpt.com session cookies or account credentials
  • Full conversation histories (only processed locally for visualisation)
  • Browsing history outside of claude.ai and chatgpt.com
  • Analytics or behavioural tracking data

How We Use Your Data

  • Authentication: to identify you and secure your account via Google OAuth 2.0 with PKCE
  • Core functionality: to provide branch visualisation, prompt storage, annotations, and team features
  • Billing: to manage your subscription through Stripe
  • Transactional emails: to send account-related emails (welcome, cancellation) via Resend
  • Error monitoring: to identify and fix bugs via Sentry

Data Storage & Security

  • Local storage: authentication tokens are stored in Chrome’s encrypted local storage. Session-scoped auth state is cleared when the browser closes.
  • Backend: our API runs on Cloudflare Workers. User data is stored in a server-side database.
  • Transport: all communication between the extension and our servers uses HTTPS.
  • Access control: API requests are authenticated with short-lived JWT access tokens. CORS policies restrict access to known origins.

Third-Party Services

Service Purpose Data Shared
Google OAuth Authentication Authorisation code (exchanged server-side for profile info)
Stripe Payment processing Email, name, subscription events
Resend Transactional email Email address
Sentry Error tracking Error events, environment info (PII disabled)
Cloudflare Infrastructure All API requests (as our hosting provider)

These services have their own privacy policies:

Data Retention

  • Account data: retained as long as your account is active
  • Prompts and annotations: retained until you delete them
  • Subscription data: retained until your subscription ends
  • Local extension data: authentication tokens persist until you sign out; session data is cleared when the browser closes

Your Rights

You can:

  • Access your data by viewing your profile, prompts, and annotations within the extension
  • Delete your data by removing individual prompts, annotations, or your account
  • Sign out at any time, which clears all locally stored tokens and auth state
  • Uninstall the extension to remove all local data

If you wish to request full deletion of your account and associated data from our servers, contact us at the address below.

Children’s Privacy

Claudafinil is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the “Last updated” date at the top of this page.

Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].