Privacy
Last updated 2026-06-25.
This page describes what data Context Capsule collects, why, and what you can do about it. The intent is plain language, not legal cover.
What we store
- Slack messages you explicitly select. Only the messages you add to a capsule via the message shortcut. We never read messages you did not select.
- Your Slack workspace + user identity. Workspace name, team id, your Slack user id, and display name — used to render the UI and scope your capsules.
- The Slack OAuth token for the bot. Stored encrypted at rest (AES-256-GCM, key derived from a deployment-specific secret).
- The MCP bearer-token hash. We store SHA-256 of your MCP token — never the token itself.
- Audit events. Each capsule dereference (allow or refuse) with timestamp, actor identity, user agent, and IP address.
What we do not store
- Any Slack message you did not explicitly add to a capsule.
- The plaintext of any redacted content — redactions are destructive.
- Your MCP bearer token in recoverable form.
- Marketing trackers, third-party analytics, or fingerprints.
How long we keep it
Capsules and audit events remain until you delete them. If you delete your account (see below), all your workspaces, capsules, messages, and audit events are removed within 24 hours.
If a capsule has an expiry, it stops being readable at that time. The underlying messages remain in the database until you delete the capsule or your account.
Who we share data with
Nobody, with two infrastructure exceptions:
- Neon hosts the Postgres database (US region). Their privacy policy: neon.tech/privacy-policy.
- Vercel runs the web app and MCP server. Their privacy policy: vercel.com/legal/privacy-policy.
We do not sell data. We do not share data with advertisers or AI training pipelines.
Your rights
You can at any time:
- See all capsules + audit events scoped to you in the web app dashboard.
- Export a capsule's contents via the MCP
fetch_capsuletool. - Delete your account and all associated data on the Settings page (or by uninstalling the Slack app, which removes the workspace token; capsules remain until explicit deletion).
Self-hosting
Context Capsule is MIT-licensed open source. If you'd rather not share any data with this deployment, run your own: github.com/apraba05/context-capsule. Self-hosted deployments don't touch our infrastructure.
Contact
Questions or requests: apraba05@gmail.com. We aim to respond within 7 days.