Claude Toolbox Privacy Policy

Last updated: April 01, 2026

At Claude Toolbox ("we", "us", "our"), operated by Infi Developments, we are committed to protecting your privacy. This Privacy Policy comprehensively explains what data we collect, how we collect it, how we handle, store, and share it, and your rights — in plain language.

1. Data Controller

Infi Developments is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at [email protected].

2. What Data We Collect

We collect only the minimum data needed to provide our service. Below is a complete list of every category of data we handle:

2.1 Account information

To authenticate you with the extension and verify your subscription, we collect your email address. Your email is derived from your existing Anthropic Claude browser session (see Section 3 for details) and is used solely for authentication and subscription verification. We do not collect your name, password, physical address, or any other personal identifiers.

2.2 Data stored locally in your browser (never sent to our servers)

The following data is stored entirely on your device and is never transmitted to our servers:

• Your Claude conversation content and message text
• Your Claude browser session data (used to communicate with Claude on your behalf)
• Extension settings and preferences
• Local search history and recent searches within the extension
• Conversation cache (stored in your browser's IndexedDB for faster search)

2.3 Data synced to our servers (encrypted)

When cloud sync is enabled, the following data is transmitted over HTTPS and stored in encrypted form on our servers. We cannot read or access the content of this data:

• Folder names, folder structure, and folder color preferences
• Saved prompts and prompt definitions
• Conversation IDs (for pinned chats and folder assignments)
• Labels and tags applied to conversations

2.4 Payment data

Payments for Claude Toolbox are processed by Polar (our payment provider). We do not store your credit card details. Polar provides us with your email address and payment status so we can verify your subscription. Polar's privacy policy governs how they handle your payment information.

2.5 Install and uninstall information

When you install the extension, a welcome page is opened in your browser. When you uninstall the extension, a feedback page may be opened. No additional data is collected during install or uninstall beyond what is described in this policy.

2.6 Analytics

We use Google Analytics on our Chrome Web Store listing page only. We do not use third-party analytics within the extension itself or on our website.

2.7 Cookies

We do not use cookies on our website or within the extension.

3. How We Collect Your Data

We collect data through the following methods:

• Session authentication: The extension reads authentication information from your existing Anthropic Claude browser session (via the browser's standard storage and webRequest APIs) to authenticate you. This is how we derive your email address and enable the extension to interact with Claude on your behalf. We do not intercept, read, or store the content of your Claude messages through this mechanism.
• Your actions in the extension: When you create folders, save prompts, pin conversations, or apply labels, these are synced to our servers if cloud sync is enabled.

4. How We Use Your Data

We use the data we collect for the following purposes only:

• Provide our service: Enable folder sync, prompt access, pinned chats, and labels across your devices.
• Authenticate your account: Verify your identity using your email address to provide personalized access to your synced data.
• Verify subscriptions: Check your payment status via Polar to unlock Premium features.
• Respond to support requests: If you contact us, we use your email to respond.
• Improve the extension: Aggregated, non-personal usage patterns help us understand which features are most valuable so we can improve the experience.

5. How We Store Your Data

Local storage (your browser)

The majority of extension data — including your conversation content, search history, and settings — is stored locally on your device using Chrome's built-in storage APIs (chrome.storage.local) and IndexedDB. This data never leaves your browser unless you enable cloud sync for supported features.

Server storage (our infrastructure)

Synced data (folders, prompts, pinned chats, labels) is stored on our secure servers hosted on industry-standard cloud infrastructure. All synced data is encrypted at rest, meaning we cannot read or access the content of your folders, prompts, labels, or any other synced data. Data in transit is protected with HTTPS/TLS encryption.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following parties, and only as described:

• Our backend servers (api.infi-dev.com): Your email address (for authentication) and encrypted synced data (folders, prompts, pinned chats, labels). All synced data is encrypted and unreadable by us.
• Polar (payment processor): Payment processing and subscription management. They receive your email and payment details directly. We only receive your email and payment status from them.
• Anthropic / Claude (claude.ai): The extension communicates with Claude's existing interfaces using your active browser session to provide its features (e.g., fetching conversations for search). This is the same data Claude already has access to — we do not send any additional personal data to Anthropic.
• Google Analytics: Anonymous, aggregated usage data on our Chrome Web Store listing page only. No analytics are collected within the extension.
• Legal obligations: We may disclose data if required by law or in response to a valid legal request from a government authority.

We do not share your data with any other third parties, advertisers, data brokers, or AI model training services.

7. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds under GDPR Article 6:

• Contract performance: Processing necessary to provide the services you signed up for (e.g., syncing folders across devices, authenticating your account, verifying your subscription).
• Legitimate interest: Processing necessary for the operation and improvement of our services (e.g., aggregated usage analytics to improve features), provided it does not override your rights.
• Consent: Where applicable, we process data based on your explicit consent (e.g., enabling cloud sync). You may withdraw consent at any time by disabling the relevant feature or contacting us.

8. Data Security

We take the security of your data seriously and implement multiple layers of protection:

• Encryption at rest: All synced data stored on our servers is encrypted. We cannot read the content of your folders, prompts, or labels.
• Encryption in transit: All communication between the extension and our servers uses HTTPS/TLS encryption.
• Minimal data collection: We follow the principle of data minimization — we only collect what is necessary to provide our service.
• Local-first architecture: The majority of your data (including all conversation content) never leaves your browser, reducing exposure risk.
• Secure infrastructure: Our servers are hosted on industry-standard cloud infrastructure with regular security updates.
• No plaintext logging: We do not log synced data content on our servers.

9. Your Rights

Under GDPR and applicable data protection laws, you have the following rights. To exercise any of these rights, contact us at [email protected]:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your personal data from our servers.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to restrict processing: Request that we limit how we use your data.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: You can disable cloud sync at any time in extension settings to stop data transmission to our servers. For other consent-based processing, contact us.
• Right to lodge a complaint: You have the right to file a complaint with your local data protection authority.

We will respond to all data rights requests within 30 days.

10. Data Retention

We retain your synced data (folders, prompts, conversation IDs, labels) for as long as your account is active and cloud sync is enabled.

• Local data: Data stored in your browser persists until you clear your browser data or uninstall the extension.
• Server data: Synced data is retained until you request deletion or your account is removed.

If you wish to have your server-side data deleted, contact us at [email protected] and we will remove all associated data from our servers within 30 days.

Uninstalling the extension removes all locally stored data from your browser immediately. Server-side data requires a separate deletion request.

11. International Data Transfers

Our services are available worldwide. Your data may be processed in countries outside your country of residence. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in compliance with GDPR requirements.

12. Children's Privacy

Our free extension does not have age restrictions. However, purchasing a paid plan requires a valid credit card, which is limited to individuals of legal age in their jurisdiction. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us at [email protected] and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will make reasonable efforts to notify you via the extension or email.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, contact us at: [email protected]