Privacy Policy

Effective April 14, 2026

Introduction

Murmur is a browser extension that helps you learn languages passively while chatting with AI. This policy explains what data we collect, how we use it, and the choices you have. We believe in being straightforward — no legalese, no surprises.

What We Collect

Account information

When you sign up (via Google, GitHub, or email magic link), we receive your email address, name, and profile image from your OAuth provider. If you use a magic link, we only get your email.

Learning progress

We track which vocabulary and grammar patterns you've encountered, how many times, and when. This powers the spaced repetition system that decides what to show you next.

Session data

When you sign in, we record your IP address and browser user agent for security purposes. Sessions expire after 7 days.

Payment information

If you subscribe to Pro, Stripe handles all payment processing. We store your Stripe customer ID and subscription status, but we never see or store your card number.

What We Don't Collect

We don't store your conversations. When you chat on ChatGPT or Claude, your message text is processed in real-time to generate language annotations, but it is not saved to our servers. We also don't collect biometric data, precise geolocation, health information, or any sensitive personal data.

How We Use Your Data

Language annotations

Your conversation text is sent to Google's Gemini API in real-time to generate vocabulary and grammar annotations. The text is processed and discarded — it's not stored by us.

Pronunciation audio

When you tap an annotation to hear it spoken, the word or phrase is sent to Cartesia's text-to-speech API. No conversation context is included.

Authentication emails

If you sign in with a magic link, your email address is sent to Resend to deliver the login email.

Subscription management

Stripe processes your payments and manages your subscription.

Third-Party Services

  • Google Gemini — Processes conversation text to generate language annotations. Privacy Policy
  • Cartesia — Generates pronunciation audio from words/phrases. Privacy Policy
  • Stripe — Processes payments and manages subscriptions. Privacy Policy
  • Resend — Delivers authentication emails. Privacy Policy
  • Google OAuth — Authenticates sign-in via Google. Privacy Policy
  • GitHub OAuth — Authenticates sign-in via GitHub. Privacy Policy

Browser Extension Permissions

  • storage — Saves your login session and preferences locally in your browser
  • identity — Handles the OAuth sign-in redirect flow
  • tabs and activeTab — Allows the extension to know when you're on ChatGPT or Claude so it can activate
  • scripting — Injects the annotation overlay into ChatGPT and Claude pages

The extension only operates on chatgpt.com and claude.ai. It cannot read or access any other websites.

Cookies

We use session cookies only — they keep you signed in and expire after 7 days. We don't use analytics cookies, tracking pixels, or advertising cookies. There is nothing to opt out of.

Private Browsing

The extension is disabled in incognito and private browsing mode. It cannot be enabled in these modes.

Data Retention

  • Account data — Kept until you request deletion
  • Learning progress — Kept until you request deletion
  • Session data — Automatically expires after 7 days
  • Payment records — Retained by Stripe per their retention policy

Your Rights

You can request a copy of your data or ask us to delete your account and all associated data. Email us at the address below and we'll process your request within 30 days.

Children's Privacy

Murmur is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us data, please contact us and we'll remove it.

Analytics and Advertising

We don't use any. No analytics services, no ad networks, no data brokers. We don't sell or share your data with third parties for their own purposes.

Changes to This Policy

If we make material changes, we'll notify you via the email address on your account. The effective date at the top of this page always reflects the latest version.

Contact

For privacy questions, data requests, or concerns:

[email protected]