Security and Privacy
Your memory.
Your data.
Conxt captures your most sensitive professional context. We take that responsibility seriously. This page explains exactly how your data is protected, who can access it, and what we can and cannot see.
Encrypted in transit and at restYou own your dataNever sold or used to train AILeast privilege access controls
What Conxt can and cannot see
This is the most important question for any memory product. Here is a precise answer.
What we can see
+Structured memory records — decisions, preferences, entities, and coding rules you have captured
+Your account email and authentication metadata
+Usage metrics — number of sessions captured, memory count
+Raw session text — temporarily, for up to 30 days, before it is permanently purged
What we cannot see
-Your full AI conversations — the extension sends only the conversation text, not your browser activity
-Any data from websites other than Claude, ChatGPT, Gemini, and Copilot
-Your passwords, financial information, or personal identifiers
-Memories you have archived or deleted
Least privilege access: Conxt engineering team access to production memory records requires explicit approval and is recorded in a permanent audit log. No team member has default read access to your memory data.
How your data flows
Every piece of data Conxt touches follows this exact path.
CaptureOn your device
The Chrome extension reads your AI conversation locally in your browser. Sensitive patterns — API keys, passwords, credit card numbers — are flagged for redaction before any data leaves your device.
Redaction scanTLS encrypted
Session text is sent over TLS to the Conxt engine. A redaction layer runs before extraction. If secrets are detected, the session is blocked entirely and logged as a redaction event. Nothing sensitive is stored.
ExtractionRedacted text only
Redacted conversation text is sent to Claude via the Anthropic API for structured memory extraction. Only the redacted text is sent. Anthropic's zero data retention API policy applies to all requests.
StorageAES-256 at rest
Extracted memory records are stored in Supabase on AWS. All data is encrypted at rest using AES-256. Row-level security policies ensure your memories are accessible only to your authenticated account.
5
PurgeWithin 30 days
Raw session text used for extraction is permanently purged within 30 days. Only the structured memory records persist. You can delete individual records or your entire account at any time.
Infrastructure and security
DatabaseSupabase (PostgreSQL) on AWS us-east-1
Encryption in transitTLS 1.2 and above on all connections
Encryption at restAES-256 on all stored data
AuthenticationSupabase Auth with JWT — no passwords stored by Conxt
Row-level securityEnabled on all tables — queries scoped to authenticated user
BackendRailway — isolated containers per service
FrontendVercel — serverless, no persistent compute
AI extraction modelAnthropic Claude via API — zero data retention policy
EmbeddingsOpenAI text-embedding-3-small — input text only, not stored
Chrome extensionManifest V3, minimal permissions — storage and alarms only
Raw session retentionMaximum 30 days, then permanently deleted
Data residency
All Conxt data is currently stored in AWS us-east-1 (Virginia, United States). We are building regional data residency options for enterprise customers.
United States
AWS us-east-1
Available nowEuropean Union
AWS eu-central-1
Q3 2026Asia Pacific
AWS ap-southeast-1
Q4 2026Enterprise customers can request a dedicated deployment in their preferred region. Contact us at hello@conxt.dev to discuss data residency requirements.
Encryption roadmap
We are progressively moving toward a zero-knowledge architecture where Conxt cannot read your memory data even if we wanted to. Here is the roadmap.
Encryption at restLive
All data stored in Supabase is encrypted at rest using AES-256. This protects your data from storage-level breaches.
Encryption in transitLive
All communication between your browser, the extension, and the Conxt engine uses TLS 1.2 or higher.
Least privilege access controlsLive
Internal team access to memory records requires explicit approval and is logged in a permanent, tamper-resistant audit log. No team member has default read access.
Client-side encryption for enterpriseQ3 2026
Enterprise customers will be able to enable client-side encryption. Memories are encrypted in the browser before leaving your device. Conxt stores only ciphertext — we cannot read your memories even with database access.
Customer-managed encryption keysQ4 2026
Enterprise customers can bring their own encryption keys hosted in AWS KMS or Azure Key Vault. Revoking your key immediately makes all stored memories unreadable.
Zero-knowledge architecture for all tiers2027
Full zero-knowledge architecture available across all plans. All memories encrypted client-side by default. Conxt operates as a pure infrastructure layer with no ability to read user data.
Your data rights
You have full control over your data at all times.
+Export — Download your complete memory graph as structured JSON at any time from the dashboard. No waiting, no request required.
+Delete records — Delete individual memory records instantly from the dashboard. Changes take effect immediately.
+Delete account — Delete your account and all associated data is permanently removed within 30 days. No data is retained after deletion.
+Edit — Edit or correct any memory record directly from the dashboard. You decide what your graph contains.
+Revoke capture — Uninstall the Chrome extension at any time to stop all new capture. Your existing memories are preserved until you choose to delete them.
+Portability — Your memory graph exports as standard JSON. Take it wherever you want.
How to delete your data
You can delete your data at any level — individual records, all memories, or your entire account.
Delete a single memory
1Go to conxt.dev/dashboard
2Find the memory record you want to remove
3Click the record to expand it
4Click Delete — the record is removed immediately
Export then delete all memories
1Go to conxt.dev/dashboard
2Click Export JSON in the top bar to download a copy of your data
3Contact hello@conxt.dev with subject line "Delete all memories"
4We will permanently delete all memory records within 48 hours and confirm by email
Delete your account
1Contact hello@conxt.dev with subject line "Delete my account"
2Include the email address associated with your account
3We will permanently delete your account and all associated data within 30 days
4You will receive email confirmation when deletion is complete
We respond to all deletion requests within 48 hours. For GDPR or CCPA requests, contact hello@conxt.dev and we will process your request within the legally required timeframe.
What we will never do
-Sell your data to third parties
-Use your memories to train AI models
-Share your memory graph with advertisers or analytics companies
-Access your memories without explicit approval and an audit log entry
-Retain raw conversation text beyond 30 days
-Capture data from any website other than Claude, ChatGPT, Gemini, and Copilot
-Store passwords, financial data, or personal identifiers
Enterprise data controls
Enterprise customers receive additional data controls and compliance support.
+Tenant isolation — Dedicated database schema per enterprise customer. Your team's memories are physically separated from other customers.
+SSO and SAML — Integrate with your existing identity provider. Automatic deprovisioning when employees leave.
+Audit trail — Complete log of every memory capture, edit, deletion, and access event. Exportable for compliance.
+Data residency — Choose your database region. EU and APAC options available in Q3 2026.
+Admin controls — IT administrators can manage team members, set capture policies, and revoke access centrally.
+Custom retention — Configure your own data retention policies. Set automatic purge schedules per memory type.
+Client-side encryption — Memories encrypted in the browser before leaving your device. Available Q3 2026.
Enterprise security review
We will complete your security questionnaire and provide documentation for procurement.
Model agnostic by design
Conxt is infrastructure for AI memory — not tied to any single AI vendor or platform.
+Captures from Claude, ChatGPT, Gemini, and Copilot equally
+Injects into Cursor, Claude Desktop, Windsurf, VS Code, and any MCP-compatible tool
+Extraction model is configurable — enterprise customers can use their own Azure OpenAI or local model deployment
+Memory graph is portable — export as JSON and use with any system
+No vendor lock-in — your memories belong to you, not to any AI platform
Questions about data privacy?
We respond to all privacy and security questions within 24 hours.