Skip to content
context-vault
Privacy Policy

Your data stays yours

Last updated: March 21, 2026

Local-first design

The MCP server runs entirely on your machine. Your vault entries are plain markdown files stored locally. Nothing is sent to any server unless you explicitly sign up for a hosted tier.

1. MCP Server (local)

When you run npx context-vault locally, all data stays on your machine:

  • Vault entries are stored as markdown files in a folder you choose.
  • A SQLite database is created locally as a derived search index.
  • No network calls are made. No analytics, no telemetry, no phone-home.
  • You can delete the vault folder and the SQLite file at any time.

2. Hosted App (app.context-vault.com)

If you create an account, we store the following to provide the service:

Account data

  • Email address (required for login)
  • Name (optional, for team display)
  • Hashed password or OAuth provider ID
  • API keys you generate (stored as hashes)

Hosted vault entries

  • Vault entries you upload to the hosted tier
  • Stored on Cloudflare R2 and Turso (libSQL)
  • Encrypted in transit (TLS). Not encrypted at rest by default.
  • Never shared with third parties or used for training.

Usage data

  • Recall counts per entry (for ranking and vault-brain)
  • Session identifiers for search context
  • API request logs (standard web server logs, 30-day retention)

Billing (Pro/Team plans)

  • Stripe customer ID and subscription status
  • Payment details are held by Stripe — we never see card numbers
  • Invoice history and plan tier

3. Browser Extension

The Context Vault Chrome extension stores:

  • Your configured Context Vault server URL
  • Your API key used to authenticate to your vault server
  • Temporary rate-limit metadata from server response headers

Selected text is sent only to the server URL you configure. No browsing history is collected beyond pages where the content script runs. No analytics, ad tracking, or third-party telemetry is collected by the extension.

4. Marketing Site (context-vault.com)

This website uses analytics to understand how visitors find and use it:

  • Google Analytics 4 (via Google Tag Manager) — page views, traffic sources
  • Microsoft Clarity — heatmaps and session recordings
  • PostHog — funnel tracking and conversion events

These tools may set cookies. No vault data or personal content is sent to these services. You can opt out via your browser's privacy settings or an ad blocker.

What we never do

  • We never sell or share your personal data with third parties
  • We never use your vault entries to train AI models
  • We never read your private vault entries except to provide the service
  • We never auto-publish private entries — all sharing is explicit

Deleting your data

  • Local vault: delete the vault folder and SQLite file on your machine.
  • Hosted vault: use the app dashboard or API to delete individual entries or export and delete your entire vault.
  • Account: email [email protected] to request full account deletion.
  • Extension: open extension settings and clear values, or uninstall the extension.

Contact

Questions about this policy? Email [email protected] or open an issue on GitHub.

GitHub Repository