Privacy Policy

How Contextualogy handles information in its browser extension, Live captions, trial, website, and payment flow.

Effective and last updated: July 17, 2026

Operator: Martin Zanazzo, an independent developer based in Córdoba, Argentina.
Privacy contact: contextualogy@gmail.com

1. The short version

  • Contextualogy does not sell or rent personal information and does not use it for advertising, cross-site tracking, credit scoring, or data-broker activity.
  • A normal lookup sends selected text, limited sentence context, language settings, and the selected model to Groq or another AI endpoint you configure.
  • PDF reading and image OCR run locally. OCR briefly captures the entire visible tab before locally cropping the selected region.
  • Live starts only after you press Start and accept the audio notice. Active-tab audio goes directly to Soniox for realtime transcription and translation.
  • The free trial uses Google Identity Services, Cloudflare Turnstile, and pseudonymous identifiers to limit repeat and automated claims.
  • Paddle operates paid checkout. Contextualogy does not receive complete card or bank-account details.
  • Cloudflare necessarily processes network information such as IP addresses when serving the site and API.

2. Scope and roles

This policy applies to the Contextualogy browser extension, Contextualogy Live website, and backend. It does not replace the policies of Groq, Soniox, Google, Cloudflare, Paddle, a custom provider you choose, a website you visit, or your browser and device.

For records held in the Contextualogy Worker and D1 database, Martin Zanazzo determines the purposes described here. Providers may act as processors, independent controllers, or both under their own terms. Paddle acts as merchant of record for checkout and payment data.

3. Information handled on your device

Groq and custom-provider credentials

Your Groq API key is stored in chrome.storage.sync and used to authenticate lookups you initiate. Chrome may sync it and other synchronized settings to your Google Account and other signed-in Chrome profiles. Browser extension storage is not a password vault. Use a dedicated key with a reasonable spending limit and revoke it if a device, profile, or key may be compromised.

If you configure a custom API base URL, your credential and lookup content go to that endpoint. Use only an HTTPS provider you trust.

Preferences and entitlement credentials

Settings such as app language, target language, OCR language, result mode, provider URL, and model are stored in extension storage. Live settings, an installation-bound paid token, an opaque trial token, random paid/trial installation identifiers, and your audio-consent choice are stored in chrome.storage.local. A paid activation code is cleared after a successful exchange. Anyone with access to that browser profile may be able to use stored bearer credentials, although the Worker also verifies the bound installation identifier.

Position information

Dragged definition-bubble coordinates are stored locally and keyed by website origin. That local map can reveal sites where you moved the bubble, but Contextualogy does not upload it. The Live subtitle overlay stores only its last {left, top} coordinates under contextualogySubsPos in the current site’s localStorage; site scripts may see that key, but it contains no captions.

Uninstalling or clearing extension/site storage removes local information but does not automatically delete backend or provider records. Clearing ordinary history may not clear extension storage or Chrome Sync.

4. Text lookups and AI results

When you request a meaning or translation, Contextualogy sends the configured provider:

  • the selected word or phrase, capped at approximately 600 characters;
  • surrounding sentence context, capped at approximately 400 characters;
  • a page-language hint, when available;
  • target language and selected model; and
  • instructions needed to produce the requested result.

It does not intentionally send the complete page, URL, cookies, browsing history, or unrelated form fields in a normal lookup. Selected or nearby text can nevertheless contain sensitive information. Review it before sending.

Contextualogy does not store normal lookup prompts or results on its own backend. The configured provider receives them under its policy. The result bubble uses an open Shadow DOM attached to the current page, so scripts on that page may technically inspect displayed result text. AI output may be incomplete, inaccurate, biased, or unsafe and should not be treated as professional advice.

5. PDFs and image OCR

PDF reader

PDFs opened in Contextualogy are read and rendered locally using bundled PDF.js code. The PDF reader does not upload the PDF to Contextualogy. Selecting PDF text for a normal AI lookup sends the limited content described above.

Image OCR

Starting OCR causes Chrome to capture a PNG of the entire visible area of the active tab. The extension then crops the chosen area locally and recognizes text using bundled Tesseract.js code. The screenshot, crop, and recognized text pass between extension components in memory. The most recent screenshot can remain in offscreen-document memory so OCR can be rerun with another language; it is replaced by a later capture and disappears when that context is destroyed or the browser session ends.

The OCR feature does not upload the screenshot or recognized text. Do not capture passwords, private messages, payment details, health information, or similarly sensitive screen content unless you accept this temporary local capture.

6. Contextualogy Live audio and captions

Live does not start automatically. After an affirmative checkbox and Start, the extension captures active-tab audio, converts it to mono 16 kHz audio, sends it directly to Soniox over an encrypted WebSocket, receives realtime tokens, and displays translated captions.

