Privacy Policy

Effective date: 4 June 2026
Last updated: 9 June 2026
Controller: Recall (recall-pro.net)
Contact: privacy@recall-pro.net
Jurisdiction: United Kingdom

1. Who we are

Recall ("we", "us", "our") is a browser extension and Progressive Web App that provides AI-powered browsing memory. We are the data controller for any personal data processed through the Recall service. Our contact address for data protection matters is privacy@recall-pro.net.

2. What data we collect and why

2.1 Data we collect automatically

When you use the Recall Chrome extension, the following data is processed:

Page URLs and titles

Collected to identify and organise your saved entries. Stored locally on your device in Chrome's local storage. Never transmitted to Recall's servers.

Page text content

A maximum of 4,000 characters of text from each page is temporarily extracted and sent to the Claude API (operated by Anthropic) to generate an AI summary. This content is not stored by Recall or by Anthropic beyond the processing of your request.

Text highlights

Any text you select on a page is saved locally to your device as part of the entry. Not transmitted anywhere except as part of the page content excerpt sent to the Claude API.

Time spent on page

The duration of your visit to each page is recorded locally and displayed alongside the entry in your vault.

Domain names

The hostname of each saved page (e.g. example.com) is stored locally for display and filtering purposes.

Full-page snapshots (Recall Pro)

When Recall Pro is active, a full-page snapshot (the page's HTML, images and text) is saved locally in your browser's storage so you can open saved pages offline. Snapshots stay on your device, are never transmitted to Recall or any third party, and are removed when you clear your vault.

2.2 Data you provide

Claude API key

You optionally provide a Claude API key to enable AI summaries. This key is stored in Chrome's local sync storage on your device. It is transmitted directly from your browser to Anthropic's API. Recall never receives or stores your API key.

Settings preferences

Your configuration choices (excluded domains, highlights-only mode, skip-incognito, etc.) are stored locally in Chrome's sync storage.

Recall Pro licence

If you subscribe to Recall Pro, you receive a licence key from Lemon Squeezy (our payment provider and Merchant of Record). The key you enter is stored locally on your device to unlock Pro features. To activate it and to periodically confirm your subscription is still active, the extension sends the licence key (and a device label) to Lemon Squeezy's licence API — it is never sent to a Recall server, and no browsing data is included. See section 5.

2.3 Data we do not collect

We do not operate any servers that receive your browsing data.
We do not use cookies or any web tracking technologies on our website or extension.
We do not collect analytics, crash reports, or telemetry data.
We do not collect any payment information — payments are processed by Lemon Squeezy (our Merchant of Record) and managed by you through their customer portal.
We do not collect data from pages you visit in Chrome incognito mode (disabled by default in settings).

3. Lawful basis for processing

We process your personal data under the following lawful bases under UK GDPR Article 6:

Legitimate Interest (Art. 6(1)(f))

Processing page URLs, titles, time-on-page, and domain names to provide the browsing memory service you have installed the extension to receive.

Contract Performance (Art. 6(1)(b))

Processing data necessary to deliver the features of the Recall service you have subscribed to.

Consent (Art. 6(1)(a))

Processing text you deliberately select and highlight. You provide consent through the deliberate act of selecting text.

4. How your data is stored and secured

Recall is designed as a local-first application. Your data is stored in the following locations:

Chrome local storage: All vault entries are stored in your browser's chrome.storage.local on your own device. This data does not leave your device and is not accessible to Recall or any third party.
Browser database (IndexedDB): with Recall Pro, full-page offline snapshots are stored in IndexedDB on your device. They never leave your device.
Exported vault file: When you choose to export your vault, a JSON file is saved to your computer's file system. You are responsible for the security of this file once exported.
Chrome sync storage: Your settings and API key are stored in chrome.storage.sync, which may sync between Chrome browsers signed into the same Google account. This is controlled entirely by Google Chrome's sync settings.
Chrome local storage (Pro licence): your Recall Pro licence key and its activation state are stored per device in chrome.storage.local. They do not sync between devices — you activate Pro on each device with your key.

