Privacy Policy
Last updated: April 16, 2026
1. Introduction and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website contextcraft.app and the ContextCraft browser extension. Personal data is all data with which you can be personally identified.
1.2 The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
HBW Software UG (haftungsbeschränkt)Sigbertstraße 5, 51427 Bergisch Gladbach, Germany
Tel.: +49 174 3856722
Email: [email protected]
2. Data Collection When Visiting Our Website
2.1 When using our website purely for informational purposes, we only collect the data that your browser transmits to the server (server log files), including your IP address (possibly anonymized), date and time of access, browser type, operating system, and the referring URL.
2.2 Processing is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) to ensure the operation and security of the website.
2.3 Our website uses SSL/TLS encryption, recognizable by “https://” and the lock symbol in your browser’s address bar.
3. Hosting and Data Storage
3.1 Our website is hosted on a self-managed server (Coolify). The data collected there is processed in accordance with our hosting provider’s data processing agreement.
3.2 User data (accounts, prompts, personas, optimization history, subscription status) is stored in a NeonDB PostgreSQL database hosted in the EU. For the storage and processing of your personal data, there is a data processing agreement that ensures the protection of your data.
3.3 The ContextCraft browser extension stores data locally in your browser (chrome.storage.local) by default. When you connect the extension to your account, your prompts, personas, and settings are synced to our server for cross-device access.
4. Collected Personal Data and Purposes of Processing
4.1 We store the following personal data:
- Account data: name, email address, profile picture (provided via Google or GitHub OAuth)
- Prompts and personas: saved prompts, folder structures, persona configurations, and context you provide
- Optimization history: original and optimized versions of prompts you process through our AI optimizer
- Voice recordings: if you use the voice input feature, audio is transcribed in real-time and is not stored after transcription completes
- Usage data: prompt insertion counts, last-used timestamps, onboarding responses, enabled platforms
- Payment data: processed by Stripe; we store only your Stripe customer ID and subscription status, never card numbers
4.2 The data is processed exclusively for the following purposes:
- Providing and improving the ContextCraft service
- Syncing your data between the browser extension and web app
- Processing AI optimizations via third-party AI providers
- Sending transactional emails (welcome, billing, trial expiry)
- Internal analytics to improve our service
4.3 Data is not passed on to third parties, except to the service providers mentioned in section 5 as part of data processing agreements.
5. Third-Party Service Providers
We use the following third-party services to operate ContextCraft:
- NeonDB (Neon Inc., USA) — PostgreSQL database hosting. Data processed in the EU.
- Cloudflare (Cloudflare, Inc., USA) — DNS management and email routing. Joined the EU-US Data Privacy Framework.
- OpenRouter / Groq — AI inference for prompt optimization. Only your prompt text is sent; no personally identifiable information.
- Stripe (Stripe, Inc., USA) — Payment processing. Stripe’s own privacy policy governs the handling of payment data. Joined the EU-US Data Privacy Framework.
- Resend (Resend, Inc.) — Transactional email delivery. Only your email address and name are shared for email sending.
- Google OAuth / GitHub OAuth — Authentication. We receive only your name, email, and profile picture; we never access other account data.
6. Cookies and Tracking Tools
6.1 We use cookies to ensure the functionality of the website, maintain your authentication session, and improve the user experience.
6.2 We use PostHog for product analytics (page views, feature usage). PostHog can be configured to process data in the EU.
6.3 Processing only takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.
7. Transactional Emails
7.1 We send transactional emails related to your account activity, including welcome emails, trial expiry notices, payment confirmations, and subscription updates.
7.2 We use Resend as our email service provider, with whom a data processing agreement exists.
7.3 You can manage your email preferences in your account settings. Transactional emails related to billing and account security cannot be unsubscribed from.
8. Data Transfer to Third Countries
8.1 Some of our service providers (Stripe, Cloudflare) are US companies. For data transfers to the USA, these providers have joined the EU-US Data Privacy Framework, which ensures an adequate level of data protection.
8.2 AI inference services may process prompt text outside the EU. No personally identifiable information is included in these requests.
9. Duration of Storage of Personal Data
Data is stored only as long as necessary for the stated purposes or as required by law. If you delete your account, your personal data, prompts, personas, and optimization history will be deleted. Stripe retains payment records as required by law.
10. Your Rights under the GDPR
You have the right to:
- Access your stored personal data (Art. 15 GDPR)
- Rectify inaccurate data (Art. 16 GDPR)
- Delete your data (Art. 17 GDPR)
- Restrict processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Revoke your consent at any time (Art. 7 para. 3 GDPR)
- Lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)
To exercise these rights, contact us at [email protected].
11. Browser Extension Specific Data Handling
11.1 The ContextCraft browser extension injects a widget into supported AI chat platforms (ChatGPT, Claude, Gemini, and others) to enable prompt insertion. The extension does not read, collect, or transmit the content of your conversations on these platforms.
11.2 When used without an account, all data remains in your browser’s local storage and is never transmitted to our servers.
11.3 When connected to an account, only your saved prompts, personas, settings, and usage counters are synced. Conversation content is never synced.