Privacy Policy

1. Who We Are

LeanCTX is an open-source project maintained by Yves Gugger. The CLI tool, MCP server, Chrome extension, and this website are all part of the LeanCTX project. Source code is publicly available at github.com/yvgude/lean-ctx.

Contact: privacy@leanctx.com

2. LeanCTX CLI & MCP Server

The LeanCTX binary and MCP server run entirely on your local machine. All compression, caching, and AI tool orchestration happens locally. There are two optional network features:

2a. Version Check (on by default, disableable)

Once per day, LeanCTX fetches leanctx.com/version.txt in a background thread to check if a newer version is available. This request sends only the current version as a User-Agent header - no identifying information, no telemetry, no project data. The result is cached locally in ~/.lean-ctx/latest-version.json for 24 hours.

To disable: Set update_check_disabled = true in ~/.lean-ctx/config.toml or set the environment variable LEAN_CTX_NO_UPDATE_CHECK=1.

2b. Anonymous Compression Stats (opt-in, off by default)

During lean-ctx setup, you are asked whether you want to share anonymous compression statistics. The default is No - you must explicitly type y to enable this.

If enabled, LeanCTX periodically sends anonymized compression stats to api.leanctx.com:

• File type (e.g. .rs, .tsx) and size bucket (e.g. 2k–10k)
• Compression mode used and compression ratio achieved
• Token counts (input/output)

Never sent: file names, file contents, code, prompts, project names, hostnames, usernames, or any personally identifiable information.

To disable after enabling: Remove or set contribute_enabled = false under [cloud] in ~/.lean-ctx/config.toml.

2c. Local Data

Data stored locally in ~/.lean-ctx/:

• Session state - current project root, recent tool calls. Stored in sessions/. Never transmitted.
• Knowledge store - facts you explicitly save via ctx_knowledge remember. Stored in knowledge/. Never transmitted unless you use lean-ctx team push.
• Compression statistics - aggregated counts of tokens saved. Stored in stats.json. Only transmitted if you opt in (see 2b).
• Cache - file content cache for faster reads. Stored in cache/. Auto-expires. Never transmitted.
• Index files - code search indices (BM25, graph). Stored in index/. Never transmitted.

2d. Wrapped Permalink & Leaderboard (opt-in, explicit)

lean-ctx gain --publish uploads a whitelisted, aggregate slice of your Wrapped recap to leanctx.com and returns a shareable leanctx.com/w/<id> link. It is anonymous and never happens automatically, only when you run the command.

Only these fields are published:

• Tokens saved, USD estimate, time period, and compression rate
• Command / session / file counts and the tool names used
• Optional model name and an optional display name you choose

Never sent: file names, file contents, code, prompts, paths, project names, hostnames, usernames, or any IP-derived identity (a salted hash is used solely for abuse rate-limiting, never stored as a raw IP).

Adding --leaderboard additionally lists the card on the public leaderboard (off by default). A one-time edit token is stored locally so you can remove a card at any time with lean-ctx gain --unpublish.

No crash reporting, no usage analytics, no tracking. The version check (2a) and opt-in compression stats (2b) are the only automatic outbound requests LeanCTX makes; publishing a Wrapped card (2d) happens only when you explicitly run lean-ctx gain --publish.

3. Chrome Extension

The LeanCTX Chrome extension compresses text locally before it is pasted or sent in AI chat interfaces (ChatGPT, Claude, Gemini, etc.).

Data accessed:

• Clipboard content - read during paste events to compress text before inserting it into the chat input. The original and compressed text never leave your device.
• Active tab content - the extension reads and modifies the chat input field on supported AI sites. No other page content is read.

Data stored (local only):

• Settings - enable/disable toggles. Stored in chrome.storage.local. Never synced or transmitted.
• Usage statistics - total tokens saved and compression count. Stored in chrome.storage.local. Never transmitted.

Native messaging: When the LeanCTX binary is installed, the extension communicates with it via the Chrome Native Messaging API over a local pipe. Text is sent from the browser to your local binary for compression and returned. No external network requests are made during this process.

The extension does not collect, store, or transmit: your code, prompts, chat history, browsing history, personally identifiable information, or any other user content.

4. leanctx.com Website

The website is a static site hosted on a dedicated server. Standard web server access logs are kept for up to 30 days for security and operational purposes. These logs contain IP addresses, browser user-agent strings, and requested URLs.

The website does not use: Google Analytics, tracking pixels, advertising cookies, or any third-party analytics. It uses Pagefind for local full-text search - all search processing happens in your browser.

5. LeanCTX Cloud (Optional)

Cloud features are entirely opt-in. They are activated by running lean-ctx login <email>. If you never run this command, no data is ever sent to our servers.

What we collect if you opt in:

• Email address - used for account identification and to send you your API key. Not sold or shared with third parties.
• Anonymized compression statistics - file type (e.g. .rs, .tsx), file size bucket (e.g. 2k–10k), compression mode used, and compression ratio achieved. Never file names, file contents, code, prompts, or project names.
• Team knowledge - only if you explicitly run lean-ctx team push. Only the key/value pairs you have explicitly saved via ctx_knowledge remember are uploaded.

What we never collect: your code, file contents, file names, project names, prompts, chat history, or any other content from your projects.

Credentials are stored locally in ~/.lean-ctx/cloud/credentials.json.

Your data, self-service:

• Export (GDPR Art. 20) - download everything your account has synced as a single JSON file via Account → Your data & account → Download my data. Encrypted vaults are included as ciphertext - only your machines hold the keys.
• Delete (GDPR Art. 17) - permanently erase your account, all synced data, and cancel any active subscription immediately via Account → Delete account. Effective at once; Stripe retains invoices as legally required bookkeeping records.

Prefer email? privacy@leanctx.com handles the same requests manually.

6. Data Retention

• Local data - stored indefinitely until you run lean-ctx uninstall or manually delete ~/.lean-ctx/.
• Cloud account data - retained until you delete your account (self-service on the account page, effective immediately).
• Web server logs - retained for 30 days.

7. Third-Party Services

LeanCTX does not embed or call any third-party analytics, advertising, or tracking services. GitHub is used for source code hosting and release distribution. When you install LeanCTX via Homebrew, Cargo, or npm, standard package manager network requests are made to the respective registries.

8. Children's Privacy

LeanCTX is a developer tool not directed at children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page and note the change in the CHANGELOG.

10. Contact

Questions or requests regarding your data:
privacy@leanctx.com
GitHub Issues