Privacy Policy

Last updated: 2026-06-11

This Privacy Policy explains what information ContextFetch ("we", "us", "our") collects, how we use it, who we share it with, and the choices you have. It applies to the ContextFetch browser extension and the web application at contextfetch.io. If you do not agree with this policy, please do not use the Service.

1. What ContextFetch does (single purpose)

ContextFetch has one purpose: when you are on a company's website and choose to run a briefing, it produces a short, structured summary of that company to help you with sales, recruiting, or investment research. ContextFetch only acts when you ask it to. It does not run in the background and does not monitor your browsing.

2. Information we collect

We collect only what is needed to provide the Service:

Account information. Your email address, a securely hashed password (we never store your password in plain text), an optional display name, and timestamps such as account creation and last sign-in.
Google sign-in information (only if you choose Google sign-in). If you sign in with Google, we receive your Google account identifier, email address, name, and profile picture. We never receive or store your Google password.
Page content you choose to analyze. When you are on a website and click ContextFetch to request a briefing, the extension reads the content of the page you are actively viewing - its text, web address (URL), and page title - and securely sends them to our servers so we can generate your briefing. Because the companies you research can be on any website, the extension is able to read the current page on any site you choose to brief; however, it reads a page only at the moment you request a briefing for it, only for the tab you have active, never in the background, and never on pages you do not brief.
Briefings and related metadata. The briefing we generate, the page URL and domain it was generated for, the AI model used, how long generation took, and approximate token counts. These are saved to your account so you can revisit them in your history.
Usage and security data. Counts of briefings toward your daily quota, and IP addresses. We record the IP address of sign-in attempts and of briefing requests (both the public demo tool and the extension) to rate-limit abuse, protect accounts, and understand the approximate geography (country/region) our traffic comes from. IP addresses are personal data; we retain them for these operational and analytics purposes and do not sell them or use them for advertising.
Website analytics. We use Google Analytics to understand how our website and app are used in aggregate - for example which pages are visited, approximate location (country/region, derived from IP), and device or browser type. This helps us improve the Service. We use it for aggregate measurement only; we do not use it to identify you personally, and we do not use it for advertising or to build cross-site profiles. Google processes this data as a service provider on our behalf (see section 6). See section 10 for the cookies this sets.

3. Information we do NOT collect

ContextFetch does not run in the background and does not read or transmit any page unless you actively request a briefing on it.
ContextFetch is designed to analyze the public, descriptive content of company web pages. We do not seek out or use passwords, payment card details, or form inputs, and you should not run a briefing on a page showing your private account information.
We do not sell, rent, or trade your personal information or your submitted page content.
We do not use advertising networks, and we do not use cookies or your data for advertising or to build cross-site advertising profiles. We do use privacy-respecting analytics cookies (Google Analytics) purely to measure aggregate usage - see sections 6 and 10.

4. How we use information

To generate briefings on demand and return them to you.
To create and secure your account, keep you signed in, rotate session tokens, and rate-limit abuse.
To operate, maintain, debug, and improve the quality and reliability of the Service.
To measure aggregate, anonymous usage of our website and app (via Google Analytics) so we can understand what is useful and improve it.
To send transactional email such as account verification, password reset, and important security notices. We do not send marketing email unless you opt in.

5. Google user data and Limited Use

If you sign in with Google, ContextFetch requests only the openid, email, and profile scopes. We use the resulting Google account information solely to create and authenticate your ContextFetch account and to show your name and email in the app.

ContextFetch's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we do not sell Google user data, we do not use it for advertising, we do not transfer it except as needed to provide or improve user-facing features (or as required for security or law), and we do not allow humans to read it except with your consent, for security, or to comply with the law.

6. Service providers we use

We share information only with the providers needed to run the Service, and only for that purpose:

