ConvoFlow stores all your data locally in your browser using chrome.storage.local. We have no servers, no user accounts, and no database. We only send data to the Claude API (for summarisation) and PostHog (anonymous usage counts). We never sell your data.
1. Who we are
ConvoFlow ("we", "us", or "our") is a Chrome browser extension that helps you save, organise, and reuse your AI conversations across platforms including ChatGPT, Claude, Gemini, Perplexity, Grok, and DeepSeek.
For privacy enquiries, you can contact us at: privacy@convoflow.app
2. What data ConvoFlow processes
| Data type | Where it lives | Sent externally? |
|---|---|---|
| AI conversation content (memories) | chrome.storage.local — your device only |
Sent to Claude API for summarisation only; not stored by us |
| Prompt library entries | chrome.storage.local — your device only |
No |
| Project definitions & context blocks | chrome.storage.local — your device only |
No |
| Connection tokens (Gmail, Outlook, GitHub, Figma, Notion, Slack) | chrome.storage.local — encrypted where possible |
Used only to call the respective service APIs on your behalf |
| Conversation text (for summarisation or Broadcast) | Not stored by ConvoFlow | Routed through ConvoFlow's Cloudflare Worker proxy (oauth.convoflow.app) to Anthropic Claude API or OpenRouter — see Sections 4 and 7 |
| Usage events (anonymous) | PostHog analytics server | Yes — see Section 5 |
| Your name, email, or identity | Not collected | No |
3. Local-first storage
ConvoFlow has no backend server, no user database, and no cloud sync. All memories, prompts, and project data are stored exclusively in chrome.storage.local on your device. If you uninstall the extension, all stored data is deleted.
We do not have access to your stored memories. We cannot read, modify, or delete your data remotely.
4. Claude API — summarisation
When you save an AI session, ConvoFlow sends the conversation text to Anthropic's Claude API to generate a structured memory card (topic tag, bullet summary, key decisions).
To keep API keys secure, this request is routed through ConvoFlow's own Cloudflare Worker at oauth.convoflow.app. The Worker immediately forwards the request to Anthropic and returns the result. It does not log, store, or inspect your conversation content. The Worker's sole purpose is to hold the API key server-side so it never ships in the extension bundle.
- Your conversation text is sent to Anthropic's API solely for the purpose of summarisation.
- The Cloudflare Worker acts as a pass-through proxy — it does not retain your data.
- ConvoFlow does not store a copy of the raw conversation text on any server.
- Anthropic's API usage is governed by Anthropic's Privacy Policy.
- Cloudflare's infrastructure is governed by Cloudflare's Privacy Policy.
5. Anonymous analytics (PostHog)
ConvoFlow uses PostHog to collect anonymous usage statistics. This helps us understand which features are being used so we can improve the product.
Anonymous event counts only — e.g. "session_saved", "memory_injected", "popup_opened". Each installation generates a random anonymous identifier (not linked to your identity). No conversation content, no URLs, no personal data.
- Events tracked:
extension_installed,session_saved,memory_injected,popup_opened,memory_deleted,copy_for_notion_clicked. - Each install generates a random UUID — this is not linked to your identity in any way.
- No message content, no conversation URLs, no personal information is ever sent to PostHog.
- PostHog is self-hostable and GDPR-compliant. Their privacy policy is available at posthog.com/privacy.
6. Third-party service connections
ConvoFlow optionally connects to external services for the Daily OS morning brief. When you connect a service, ConvoFlow reads data from it using OAuth tokens stored on your device.
- Gmail & Google Calendar: Read-only access to unread emails and today's events. Data is processed locally to generate your morning brief and never stored by ConvoFlow.
- Outlook: Connects via Microsoft PKCE OAuth. Same read-only, no-store policy as Gmail.
- GitHub: Reads your public and private repository activity (commits, PRs) via OAuth. Not stored externally.
- Figma: Reads recent design file activity via OAuth. Not stored externally.
- Notion: Reads pages updated in the last 7 days via Notion OAuth. Used solely to surface relevant pages in your morning brief. Not stored by ConvoFlow.
- Slack: Reads unread DMs and @mentions via Slack OAuth. Uses the following user scopes:
channels:history,channels:read,groups:history,im:history,im:read,mpim:history,mpim:read,search:read,users:read. Data is used only to generate your morning brief and is not stored by ConvoFlow.
OAuth token exchanges for GitHub, Figma, Notion, and Slack are performed through ConvoFlow's Cloudflare Worker proxy (oauth.convoflow.app) to keep client secrets secure. The Worker does not log or retain your tokens.
Connecting these services is optional. You can disconnect any service at any time from the Settings panel in ConvoFlow.
7. Broadcast feature
When you use the Broadcast feature in Personal AI mode, ConvoFlow injects your prompt into open browser tabs on the respective AI platforms using your existing logged-in sessions. ConvoFlow does not intercept, store, or transmit the AI platform's responses.
In ConvoFlow AI mode (powered by OpenRouter), your prompt is routed through ConvoFlow's Cloudflare Worker proxy (oauth.convoflow.app) and then forwarded to OpenRouter's API, which routes it to the relevant AI models. The Worker does not store your prompt. OpenRouter's privacy policy governs their processing of your request.
8. Children's privacy
ConvoFlow is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided information through our extension, please contact us and we will address it promptly.
9. Your rights
Because ConvoFlow does not collect personal data and all data lives on your device, most traditional data rights (access, erasure, portability) are exercised directly by you:
- Access & export: All your data is in
chrome.storage.local. You can view and export it directly. - Deletion: Uninstall ConvoFlow to delete all stored data. You can also delete individual memories from the Memories tab.
- Opt-out of analytics: We will add an opt-out toggle in Settings in a future release. Until then, you can contact us to request your anonymous PostHog data be deleted.
If you are in the EEA/UK and have concerns about data processing, you have the right to lodge a complaint with your local data protection authority.
10. Data security
All data is stored in Chrome's local storage, which is sandboxed to the ConvoFlow extension and not accessible to other extensions or websites. OAuth tokens for connected services are stored with the access controls provided by Chrome's extension security model.
We recommend keeping your Chrome browser and the ConvoFlow extension up to date to benefit from the latest security improvements.
11. Changes to this policy
We may update this Privacy Policy as the product evolves (for example, when we add Supabase cloud sync or mobile companion features). When we do, we will update the "Last updated" date at the top and, for significant changes, notify you via the extension.
12. Contact us
Questions or concerns?
We take privacy seriously. If you have any questions about this policy or how ConvoFlow handles your data, reach out:
privacy@convoflow.app