Corixa App Privacy Policy
Last updated: November 20, 2025
Corixa stores all your content locally on your Mac using Apple's SwiftData framework. Your saved pages, videos, notes, and categories remain entirely on your device. Optional AI features use secure proxy servers that never log or store your content. You maintain complete control over your data.
Overview
Corixa ("we", "our", or "us"), developed by Halldor Gislason, operates a macOS application for digital content management. This privacy policy explains our commitment to your privacy and how Corixa handles your information with a local-first approach.
Our Privacy Commitment
Corixa was created for users who value privacy and control over their digital content. We adhere to three core principles:
What Corixa Does NOT Do
To be absolutely clear, Corixa does not:
- Store your content on our servers - Everything stays on your Mac
- Sell your data - We have no data marketplace, no third-party sharing
- Track your browsing - Browser extensions only activate when you choose to save content
- Log your content - AI processing happens through proxy without content storage
- Require an account - No registration, no user profiles, no authentication (except for optional YouTube sync)
- Use invasive analytics - No behavior tracking, no usage profiling
How Corixa Works
Local Data Storage
All your Corixa content is stored locally on your Mac using Apple's secure SwiftData framework:
- Saved Items: Web pages, videos, documents stored in local database
- Categories: Your organizational structure stored locally
- Thumbnails & Images: Cached locally for offline access
- AI Summaries: Generated summaries stored locally in database
- Settings & Preferences: Stored in macOS UserDefaults
- Backups: Optional local backups you control
Data location: ~/Library/Application Support/io.halldor.Corixa/
Browser Extensions
Corixa provides browser extensions for Safari and Chrome:
- Safari Extension: Included with the app, communicates via App Groups (local only)
- Chrome Extension: Available on Chrome Web Store, communicates via native messaging (local only)
- Extensions only access page content when you explicitly click to save
- No background tracking or data collection
- Page metadata (title, URL, description) extracted locally
- Content sent directly to your Mac app, never to external servers
YouTube Integration
When you choose to sync YouTube playlists and subscriptions:
- You authenticate via OAuth directly with Google/YouTube
- OAuth tokens stored securely in macOS Keychain
- Corixa requests read-only access to your YouTube data
- API calls made directly from your Mac to YouTube servers
- Video metadata stored locally in your Corixa database
- You can disconnect and delete all YouTube data at any time
What we access: Playlist names, video titles, thumbnails, descriptions, channel information
What we don't access: Your YouTube watch history, recommendations, or private viewing data beyond what you explicitly sync
AI-Powered Features
Corixa offers optional AI-powered content summaries and transcripts:
How AI Processing Works
- Secure Proxy: All AI requests routed through our proxy server at corixa.io
- No Content Logging: Proxy server does not log or store your content
- Temporary Processing: Content sent to AI providers (Anthropic Claude, Google Gemini) for processing only
- HMAC Authentication: Requests authenticated but not associated with your identity
- Immediate Return: Summaries returned to your Mac and stored locally
- Optional Feature: You can disable AI features entirely in settings
Third-Party AI Providers: When you use AI features, content is processed by:
- Anthropic (Claude): For high-quality content summaries (Privacy Policy)
- Google (Gemini): For free-tier AI processing (Privacy Policy)
Both providers process content temporarily and do not use your data for model training when accessed via API.
Backup & Restore
Corixa's backup system:
- Creates encrypted backup files (.clearday-backup) on your Mac
- You choose where backups are saved (local folder, external drive, etc.)
- Backups are fully portable and can be imported on any Mac running Corixa
- No cloud backup service - you control all backup destinations
- Automatic backup reminders available (weekly/biweekly/monthly)
What Information We Collect
Information You Provide
- Content You Save: URLs, page content, notes, categories (stored locally)
- YouTube Authentication: OAuth tokens (stored in Keychain, never transmitted to us)
Automatically Collected Information
- Crash Reports (Optional): If you opt-in, anonymous crash reports via Sentry
- Feature Usage (Minimal): Basic feature enable/disable state for UI optimization
Information We Do NOT Collect
- Your personal identity or contact information
- Your browsing history beyond what you explicitly save
- The content of your saved items (stored locally only)
- Your YouTube viewing habits or recommendations
- Location data
- Device identifiers or fingerprinting
Data Sharing and Third Parties
We do not sell, rent, or share your personal data with third parties. The only external connections are:
- YouTube API: When you choose to sync (OAuth authentication, read-only access)
- AI Providers: When you use AI features (content sent for processing, not storage)
- Proxy Server: Our own server for secure API routing (no content logging)
- Chrome Web Store: If you install the Chrome extension (standard browser extension installation)
Your Rights and Control
You have complete control over your data:
- Access: All your data is in
~/Library/Application Support/io.halldor.Corixa/ - Export: Export all data as JSON via File → Export
- Delete: Delete individual items, categories, or the entire database
- Disable Features: Turn off AI features, YouTube sync, or any optional functionality
- Backup Control: Choose backup location and frequency
- Uninstall: Completely remove app and data by deleting the app and Application Support folder
Security
We take security seriously:
- All local data protected by macOS file system permissions
- OAuth tokens stored in macOS Keychain (Apple's secure storage)
- Proxy server uses HMAC authentication
- HTTPS for all external communications
- No hardcoded API keys in the application
- Regular security updates via App Store or direct download
Children's Privacy
Corixa does not knowingly collect personal information from children under 13. The app is designed for general productivity use and does not target children.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated through the app or our website.
California Privacy Rights
California residents: Under CCPA, you have the right to know what personal information we collect, request deletion, and opt-out of any data "sales" (we don't sell data). Since Corixa stores all data locally and collects minimal information, most CCPA provisions don't apply, but we respect all privacy rights.
European Privacy Rights (GDPR)
EU residents: Corixa's local-first architecture means minimal personal data processing. For optional features (YouTube sync, AI processing), you have rights to access, rectification, erasure, and data portability. Contact us to exercise these rights.
Questions or Concerns?
If you have questions about this privacy policy or how Corixa handles your data, contact us:
Email: privacy@corixa.io
Website: https://corixa.io
Support: Corixa App Support