Privacy Policy

1. What Terum Does

Terum is a browser extension, command-line tool, and web service that captures your AI conversation history (from ChatGPT, Claude, and Perplexity, and from Claude Code terminal sessions), optionally connects your Google Workspace (Gmail and Google Docs), and builds a private knowledge graph that you control. That graph powers your Terum dashboard and can optionally enrich your future AI prompts with personalized context. This policy explains what we collect, why, and how you control it.

2. Information We Collect

Account information

When you sign in with Google, we receive your name and email address from Google OAuth. You may alternatively create an account with an email address and password (for example, when reserving a founding-member plan). We use account information solely for authentication and account identification.

AI conversation data (browser)

The extension captures the text of your conversations on ChatGPT (chatgpt.com, chat.openai.com), Claude (claude.ai), and Perplexity (perplexity.ai) — the messages you send and the responses you receive, along with conversation titles, timestamps, and conversation identifiers. You can pause capture per-site at any time from the extension popup. Up to 90 days of past conversations may be imported during an optional backfill you initiate.

Claude Code session data (command-line tool)

If you install the optional terum-capture command-line tool, it captures your Claude Code terminal sessions when each session ends — your prompts, the assistant's text responses, the session title, the working directory, and token-usage counts. The tool only uploads new turns since its last run, and capture stops the moment you remove it.

Google Workspace data (optional)

If you connect Google, we use read-only access to import and mirror:

• Gmail: message and thread content — senders, recipients, subjects, body text, timestamps, and labels.
• Google Docs: document titles and exported text content.

We request only read-only scopes (gmail.readonly, drive.readonly), import roughly the last 90 days, and keep the mirror in sync. We do not modify, send, or delete anything in your Google account, and we only read Gmail messages and Google Docs — not other Drive file types.

Authentication tokens

The extension stores a JSON Web Token (JWT) in chrome.storage.local to authenticate API requests. The command-line tool stores an API key (prefixed trm_) in ~/.terum/config.json, readable only by your user account. When you connect Google, we store your Google OAuth access and refresh tokens server-side so background syncs can run on your behalf.

Usage metadata

Capture counts, sync progress, and (when enrichment is enabled) injection events such as site, latency, and item count. We do not track general web browsing, search history, or activity on sites other than the AI platforms and connected Google scopes listed above.

3. Waitlist and Pre-Orders (Marketing Site)

If you join our waitlist at terum.ai, we collect your email address to notify you about early access. If you reserve a founding-member plan, payment is processed by Stripe — your card details are entered directly with Stripe and never reach our servers; we retain your email and a Stripe payment-confirmation identifier to record your membership. You may also create a Terum account during this flow using an email and password, or with Google.

4. How We Collect Information

On ChatGPT, Claude, and Perplexity, the extension's content scripts observe the API requests your browser already makes to those services and read the conversation data from them — collection happens locally in your browser before anything is sent to us. The terum-capture tool reads your local Claude Code session transcript when a session ends. Google data is fetched directly from Google's APIs using the read-only access you granted.

5. How We Use Your Information

• Knowledge graph construction: Your conversation data is distilled into short structured notes and vector embeddings (via OpenAI's API), grouped into topics and projects to form your personal knowledge graph.
• Context enrichment: When you enable enrichment, relevant notes from your graph are prepended to your AI prompts so the tool understands your background without you repeating it.
• Your dashboard: Powering identity, memory, and project views in the Terum app.

We do not sell your data, use your content to train AI models, or use your data for advertising or third-party profiling. Imported Google (Gmail/Docs) data is currently stored as a private mirror and is not sent to third-party AI services; we will update this policy before that changes.

6. Third-Party Services

We use the following processors to provide Terum:

• OpenAI: your AI conversation text is sent to OpenAI's API to generate embeddings and structured notes. OpenAI's API data-usage policies apply (API inputs are not used to train their models).
• Supabase (hosted on AWS): stores your account data, captured events, and knowledge graph.
• Vercel: hosts our web application and background jobs.
• Resend: sends transactional email, such as team invitations and briefings.
• Stripe: processes founding-member payments. Your card details are entered directly with Stripe and handled under Stripe's own privacy policy; we receive only your email and a payment-confirmation identifier, never your full card number.
• Google: when you connect Google, your data is read from Google's APIs under the access you grant; Google's own terms govern your Google account.

These services act as data processors on our behalf. We do not sell or transfer your data to any third party for purposes unrelated to providing Terum.

7. Google API Limited Use

Terum's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We use Gmail and Google Docs data only to provide and improve the user-facing features described in this policy; we do not transfer it except as needed to provide those features or as required by law; we do not use it for advertising; and we do not allow humans to read it except with your explicit consent, for security purposes, or as required by law.

8. Data Storage and Security

Your data is stored in encrypted-at-rest cloud infrastructure (Supabase on AWS), protected by row-level security scoped to your authenticated user ID. The extension stores its token and capture queue in chrome.storage.local; the command-line tool stores its key in a permission-restricted file on your machine. All communication with our servers uses HTTPS with Bearer-token authentication.

9. Teams and Sharing

If you join a Terum team, conversations you have not marked private may be shared with your teammates and used to build shared team projects. You control this per-conversation with the private flag; private conversations are never included in team views. Leaving a team stops further sharing of your data with it.

10. Your Rights and Control

• Toggle capture and enrichment at any time from the extension popup, per site or globally.
• Choose your sources — connect or disconnect ChatGPT/Claude/Perplexity capture, the Claude Code command-line tool, and Google. Disconnecting a source stops further collection from it.
• Disconnect the extension to clear locally stored tokens and stop browser capture; running terum-capture logout removes the tool's local config and uninstalls its hook.
• Delete your data — you can delete your account and associated data from the Terum dashboard, or email us at privacy@terum.ai to request deletion. We process deletion requests within 30 days.
• Uninstall — removing the extension stops all browser collection and clears its local data automatically.

11. Data We Do Not Collect

• Browsing history or activity outside the AI platforms and the Google scopes you connect.
• Passwords or financial information.
• Full payment card numbers — card details are entered directly with Stripe and never reach our servers.
• Content from other browser tabs or applications.
• Drive files other than Google Docs.
• Third-party session cookies are never transmitted to our servers.

12. Data Retention

We retain your data while your account is active. On an account-deletion request, we delete your personal data within 30 days, except where retention is required by law.

13. Children's Privacy

Terum is not intended for anyone under the age of 13, and we do not knowingly collect personal information from children under 13.

14. Changes to This Policy

We may update this policy as Terum evolves. Material changes will be communicated in-app or by email. The "last updated" date at the top reflects the most recent revision.

15. Contact

Questions about this policy or want to exercise your data rights? Reach us at privacy@terum.ai.