AI model provider(s) (currently Google Gemini, with Groq as a fallback). To generate a briefing, the page content you submit is sent to the model provider solely to produce your briefing. We do not include your account details (such as your email) in what we send. Their processing is governed by their own API terms.
Public news sources. We query publicly available news feeds for recent headlines about the company's domain to enrich your briefing.
Email provider. A third-party email service is used to send transactional email.
Payment processing (Paddle). When you buy a paid subscription, the checkout and payment are handled by Paddle.com Market Ltd ("Paddle"), our Merchant of Record. Paddle collects the information needed to take payment, charge the correct tax, and prevent fraud - such as your name, billing address/country, email address, and payment method details - and processes it under Paddle's Privacy Policy. We receive only limited billing and subscription details back from Paddle (for example your plan, billing country, and the card brand and last four digits); we never receive or store your full card number.
Google OAuth. Used only if you choose to sign in with Google.
Google Analytics. We use Google Analytics 4 to measure aggregate usage of our website and app. It sets first-party cookies and may process your IP address and device/browser information to produce anonymous, aggregate statistics. We do not use Google Analytics for advertising or ad personalization. Google processes this data on our behalf; its handling is governed by the Google Privacy Policy, and you can learn how Google uses data from sites that use its services at policies.google.com/technologies/partner-sites.
Cloudflare Turnstile. On our public "company research" demo tool we use Cloudflare Turnstile, a privacy-respecting bot check, to stop automated abuse before any briefing is generated. It runs in invisible mode and may process your IP address and a challenge token for that purpose. Turnstile does not track you across sites for advertising. Your interaction with Turnstile is also governed by Cloudflare's Turnstile Privacy Addendum.
Google reCAPTCHA. On our public "Contact" form we use Google reCAPTCHA v3 to tell humans and bots apart and stop automated spam. It runs invisibly and may collect hardware and software information (such as device and application data, and your IP address) and send it to Google for analysis. Your use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Service.
Page fetching for the demo tool. When you submit a URL to our public demo tool, our servers fetch that publicly accessible page (the same way a browser would) so we can generate a briefing for it. We fetch only the URL you submit, only when you submit it.
Hosting and infrastructure. Our servers and database, used to operate the Service and store your account and briefings securely. This includes a separate page-rendering service used to read pages for signed-in users when a site requires it.

We do not transfer your information to third parties for their own independent use, and we never sell it.

7. Data retention and deletion

We keep your account information and briefings for as long as your account is active. Expired or revoked session tokens are purged automatically. You may delete your account and all associated data at any time by emailing support@contextfetch.io from your account email. Deletion is permanent and irreversible, and removes your account information and stored briefings.

8. Data security

All traffic between the extension, the web app, and our servers is encrypted with HTTPS.
Passwords are stored only as salted BCrypt hashes - we never see or store the plain text.
Session tokens are stored as one-way hashes on our servers; access tokens are short-lived.
Access to our database requires authenticated, restricted connectivity, and backups are encrypted at rest.

9. Permissions the extension requests, and why

We request only what the single purpose above needs. Chrome discloses the page-access permission when you install the extension, and it is never used silently - the extension reads a page only at the moment you click "Brief this company":

Access to the page you choose to brief (host access). Lets the extension read the content of the website you are actively viewing when you click "Brief this company." Because the companies you research can be on any domain, this access covers websites generally - but it is exercised only on your explicit action, only for the active tab, and never in the background. Chrome shows this access in the install dialog when you add the extension; you remain in control and can remove the extension at any time.
Scripting - to read the current page's content once, at the moment you request a briefing. We do not register any always-on or background content script.
Tabs - to identify the active tab you are briefing.
Storage - to keep you signed in on your device.
Identity - only if you choose Google sign-in.
Side panel - to display your briefing alongside the page.
Connection to contextfetch.io - to send your request to our servers and return the briefing.

10. Cookies

The web dashboard uses two HttpOnly cookies (cf_access, cf_refresh) solely to keep you signed in. They contain session tokens only. The public demo tool sets one additional HttpOnly cookie (cf_demo) containing a random identifier, used only to count your free demo lookups and prevent abuse - it carries no personal data and is not used for advertising. We also use Google Analytics, which sets first-party analytics cookies (such as _ga and _ga_<id>) to measure aggregate usage; these are used for analytics only, never for advertising. We use no advertising cookies. Cloudflare Turnstile may set its own functional cookie on the demo page strictly for bot protection. Google reCAPTCHA may set its own cookie on our Contact page strictly for bot protection. You can block or delete cookies in your browser settings; analytics cookies are not required to use the Service.

11. Children

ContextFetch is intended for professional, business-to-business use and is not directed to children under 16. We do not knowingly collect information from children.

12. Your rights

Depending on where you live (for example under GDPR, UK GDPR, or CCPA/CPRA), you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, contact support@contextfetch.io. We will respond within the period required by applicable law (generally within 30 days).

13. International data transfers

We and our service providers may process information in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

14. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page and, where appropriate, by email. The "Last updated" date above reflects the latest version. Continued use of the Service after a change constitutes acceptance of the updated policy.

15. Contact

Questions or privacy requests: support@contextfetch.io.