Privacy
Privacy Policy
The short version: Carry has no server, no account, and no analytics. Your conversations never leave your machine. This page explains exactly how, and why that is true by construction rather than by promise.
- 0servers
- 0accounts
- 0trackers
- 0bytes uploaded
The one-sentence policy
Carry does not collect, transmit, sell, or share any of your data. There is no Carry server for it to send anything to.
Carry is a Chrome (and Chromium browser) extension that captures your ChatGPT, Claude, and Grok conversations and writes them into a local folder you choose — a plain folder or your Obsidian vault — as Markdown files. It runs entirely on your own device.
Where your data goes
One sync, traced end to end. Every hop happens inside your browser, on your machine — and there is no fourth stop.
Their server
The provider
chatgpt.com · claude.ai · grok.com — read through the session you're already logged into. No password, no API key.
Your browser
Carry
Held in memory for one sync — long enough to write the file, then discarded. Never stored, never logged.
Your disk
Your folder
Plain Markdown files, in a folder you own. The only place your data lands.
postgres-query-plan.md✓
What Carry touches, and where it goes
Four kinds of data, four one-glance answers. Expand each for the full detail.
Your conversationsmemory → your disk
When you press Sync, Carry reads your conversations from each provider you have connected, using the session you are already logged into in that same browser. The content is held in memory only long enough to write it to your folder, then it is discarded. It is written to your disk and nowhere else — it is never uploaded, relayed, cached, or logged off your device.
Written to: your folder onlyUploaded: neverRetained by Carry: no
Your settings & sync statechrome.storage.local
Carry stores a small amount of local configuration — which providers you
connected, your captures-per-sync preference, and per-conversation sync
bookkeeping so it never writes duplicates. This lives in
chrome.storage.local, which stays on your machine. Carry
deliberately never uses chrome.storage.sync, which would replicate
data to your browser vendor's servers.
Lives in: chrome.storage.localReplicated to any server: never
Your folder handleheld by your browser
The permission to write to the folder you picked is granted by you through the browser's File System Access API and held by the browser. Carry uses it only to write capture files into that folder.
Granted by: you, via the browserUsed for: writing captures only
Your credentialsnever seen by Carry
Carry never asks for, sees, or stores any passwords or API keys. It relies on the login cookies your browser already holds for each provider; those cookies attach automatically to Carry's requests to that provider's own origin and are never read, copied, or sent anywhere by Carry.
Passwords & API keys asked for: noneCookies read or copied: never
Every permission, explained
Carry requests the smallest possible permission set, and it requests access to a provider's site only when you click Connect for that provider — not at install. Connect only Claude and Carry can only ever touch claude.ai.
“Carry” wants additional permissions
- Read and change your data on
chatgpt.com - Read and change your data on
claude.ai - Read and change your data on
grok.com - Nothing — until you connect a provider, Carry cannot read any site.
Each line appears only when you connect that provider, and it is scoped to that provider's origin and nothing broader.
Per-provider site accessrequested at connect time
Lets Carry read your conversations from a provider you chose to connect (Chrome words it as “read and change your data on claude.ai”), scoped to that provider's origin and nothing broader.
storagelocal-only settings
Holds the local-only settings and sync state described above, inchrome.storage.local.
scriptingGrok's tab-bound capture only
Used only for the tab-bound capture path a provider requires when it blocks background requests (Grok). It runs the capture in that provider's own tab; it does not inject anything into unrelated sites.
Carry requests nocookiestabshistoryaccess.<all_urls>
What Carry does not do
- No account, sign-up, or login to Carry itself.
- No Carry server or backend — there is nothing to receive your data.
- No analytics, telemetry, tracking, cookies, or fingerprinting.
- No advertising, and no sale or sharing of data with third parties.
- No use of your data for any purpose unrelated to writing your captures to your own folder. It is never used for creditworthiness or lending, and never transferred except as part of the file you asked Carry to save on your own disk.
Don't take our word for it
A policy is a promise; architecture is a fact. Every claim on this page is checkable in a few minutes.
- 1
Inspect its site access
Open
chrome://extensions→ Carry → Details. Under “Site access” you'll see only the providers you connected — nothing else. - 2
Watch the network
Open DevTools on the extension while you sync. Every request goes to a provider's own origin. There is no Carry endpoint to find.
The fine print
This website
This site (carry.md) is a static marketing and documentation site. It sets no tracking cookies and runs no third-party analytics. Standard, non-identifying web server request logs may be kept by whichever static host serves the site, purely to operate and secure it.
Children
Carry is not directed to children and does not knowingly collect data from anyone.
Changes to this policy
If Carry's behavior changes in a way that affects this policy — for example, an optional automatic-capture feature — this page will be updated and the “last updated” date above will change. Any such change will preserve the core promise: your data stays on your device.