Privacy Policy

Havril is a memory service for AI assistants. This policy explains what data the Havril browser extension and API collect, why, and how it is protected.

If you have questions, contact us at freedischthibaut@proton.me.

Account information. When you sign in with Google or GitHub, we receive your name, email address, and profile picture from that provider. We use this to identify your account.

Authentication token. We generate a Bearer token that authenticates your requests to the Havril API. This token is stored only in your browser's session storage (chrome.storage.session) and is never written to disk or synced across devices.

Conversation content. When you send a message on Claude, ChatGPT, or Gemini, the extension submits that conversation to the Havril API. The API extracts facts and preferences worth remembering and discards the raw transcript. We do not store your full conversation history.

Memories. Distilled facts extracted from your conversations are stored in your Havril account and used to provide context in future conversations. You can view and delete all memories at any time.

Preferences. Your display name, avatar URL, and UI theme preference are stored in chrome.storage.sync so they persist across devices.

• Health or medical information
• Financial or payment information
• Browsing history outside of supported AI platforms
• Location data
• Keystrokes, mouse movements, or screen content outside the chat input

We use the data listed above exclusively to operate the Havril memory service — storing memories and returning relevant context when you start a new AI conversation. We do not sell, rent, or share your data with third parties for advertising or analytics purposes.

Havril uses OpenAI's API to generate embeddings and extract facts from conversations. Conversation content is transmitted to OpenAI solely for this purpose and is subject to OpenAI's privacy policy.

Authentication is handled by Google and GitHub OAuth. We receive only the profile information those providers share and do not have access to your Google or GitHub account beyond that.

You can delete individual memories or your entire account at any time from the Havril dashboard. Deletion removes your data from our database and vector store immediately.

Session tokens are cleared when you log out or your browser session ends. Sync preferences are cleared when you log out via the extension popup.

Bearer tokens are stored as SHA-256 hashes — the raw token is never persisted on our servers. All communication between the extension and the Havril API uses HTTPS.

If you discover a security vulnerability, please report it to freedischthibaut@proton.me. All reports are addressed promptly.

We may update this policy as the product evolves. Material changes will be noted with an updated date at the top of this page.