Last updated May 31, 2026

Privacy Policy

CrystalBox is designed to give you control over the personal context you use with AI services. This policy explains what the CrystalBox website and browser extension store, transmit, and process.

1. Scope

This policy applies to the CrystalBox website, browser extension, account features, waitlist forms, and optional cloud synchronization services.

2. Memory data and your storage mode

Local Only: Memory Tree structure, Memory Card text, links, lock settings, and local preferences remain in your browser storage. CrystalBox does not upload this memory data to our cloud service.

Selective Sync: Your Memory Tree structure is synchronized. Memory Card content remains local unless you explicitly select that card for cloud storage.

Cloud First: Your Memory Tree and Memory Card content are synchronized to support use across your devices.

3. Cloud backup history

For eligible Plus accounts, cloud Memory History is created only when you explicitly save a Memory Card. CrystalBox keeps up to 15 saved versions per card for up to 30 days. Recently Deleted items and Conflict Review are managed separately.

4. Account and service data

When you create an account, we process information such as your email address, authentication records, subscription status, selected storage mode, device identifiers used for synchronization limits, and service preferences. Authentication and synchronized data are handled through Supabase.

5. Anonymous product analytics

Anonymous product analytics are optional and can be controlled in Settings. When enabled, CrystalBox may measure product events such as memory creation, deletion, editing, tree size, and context injection. We do not send Memory Card text, images, passwords, email addresses, access tokens, or the content of your AI conversations to product analytics. In Local Only mode, your memory data remains in your browser and is not analyzed or synchronized.

6. Payments

When paid billing is enabled, payment information will be processed by a payment provider. CrystalBox should not store full payment card numbers. The payment provider may process billing details under its own privacy policy.

7. Data retention and deletion

Local data remains in your browser until you delete it, restore a backup, clear browser storage, or uninstall the extension. Cloud data remains until deleted according to your account controls, backup limits, and legal requirements. You may contact us to request account deletion.

8. Third-party AI services

When you inject context into an AI website, the text is sent to that AI service only after your action. The privacy policy of the AI service applies to the resulting conversation.

9. Security

We use reasonable safeguards and design choices intended to limit unnecessary collection. No system can guarantee absolute security. Keep your browser, device, passwords, and exported backup files secure.

10. Children

CrystalBox is not directed to children under 13, or a higher minimum age where required by local law.

11. Changes and contact

We may update this policy as the product evolves. Material changes will be reflected on this page. Questions or requests can be sent to support@crystalboxai.com.