Security measures. Recall operates no servers that receive your browsing data. Encrypted vault exports and encrypted automatic backups use AES-256-GCM with a key derived from your passphrase via PBKDF2-HMAC-SHA256 (600,000 iterations) through the browser's Web Crypto API; your passphrase is never written to disk (it is held in memory only for the current browser session when you unlock encrypted backups). Our website and the Claude API are accessed over HTTPS, and we collect no analytics or telemetry. No method of storage or transmission is completely secure; you remain responsible for the security of any files you export and of the device on which your vault is stored.

Because your data lives on your own device, Recall cannot recover it if you clear your browser data or uninstall the extension. We recommend exporting your vault regularly from the extension popup to maintain backups. You can also enable Automatic backup in Settings, which writes a copy of your vault to a folder inside your device's Downloads on a schedule. If you have set a vault passphrase and unlocked it for the session, these backups are encrypted; otherwise they are unencrypted. The files stay on your device unless you move them.

5. Sharing your data with third parties

5.1 Anthropic (Claude API)

When AI summarisation is enabled, excerpts of page content (maximum 4,000 characters) are sent to the Anthropic Claude API to generate summaries. Anthropic is a US-based company.

What is sent: Page title, URL, time spent, and up to 4,000 characters of page text.
What is not sent: Your full browsing history, your personal identity, your API key is sent directly to Anthropic's auth headers by your browser — not via Recall.
Anthropic's data practices: Anthropic states it does not use data submitted via the API to train its models. See anthropic.com/legal/privacy for their current policy.
International transfer basis: This transfer relies on Anthropic's participation in the UK Extension to the EU-US Data Privacy Framework and Anthropic's Data Processing Agreement available at anthropic.com.

5.2 Lemon Squeezy (payments & licensing)

If you subscribe to Recall Pro, payment and billing are handled by Lemon Squeezy, which acts as our Merchant of Record — the seller of record for the transaction, responsible for collecting and remitting applicable sales tax/VAT. We do not receive or store your card details.

What Lemon Squeezy processes: your payment details and billing email (as the merchant), and your subscription/licence status.
What the extension sends to Lemon Squeezy: your Recall Pro licence key and a device label, sent from your browser to Lemon Squeezy's licence API to activate Pro and to periodically check your subscription is still active. No browsing data, vault entries, or page content are sent.
International transfer: Lemon Squeezy is US-based; this transfer relies on the safeguards in their data processing terms. See their privacy policy at lemonsqueezy.com/privacy.

5.3 No other third parties

We do not share your data with any other third parties. We do not sell, rent, or licence your personal data to any person or organisation under any circumstances.

6. Your rights under UK GDPR

You have the following rights regarding your personal data. Because Recall stores data locally on your device, most of these rights are exercised directly by you without needing to contact us:

Right to access (Art. 15)

Your vault data is stored on your own device and accessible to you at all times via the extension popup and the offline reader.

Right to erasure (Art. 17)

Click "Clear vault" in the extension popup to delete all data immediately. Uninstalling the extension removes all local data.

Right to rectification (Art. 16)

Edit your exported vault JSON file directly in any text editor to correct inaccurate entries.

Right to portability (Art. 20)

Export your vault as a JSON file at any time from the extension popup. This is a core product feature.

Right to object (Art. 21)

Uninstall the extension at any time. You may also disable AI summarisation by removing your API key from Settings, which stops all data transmission to third parties.

Right to restrict processing (Art. 18)

Use the Settings page to exclude specific domains or enable highlights-only mode to restrict what Recall processes.

Right to complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

To exercise any right that requires our involvement, contact us at privacy@recall-pro.net. We will respond within one month as required by UK GDPR.

7. Data retention

Recall does not set retention periods for data stored on your device — you control retention directly. Data remains in chrome.storage.local until you clear it manually or uninstall the extension. Exported vault files remain on your device until you delete them.

Data sent to the Anthropic API for summarisation is not retained by Anthropic beyond the processing of your request, in accordance with Anthropic's API usage policies.

8. Children

Recall is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has used Recall and you wish to have their data deleted, contact us at privacy@recall-pro.net and we will provide guidance on removing local data.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify users of material changes by updating the effective date at the top of this policy and, where appropriate, by displaying a notice in the extension. Continued use of Recall after a policy update constitutes acceptance of the revised policy.

10. Contact

privacy@recall-pro.net

Website

recall-pro.net/privacy

ICO registration number

[To be added upon ICO registration]

Response time

Within one calendar month of receiving your request