1. Introduction
This Privacy Policy describes how Context-Aware Translator ("we", "our", or "us") collects, uses, and protects information when you use the Context-Aware Translator Chrome extension and its companion web dashboard (collectively, the "Service"). By using the Service you agree to the practices described here.
2. Information We Collect
Extension data
- Selected text — the word or phrase you highlight on a webpage, sent to our API to produce a translation.
- Surrounding context — a window of text around the selection, sent with the translation request to improve accuracy.
- Personal context string — an optional description you provide (e.g. "I am an intermediate Spanish learner") that personalises translations. Stored in Chrome sync storage and on our server.
- Language preferences — your chosen source and target languages. Stored in Chrome sync storage and on our server.
Account data
- Email address — collected when you create an account via Supabase Auth.
- Saved translation concepts — translations you choose to save, stored server-side in our PostgreSQL database.
- Custom AI provider API keys — if you supply your own API key for a provider (e.g. OpenAI), it is stored server-side in encrypted form and used only to make translation requests on your behalf.
Usage and error data
- Crash and error reports — collected via Sentry with a privacy-minimal configuration. Reports contain stack traces and browser environment metadata; they do not include page content or personal text.
3. How We Use Your Information
- Provide, operate, and improve the translation service.
- Authenticate your account and synchronise preferences across devices.
- Store and display your saved translation concepts in the dashboard.
- Forward selected text and context to AI providers to generate translations.
- Diagnose bugs and monitor service reliability via error reporting.
We do not sell your data, use it for advertising, or share it with third parties except as described in Section 5.
4. Data Storage & Retention
Preferences and account data are stored in a PostgreSQL database hosted on Railway. Auth data is managed by Supabase. The web dashboard is hosted on Vercel.
We retain your data for as long as your account is active. You may request deletion at any time (see Section 7). Extension-local data (Chrome sync storage) is managed by your browser and can be cleared through your browser settings.
Text you highlight on webpages is transmitted to our API for the purpose of translation and is not persistently stored on our servers unless you explicitly save the concept.
5. Third-Party Services
The following third-party services process data on our behalf. Each is bound by its own privacy policy.
| Service | Purpose | Data involved |
|---|
| Supabase | Authentication & database | Email, saved concepts, preferences |
| Railway | API hosting | Translation requests, API keys |
| Vercel | Dashboard hosting | Standard web request logs |
| Sentry | Error monitoring | Stack traces, browser metadata |
| DeepL | Primary translation provider | Selected text and surrounding context |
| Google Gemini / OpenAI / Anthropic / Mistral | Enrichment data & translation fallback (server-side) | Selected text and surrounding context |
AI provider calls are made server-side from our API; your raw browser session is not shared with AI providers directly.
6. Chrome Extension Permissions Explained
- storage — used to persist your authentication token, language preferences, and personal context string locally and via Chrome sync.
- tabs — used to send messages to content scripts in active tabs and detect whether the content script is already running. Tab URLs are not stored or transmitted.
- activeTab — grants temporary access to the currently active tab only when you invoke the extension (via the selection tooltip, context menu, or the keyboard shortcut Alt+T). The extension has no passive access to background tabs.
- scripting — injects the translation UI into the active tab on demand. On sites you enable, the content script is registered persistently so it activates on page load. On other sites, it only runs when you explicitly trigger a translation via the context menu; it is not present on pages passively.
- contextMenus — adds a "Translate" option to the right-click menu so you can translate selected text on any page without pre-enabling the site.
- sidePanel — opens a sidebar workspace with translation, history, saved concepts, spaced repetition review, and settings. No data is collected by the side panel beyond what is described elsewhere in this policy.
- alarms — schedules periodic checks for spaced repetition items that are due for review. No data leaves the browser via this permission.
- notifications — sends a local browser notification when you have vocabulary items due for review, if you have enabled reminders in settings.
- Optional host permissions — when you enable the extension on a specific site, Chrome prompts you to grant access to that site. This is requested per-site at runtime rather than granted broadly at install time. The extension never has blanket access to all websites.
7. Your Rights
- Access — you can view all saved concepts and preferences in the dashboard at any time.
- Deletion — you can delete individual saved concepts from the dashboard, or request full account deletion by contacting us (see Section 10). We will process deletion requests within 30 days.
- Opt-out of error reporting — error reporting can be disabled; contact us if you wish to opt out.
- Data portability — contact us to request an export of your saved data.
If you are in the European Economic Area or United Kingdom you may also have rights under GDPR/UK GDPR, including the right to lodge a complaint with your supervisory authority.
8. Data Security
All data in transit is encrypted via TLS. Custom API keys are stored encrypted at rest. We follow industry-standard practices for access control and secret management. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we take reasonable steps to protect your data.
9. Changes to This Policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy. For material changes we will make reasonable efforts to notify you (e.g. via the dashboard).