Privacy Policy

This policy applies to the "Unibase Memory" Chrome extension (the "Extension") published by Unibase. It does not cover third-party websites you visit (such as ChatGPT or Claude), which are governed by their own policies.

Stored locally on your device (always)

• Conversation content — the text of the ChatGPT and Claude chats you view or import, read from the page as it is rendered, plus titles and timestamps.
• Your organization data — tags, stars, highlights, saved snippets, and settings.

This data is stored in your browser's local storage (IndexedDB and chrome.storage.local) on your own device. By default it is never transmitted anywhere.

Account & encryption material (only if you sign in)

• Email address — if you sign in with Google, X, or email via our authentication provider, your email may be stored locally to show which account is active.
• Wallet address — the public address of the wallet used to derive your encryption key.
• Wallet signature— a one-time signature over a fixed, app-specific message. It is hashed on your device into an encryption key. The signature is cached locally so you don't have to sign again on every use. It is not a session token and cannot be used to act as your wallet elsewhere.

Sync is off by default. If you turn it on:

• Your conversations are encrypted on your device (Fernet: AES-128-CBC + HMAC-SHA256) using a key derived from your wallet signature.
• Only the resulting ciphertext is uploaded to Membase, Unibase's decentralized storage layer, stored under your own wallet address.
• The encryption key never leaves your browser. There is no key escrow and no copy of your key on any server. Membase and the Unibase Explorer only ever see encrypted blobs — never your plaintext conversations.
• Signing in with the same identity on another device re-derives the same key, so your data decrypts locally there. Same wallet, same key, your data.

You may optionally enable AI tag suggestions. The model runs entirely locally inside your browser. On first use, the extension downloads the model weights (data files) from Hugging Face and caches them in the browser. Your conversation text is never sent to any server for tagging — all inference happens on your device.

To understand how the Extension is used and improve it, we collect a limited amount of anonymous product-usage data through Google Analytics 4 (sent directly to Google's Measurement Protocol endpoint; no third-party tracking scripts are loaded).

What we collect

• Feature-usage events — for example, that the side panel was opened, a sync ran, or sign-in completed, along with basic session information (session start/duration).
• A random installation identifier — a per-install UUID generated on your device to distinguish sessions and approximate active-user counts. It is not your name, email, or wallet address.
• Google may additionally process standard technical data such as approximate location (derived from IP address) and device/browser type, per Google Analytics' own handling.

What we do NOT collect through analytics

• We never send your conversation content, titles, tags, highlights, email, wallet address, wallet signature, or any backup data to analytics.
• Analytics events describe that a feature was used, never what was in your conversations.

This usage data is used solely to measure adoption and improve the Extension. See Google's Analytics privacy information for how Google processes it.

• Privy — handles sign-in (Google / X / email / wallet) and wallet provisioning. Subject to Privy's privacy policy.
• Membase / Unibase — decentralized storage that holds your end-to-end-encrypted backups (ciphertext only). Encrypted entries can be viewed by you on the Unibase Explorer.
• Hugging Face — serves the on-device AI model weights (data files) when you enable AI tagging. No conversation content is sent there.
• Google Analytics — receives the anonymous product-usage events described in Section 5. No conversation content or account identifiers are sent.

Encrypted backups already uploaded to Membase remain associated with your wallet address until removed; because they are decentralized-storage entries, contact us if you need help managing them.

Unibase Memory is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

We may update this policy as the extension evolves. Material changes will be reflected here with a new "Last updated" date at https://www.unibase.com/memory/privacy.

Questions about this policy or your data? Contact us at support@unibase.com or visit www.unibase.com.