Privacy Policy
Last updated: February 2026
1. Overview
Chat Locker is a local-first application. Your conversations are stored in your browser's IndexedDB and are never sent to any server unless you explicitly enable cloud sync. We are committed to keeping your data under your control.
2. Data We Don't Collect
We do not use advertising tracking, behavioral analytics, fingerprinting, or third-party marketing scripts. There are no Google Analytics, no Mixpanel, no advertising SDKs. The app makes zero network requests to our servers unless you sign in and enable cloud sync. We may use privacy-respecting technical tools to diagnose crashes. These logs contain only anonymised stack traces and never include your conversation content.
3. Local Storage
All conversation data is stored in your browser's IndexedDB. This data lives entirely on your device. We have no access to it. If you clear your browser data, your vault is deleted. We cannot recover it. Use the built-in export feature to create backups.
4. Cloud Sync (Optional, Pro)
If you subscribe to Pro and enable cloud sync, your conversations are encrypted client-side using AES-256-GCM before leaving your device. The encryption key is derived from your password and never transmitted. We store only encrypted blobs on Cloudflare D1. We cannot read, search, or access your synced conversation content.
5. Authentication (Optional)
GitHub sign-in: When you sign in with GitHub, we receive your GitHub user ID, username, email address, and avatar URL through GitHub's OAuth flow. We do not request access to your repositories or any other GitHub data.
Google sign-in: When you sign in with Google, we receive your Google account ID, email address, display name, and profile photo through Google's OAuth flow. We do not request access to your Google Drive, Gmail, or any other Google services.
In both cases, this information is stored in our Cloudflare D1 users table solely for account identification. We only read your name, email, and profile photo. No access to your files or other account data.
6. Cookies
We use a single httpOnly session cookie (vault_session) for authentication when you sign in. This cookie is strictly functional. It contains no tracking information. We do not use third-party cookies, advertising cookies, or any form of cross-site tracking.
7. Infrastructure
The landing site and app are hosted on Cloudflare Pages. The optional sync API runs on Cloudflare Workers with D1 (SQLite) for storage and KV for sessions. Cloudflare infrastructure receives standard HTTP request metadata (IP address, User-Agent, request path, response status) as part of normal network operation. We do not access or analyse these logs. Cloudflare's own privacy policy governs their handling of this data. Synced conversation data is stored in Cloudflare D1 databases located in Cloudflare's US data centres.
8. Semantic Search Model
When you enable semantic search, a small ONNX model (~130MB) is downloaded once from Hugging Face and cached in your browser. The model runs entirely on your device using WebAssembly. No conversation data is sent to Hugging Face or any external service. All inference happens locally.
9. Data Retention & Deletion
Local data: You have full control. Delete individual conversations, clear your vault, or clear browser data at any time.
Synced data: Delete via the in-app "Reset Cloud Data" option in the Sync page, or contact us by email.
Account deletion: Available from your Account page. Permanently removes your user record, all synced conversation data, session data, and cancels any active subscription. Your local data on your device is not affected.
10. Data Controller
Chat Locker is operated by an individual developer based in Portugal. For the purposes of the GDPR and other applicable data protection laws, the data controller is the operator of chatlocker.app.
Contact: privacy@chatlocker.app
11. Changes to This Policy
If we make material changes to this privacy policy, we will update this page with a new "Last updated" date. For significant changes, we may also notify users through the app.
12. Contact
For privacy questions or data deletion requests, email us at privacy@chatlocker.app.