← purroxy.com

Privacy Policy

Effective date: April 15, 2026

What Purroxy is

Purroxy is a desktop application by Kuvop LLC that records browser automations and replays them on your behalf via Claude Desktop. It consists of an Electron desktop app that runs on your computer and a backend API that handles accounts and subscriptions.

Data stored on your machine

The following data is stored locally on your computer and never sent to any server:

• Session cookies — encrypted using your operating system's keychain (safeStorage API). Used to authenticate with websites during capability replay. Purroxy never stores your passwords.
• Vault entries — sensitive values (credit card numbers, account IDs, etc.) encrypted with your OS keychain. Injected directly into browser form fields at runtime. Never sent to Claude, Anthropic, or Kuvop LLC.
• Capabilities — recorded browser actions, parameters, and extraction rules. Stored in local application data.
• Site profiles — hostname, favicon URL, and encrypted session data for each website you use with Purroxy.
• App lock PIN — stored as a hash locally. No recovery mechanism exists.
• Anthropic API key — stored locally, used only for the AI guide feature within the app.

Data collected by our server

When you create a Purroxy account, the following data is stored on our backend (hosted on Cloudflare Workers with a D1 database):

• Email address — used for account identification, email verification, and password resets.
• Password hash — your password is hashed with bcrypt before storage. We never store or have access to your plaintext password.
• Subscription status — plan type (trial, monthly, contributor) and Stripe customer ID for billing.
• Community submissions — if you publish a capability to the community library, the capability name, description, hostname, and automation steps are stored on the server and submitted as a GitHub pull request for review.

We do not collect:

• Analytics or telemetry from the desktop app
• Website URLs you visit
• Capability recordings or their content
• Session cookies or vault entries
• Page content from websites you automate
• Your Anthropic API key

How Purroxy protects your data at runtime

When Claude executes a capability through Purroxy:

• Session cookies are decrypted only at execution time, used to launch a local headless browser, then discarded from memory.
• Vault values are injected directly into browser form fields — they are never included in any API call to Claude or Anthropic.
• Page content is extracted locally. Vault values are scrubbed from results before anything is returned to Claude via MCP.
• The MCP server communicates with the desktop app over 127.0.0.1 (localhost only). No external network access.

Third-party services

• Anthropic (Claude) — the AI guide feature calls the Claude API using your own API key. Claude Desktop communicates with Purroxy via MCP. Page content returned through MCP may be sent to Anthropic as part of your conversation, subject to Anthropic's Privacy Policy.
• Stripe — payment processing for subscriptions. We share your email with Stripe to create a billing account. Stripe's handling of payment data is governed by Stripe's Privacy Policy. We never see or store your credit card number.
• Cloudflare — our backend API runs on Cloudflare Workers. Account data is stored in Cloudflare D1. Governed by Cloudflare's Privacy Policy.
• GitHub — community capability submissions are created as GitHub pull requests for review. Your email address is not included in the PR.
• Resend — used to send verification and password reset emails. Your email address is shared with Resend for this purpose only.

Website analytics

The Purroxy desktop application does not collect any analytics or telemetry. Our landing pages at purroxy.com use Cloudflare Web Analytics to track anonymous visitor counts. Cloudflare Web Analytics is privacy-focused — it does not use cookies, does not track individual users, and does not collect personal information. No analytics of any kind are collected inside the app.

Data deletion

To remove locally stored data:

• macOS: Delete ~/Library/Application Support/purroxy
• Windows: Delete %APPDATA%/purroxy
• Linux: Delete ~/.config/purroxy

To delete your server-side account, contact mreider@gmail.com. We will delete your account, subscription records, and any community submissions.

Open source

Purroxy is open source under the Apache 2.0 license. You can audit the code at github.com/KuvopLLC/purroxy2.

Changes to this policy

If this policy changes, the updated version will be posted at this URL. Significant changes will be noted in the app's release notes.

Contact

Questions or concerns: mreider@gmail.com

Issues: github.com/KuvopLLC/purroxy2/issues