Raw audio does not pass through or get stored by the Contextualogy Worker. The Worker validates entitlement, debits a short usage window, and requests a temporary single-use Soniox credential with a capped session duration. The extension then connects directly to Soniox.

Captions are not intentionally persisted. They exist temporarily in extension memory and page subtitle elements and are cleared after idle time or when the session ends. Because those elements are inserted into the page DOM, page scripts may technically observe their text.

Soniox receives audio, translation settings, a temporary credential, and usage metadata. For reconciliation, Soniox receives only a random opaque grant reference, not the activation code, installation token, Google-account pseudonym, or Contextualogy entitlement identifier.

Other people’s voices

Tab audio may contain other people’s voices and personal information. You are responsible for any notice, consent, authorization, contract, school/workplace rule, platform rule, or recording law that applies. Contextualogy cannot determine whether you are legally permitted to process a call, class, stream, meeting, private video, confidential communication, or protected content.

7. Free-trial identity and abuse prevention

The cardless Live trial provides 30 minutes and expires seven days after claim. Eligibility is limited, verified, and protected against repeat or automated claims. Google returns a signed ID token; the Worker verifies its signature, issuer, audience, nonce, timestamps, and stable account identifier. Cloudflare Turnstile evaluates browser and network signals.

Contextualogy does not intentionally store the Google ID token, email, name, profile picture, or raw Google account identifier. It stores:

  • an HMAC pseudonym derived from Google’s stable account identifier;
  • a hash of the opaque trial token;
  • remaining seconds, status, and timestamps;
  • a hash of a random installation identifier; and
  • a keyed hash of a coarse IP prefix used for velocity limits.

The account pseudonym prevents repeated claims even after reinstalling. Automated rules may deny or delay a claim based on account, installation, network, frequency, or integrity signals. Contact support if you believe a denial is mistaken.

8. Purchases, subscriptions, and licenses

Paddle collects checkout identity, contact, payment, billing, tax, device, and fraud-prevention information under its own notices. Complete card, bank-account, and wallet credentials are entered into Paddle, not Contextualogy.

Paddle webhooks and subscription reconciliation may provide Contextualogy with product/price and quantity, billing period, status, collection mode, customer/subscription/transaction/adjustment identifiers, currency and total, timestamps, and refund or chargeback status. Paddle collects the buyer’s email, but the normal Contextualogy webhook flow does not copy it into the Live database.

Contextualogy stores an internal entitlement identifier; an HMAC of the customer-facing activation code; the code encrypted until one-time delivery; plan, allowance, usage and billing-period timestamps; status and Paddle references; a pseudonymous Google-account identifier after activation; and hashes of installation tokens and identifiers. A pre-checkout record stores an opaque intent, a hash of the browser-held delivery secret, expected price/plan, and expiry/consumption timestamps.

If you submit a purchase-withdrawal or renewal-cancellation request, Contextualogy stores the contact email you provide, an optional Paddle transaction or receipt reference, optional request details, a case reference, status, and timestamps. This information is used to identify the purchase, review and respond to the request, coordinate with Paddle, and keep necessary legal, accounting, fraud-prevention, and dispute records.

9. Website, Worker, and operational logs

Cloudflare provides hosting, D1, security, Turnstile, and observability. Requests necessarily expose network and request metadata such as IP address, approximate network-derived location, user agent, method, hostname, path, timestamps, status, and performance/security signals to Cloudflare and the Worker.

The application stores only a keyed hash of a normalized IP prefix for trial controls, not the raw IP. Cloudflare may still process raw IP information at the network/platform layer. Operational logs may contain route and response metadata, Paddle event references, and bounded provider error text. Contextualogy does not intentionally log raw Live audio, captions, Google ID tokens, full API keys, payment credentials, activation codes, installation tokens, or trial bearer tokens.

Contextualogy does not set advertising cookies. Google Identity Services, Turnstile, Paddle, and your browser may use cookies or equivalent storage under their own rules.

10. Purposes, legal bases, and providers

Information is handled to perform requested lookups, OCR/PDF and Live features; provide trials, licenses, checkout support, and subscriptions; secure the service; prevent fraud and trial abuse; troubleshoot; meet legal obligations; and establish or defend legal claims. Where a legal basis is required, the basis may be contract, steps requested before a contract, consent, legitimate interests, or legal obligation, depending on the activity and jurisdiction.

Relevant providers include:

  • Groq or a custom AI endpoint you choose for lookup content and credentials. Groq states that inference content is not retained by default but may be kept up to 30 days for reliability or abuse review unless Zero Data Retention is enabled; usage metadata is retained.
  • Soniox for realtime audio processing, settings, temporary credentials, entitlement reference, and usage metadata. Soniox states realtime audio/transcript content is not retained or used for model training, while diagnostic and usage metadata is logged.
  • Google for trial identity and optional Chrome Sync.
  • Cloudflare for hosting, D1, network security, Turnstile, and logs.
  • Paddle for merchant-of-record checkout, payment, tax, subscriptions, fraud prevention, receipts, and buyer support.

