Privacy Policy

Account information

When you sign up (via Google, GitHub, or email magic link), we receive your email address, name, and profile image from your OAuth provider. If you use a magic link, we only get your email.

Learning progress

We track which vocabulary and grammar patterns you've encountered, how many times, and when. This powers the spaced repetition system that decides what to show you next.

Session data

When you sign in, we record your IP address and browser user agent for security purposes. Sessions expire after 7 days.

Payment information

If you subscribe to Pro, Stripe handles all payment processing. We store your Stripe customer ID and subscription status, but we never see or store your card number.

Language annotations

Your conversation text — from ChatGPT, Claude.ai, or Claude Code — is sent to Google's Gemini API in real-time to generate vocabulary and grammar annotations. The text is processed and discarded; it is not stored by us regardless of which surface it came from.

Pronunciation audio

When you tap an annotation to hear it spoken, the word or phrase is sent to Cartesia's text-to-speech API. No conversation context is included.

Authentication emails

If you sign in with a magic link, your email address is sent to Resend to deliver the login email.

Subscription management

Stripe processes your payments and manages your subscription.

Where it operates

The extension only operates on chatgpt.com and claude.ai. It cannot read or access any other websites.

How it captures messages

On those two sites, Murmur reads message content by intercepting their network requests in your browser. Your messages and the assistant's replies are sent to Murmur's backend, which forwards the text to Google Gemini for annotation. The text is not stored by Murmur.

Permissions

• storage — Saves your login session and preferences locally in your browser
• identity — Handles the OAuth sign-in redirect flow
• tabs and activeTab — Allows the extension to know when you're on ChatGPT or Claude.ai so it can activate
• scripting — Injects the annotation overlay into ChatGPT and Claude.ai pages

Firefox data collection categories

When you install the Firefox version, the install prompt shows the categories of data the extension collects, declared in our manifest. Plain-language meaning of each:

• Personal communications — your messages with ChatGPT and Claude.ai are sent through Murmur to generate language annotations.
• Website content — Murmur reads message content from ChatGPT.com and Claude.ai pages by intercepting their network requests.
• Personally identifying info — your name and email come from your OAuth provider when you sign in.
• Authentication info — your sign-in session is stored locally so you don't have to sign in repeatedly.
• Technical and interaction data (optional) — crash reports and performance traces are sent to Sentry. You can turn this off in the extension popup at any time, on either Chrome or Firefox.

Telemetry control

Sentry error and performance monitoring is enabled by default. To turn it off, open the Murmur popup and toggle "Send error reports." Disabling this stops all Sentry network traffic from the extension immediately, with no browser restart.

Private browsing

The browser extension is disabled in incognito and private browsing mode and cannot be enabled in those modes.

What it captures

The Murmur VS Code extension captures your Claude Code prompts and the assistant's replies via Claude Code's official hook mechanism — specifically the UserPromptSubmit and Stop hooks. Captured text is sent to the same Murmur backend annotation endpoint used by the browser extension and is not stored on Murmur's servers.

Local HTTP server

The extension starts a small HTTP server on your machine that receives Claude Code hook events. The server binds only to 127.0.0.1 on a port in the range 7878–7887. It cannot be reached from outside your computer.

Claude Code hook setup

Hooks are configured via the Murmur: Configure Hooks command, which you run from the VS Code command palette. When you run it, the extension adds entries for UserPromptSubmit and Stop to your ~/.claude/settings.json file, each pointing at the local Murmur server. The extension does not modify this file unless you explicitly run that command.

Settings

The murmur.serverUrl setting lets you point the extension at a different Murmur backend; by default, it uses learnmurmur.com.

Telemetry control

Sentry error and performance monitoring honors VS Code's global telemetry setting. If you set telemetry.telemetryLevel to off, Murmur sends no Sentry data. Changes take effect immediately without restarting the editor. VS Code has no equivalent to private browsing — the extension activates whenever VS Code is running and you are signed in.

Everyone

You can request a copy of your data or ask us to delete your account and all associated data. Email the address below and we'll process your request within 30 days.

EU, UK, and Switzerland

Under the GDPR and UK GDPR you also have the right to rectify inaccurate data, to restrict processing, to object to processing, to data portability, and to lodge a complaint with your local data protection supervisory authority. Our legal bases for processing are: contract performance for account, billing, and learning progress data; legitimate interests for session metadata and error monitoring; consent for optional telemetry where we provide a toggle.

California

Under the CCPA and CPRA you have the right to know what personal information we collect, the right to delete it, the right to correct inaccuracies, the right to opt out of sale or sharing, and the right not to be discriminated against for exercising any of these rights. Murmur does not sell or share personal information with third parties for their own marketing purposes, so the opt-out is satisfied by default; you may exercise the other rights via the email address below.