Privacy Policy

This policy applies to the "Unibase Memory" Chrome extension (the "Extension") published by Unibase. It does not cover third-party websites you visit (such as ChatGPT or Claude), which are governed by their own policies.

Stored locally on your device (always)

• Conversation content — the text of the ChatGPT and Claude chats you view or import, read from the page as it is rendered, plus titles and timestamps.
• Your organization data — tags, stars, highlights, saved snippets, and settings.

This data is stored in your browser's local storage (IndexedDB and chrome.storage.local) on your own device. By default it is never transmitted anywhere.

Account & encryption material (only if you sign in)

• Email address — if you sign in with Google, X, or email via our authentication provider, your email may be stored locally to show which account is active.
• Wallet address — the public address of the wallet used to derive your encryption key.
• Wallet signature— a one-time signature over a fixed, app-specific message. It is hashed on your device into an encryption key. The signature is cached locally so you don't have to sign again on every use. It is not a session token and cannot be used to act as your wallet elsewhere.

Sync is off by default. If you turn it on:

• Your conversations are encrypted on your device (Fernet: AES-128-CBC + HMAC-SHA256) using a key derived from your wallet signature.
• Only the resulting ciphertext is uploaded to Membase, Unibase's decentralized storage layer, stored under your own wallet address.
• The encryption key never leaves your browser. There is no key escrow and no copy of your key on any server. Membase and the Unibase Explorer only ever see encrypted blobs — never your plaintext conversations.
• Signing in with the same identity on another device re-derives the same key, so your data decrypts locally there. Same wallet, same key, your data.

You may optionally enable AI tag suggestions. The model runs entirely locally inside your browser. On first use, the extension downloads the model weights (data files) from Hugging Face and caches them in the browser. Your conversation text is never sent to any server for tagging — all inference happens on your device.

• Privy — handles sign-in (Google / X / email / wallet) and wallet provisioning. Subject to Privy's privacy policy.
• Membase / Unibase — decentralized storage that holds your end-to-end-encrypted backups (ciphertext only). Encrypted entries can be viewed by you on the Unibase Explorer.
• Hugging Face — serves the on-device AI model weights (data files) when you enable AI tagging. No conversation content is sent there.

Encrypted backups already uploaded to Membase remain associated with your wallet address until removed; because they are decentralized-storage entries, contact us if you need help managing them.

Unibase Memory is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

We may update this policy as the extension evolves. Material changes will be reflected here with a new "Last updated" date at https://www.unibase.com/memory/privacy.

Questions about this policy or your data? Contact us at support@unibase.com or visit www.unibase.com.