Privacy Policy

This policy covers the ContextStellar Chrome Extension ("the Extension") and the contextstellar.com website ("the Website"). The Extension and the Website are provided by ContextStellar ("we", "us", "our").

We do not collect any personal data. Period.

The Extension processes your prompt text entirely on your device using local JavaScript. No prompt text, scoring results, usage statistics, or any other data is ever transmitted to our servers or any third party. There are zero network requests made by the Extension.

Specifically, we do not collect:

• Your prompt text or LLM conversations
• Your scores, grades, or optimization history
• Your browsing history or page content
• Your IP address, device fingerprint, or hardware identifiers
• Your name, email, or any account information
• Crash reports, diagnostics, or telemetry

The Extension stores data exclusively in your browser's local storage (chrome.storage.local). This data never leaves your device and is never synced to any cloud service. We deliberately do not use chrome.storage.sync, which would transmit data to Google's servers.

You can delete all stored data at any time using the "Clear History" button in the Extension popup, or by uninstalling the Extension.

We request the minimum permissions necessary for the Extension to function. Here is every permission and why we need it:

We also request host permissions for specific LLM websites (ChatGPT, Claude, Gemini, Copilot, Poe, HuggingChat, Mistral, LM Arena) so the Extension can read your prompt input field on those sites. We do not request the broad <all_urls> permission.

The Extension is built with defense-in-depth security:

• Manifest V3: Uses Chrome's latest and most secure extension platform with strict default Content Security Policy.
• Explicit CSP: Defines a restrictive Content Security Policy (script-src 'self'; object-src 'self') preventing remote code execution.
• No eval(): Zero use of eval(), Function(), or any dynamic code execution.
• No remote code: All JavaScript runs from the extension bundle. No CDNs, no external scripts, no dynamically loaded code.
• XSS protection: All user-generated content is escaped via safe DOM-based sanitization (textContent) before rendering.
• No externally_connectable: External websites cannot send messages to the Extension. All messaging is internal-only.
• Scoped resource access: Web-accessible resources are restricted to only the supported LLM domains, preventing extension fingerprinting.
• Zero dependencies: The Extension has zero third-party libraries. Every line of code is first-party and auditable.

We share no data with third parties because we collect no data in the first place. The Extension contains:

• No analytics (no Google Analytics, Mixpanel, Amplitude, Segment, or similar)
• No advertising SDKs or tracking pixels
• No crash reporting services (no Sentry, Bugsnag, or similar)
• No A/B testing frameworks
• No social media widgets or embedded content
• No CDN-loaded resources

The contextstellar.com website operates differently from the Extension and may collect limited data as described below.

7.1 Session Cookies

When you sign in to the Website, we set a session cookie (connect.sid) to maintain your authentication state. This cookie is:

• HTTP-only — inaccessible to JavaScript, preventing XSS cookie theft
• Secure — transmitted only over HTTPS
• Session-scoped — expires after 7 days or when you sign out

Session data is stored server-side in our database. No tracking or advertising cookies are used.

7.2 Authentication Data

If you sign in via Replit OAuth (OpenID Connect), we receive and store in your session the following information from your Replit profile:

• User ID (subject identifier)
• Email address
• First and last name
• Profile image URL

This data is used solely to identify your account and personalize your experience. It is not shared with third parties or used for marketing.

7.3 Cloudflare Turnstile

The Website uses Cloudflare Turnstile for bot protection on specific forms. Cloudflare may process your IP address and browser metadata as part of its challenge verification. For details on how Cloudflare handles this data, see the Cloudflare Privacy Policy.

7.4 Client-Side Processing

The prompt editor on the Website processes text client-side and does not transmit your prompts to our servers. We do not use any analytics, tracking, or advertising services on the Website.

The Extension is a general-purpose developer tool and is not directed at children under 13. We do not knowingly collect information from anyone, including children.

If we make material changes to this policy, we will update the "Last updated" date above and, for significant changes, publish a notice in the Extension's changelog on the Chrome Web Store. Since we collect no data, changes to this policy are unlikely.

Because the Extension stores data only on your device and collects nothing on our servers, you have complete control over your Extension data:

• View your data: Open the Extension dashboard at any time
• Export your data: Use the "Export" button to download a JSON file
• Delete your data: Click "Clear History" in the popup, or uninstall the Extension
• There is no data on our servers to request deletion of

For Website account data (if you signed in via Replit), you may request access to, correction of, or deletion of your personal data by contacting us at the email below.

For users in the European Economic Area (GDPR): The Chrome Extension does not collect or process any personal data. For the Website, when you sign in, we process your profile data (name, email) under the legal basis of contract performance (providing the service you requested). You have the right to access, rectify, erase, restrict processing of, and port your personal data. To exercise these rights, contact us at the email below.

For California residents (CCPA): We do not sell your personal information. The Extension collects no personal information. The Website collects only the authentication data described in Section 7.2, used solely to provide the service. You have the right to know what data we hold, request its deletion, and opt out of any sale (though we do not sell data).

The Extension is built with zero third-party dependencies and zero minification. Every line of JavaScript is human-readable and auditable. We encourage security researchers to review the source code. If you find a security issue, please contact us at the address below.

If you have questions about this privacy policy or the Extension's data practices, you can reach us at:

Email: [email protected]

Website: contextstellar.com