Privacy Policy

Last updated: April 9, 2026

Our Core Principle

UNIHODL is local-first by default. Your browsing data, session captures, scroll positions, video timestamps, and AI-generated context tags are stored on your device. We do not have access to this data. We cannot read it. We do not sell it.

What We Collect

Data stored locally on your device (we never see this):

  • URLs and page titles of captured sessions
  • Scroll positions, video timestamps, reading anchors
  • AI-generated intent tags and context summaries
  • Tab groups and session metadata

Data we collect (Pro & Team accounts only):

  • Email address (for authentication and billing)
  • Payment information (processed by Stripe — we never see your card number)
  • Anonymized usage analytics (features used, session count — not content)

Cross-device sync (Pro & Team only, opt-in):

If you enable cross-device sync, your session data is encrypted end-to-end before leaving your device. We store the encrypted blob but cannot decrypt it. Only your devices hold the key.

AI Processing

All AI processing (intent detection, context tagging, semantic search) runs on your deviceusing local models. Your browsing data is never sent to external AI services. When you choose to "Feed context to ChatGPT/Claude," you are explicitly copying your own data to a third-party service — we facilitate this but do not intermediate or store that interaction.

Shared Sessions

When you share a session link, the session data is encrypted and stored on our servers for delivery to the recipient. Shared session data is automatically deleted 30 days after creation or when you manually revoke the link. We do not analyze shared session content.

Third-Party Services

  • Stripe — Payment processing (Pro & Team plans)
  • Vercel — Website hosting
  • PostHog — Anonymized product analytics (no personal data, no browsing content)

Data Retention & Deletion

Local data: You control it entirely. Delete from the extension at any time.

Account data: We retain your email and billing records for as long as your account exists. Request deletion at privacy@unihodl.app and we will delete all account data within 30 days.

GDPR & CCPA

You have the right to access, correct, export, or delete your personal data at any time. Since most data lives on your device, you already have full control. For server-side data (account info, shared sessions), email privacy@unihodl.app.

Children

UNIHODL is not intended for use by anyone under 13 years of age. We do not knowingly collect data from children.

Changes

We will notify you of material changes via email or an in-app notice at least 30 days before they take effect.

Contact

Questions? Email us at privacy@unihodl.app.