Bundled PDF.js and Tesseract.js run locally rather than as hosted document/OCR services. Information may also be disclosed when reasonably necessary for valid legal process, safety, fraud/abuse investigation, or legal claims. A business transfer will follow applicable law and Chrome Web Store consent requirements.

11. What Contextualogy does not do

  • No sale or rental of personal information.
  • No cross-context behavioral advertising, personalized advertising, data-broker activity, or creditworthiness decisions.
  • No intentional collection of precise geolocation or complete payment credentials.
  • No Contextualogy-backend storage of normal lookup content, raw Live audio, or Live captions.
  • No training of Contextualogy-owned AI models on user text or audio.
  • No routine human review of selected text, audio, or captions.

Limited authorized human access to backend records and logs may occur for support, service operation, security, fraud investigation, legal compliance, or claims.

12. Retention

  • Browser data: until cleared, Chrome Sync is reset where relevant, or the extension is uninstalled. Site coordinates remain until site storage is cleared.
  • PDF/OCR: browser memory only as described above.
  • Normal lookups: not stored by Contextualogy’s backend; provider retention applies.
  • Live content: not stored by the Worker; Soniox’s current realtime policy applies.
  • Trial account pseudonym: for the lifetime of the trial program to prevent reset/reinstall abuse, subject to applicable rights and exceptions.
  • Trial token and installation hashes: while needed to operate and secure the trial.
  • Trial-attempt IP-prefix hashes: application records older than 30 days are deleted during claim maintenance.
  • Paid-entitlement and installation records: during the subscription and afterward for restoration, revocation, support, disputes, fraud, accounting, law, and claims. There is currently no automatic time-based deletion job for core entitlement records; eligible records can be reviewed after a verified request.
  • Temporary activation, Live-grant, and checkout records: expired activation flows are deleted; encrypted temporary Soniox grants are deleted after approximately 24 hours; expired checkout-intent records are deleted after an additional short operational window, currently no more than about eight days.
  • Paddle webhook data: the processed event payload is removed, while minimum event, transaction, adjustment, and subscription-ledger metadata may remain for service, disputes, accounting, security, and audit purposes.
  • Workers Logs: no longer than Cloudflare’s current platform maximum of seven days.
  • Support emails: while needed for the request and reasonable follow-up, security, disputes, or law.
  • Consumer-request records: while the request is pending and afterward only as reasonably necessary for transaction administration, accounting, fraud prevention, legal obligations, or claims. Eligible data is deleted or anonymized when those purposes no longer require it.

Minimum records may remain in backups or be retained to document deletion, prevent fraud, obey law, or handle claims.

13. International processing and security

Information may be processed in Argentina, the United States, the European Economic Area, and other places where providers operate. Applicable safeguards may include adequacy decisions, contractual terms, consent, necessity, or another lawful mechanism.

Contextualogy uses HTTPS/WSS, Worker-held service secrets, temporary single-use Soniox credentials, HMAC/SHA-256 pseudonyms, server-side metering, origin/redirect checks, and platform access controls. No browser extension, cloud service, encryption, or storage system can guarantee perfect security. Risks include compromised devices/accounts, malicious extensions or page scripts, provider incidents, defects, user error, and lawful government access.

If Contextualogy learns of a breach affecting information for which it is responsible, it will investigate, mitigate, and notify where legally required.

14. Your choices and rights

Depending on applicable law, you may request access, correction, deletion, portability, restriction, objection, withdrawal of future consent, or information about processing; complain to a regulator; and exercise rights without unlawful discrimination.

Email contextualogy@gmail.com with subject “Privacy Request” and identify the feature involved. Verification may be required. Never email a complete API key, trial token, payment-card number, government ID, or password.

Rights may be limited where records cannot reasonably be linked to you, deletion would impair security/fraud prevention, another person’s rights are involved, or retention is permitted or required. Argentina residents may consult the Agencia de Acceso a la Información Pública. California residents may consult the California Attorney General. EEA/UK residents may complain to their local supervisory authority.

15. Children

Contextualogy is a general-audience language tool, is not directed to children under 13, and does not knowingly collect their personal information. A higher local minimum age or parental authorization requirement still applies. Contact us if a child provided information improperly.

16. Chrome Web Store Limited Use

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Contextualogy uses browser permissions and website content only to provide or secure its disclosed language, OCR, PDF, trial, payment, and Live-caption features, not for advertising or data-broker purposes. See the Chrome Web Store User Data Policy.

17. Changes and contact

This policy may change with features, providers, laws, or practices. The date will be updated and additional notice or consent provided where required for a material expansion.

Martin Zanazzo
Córdoba, Argentina
contextualogy@gmail.com

This policy describes current practices and does not limit rights under applicable law.