Privacy Policy

Last updated: 2026-06-03

This policy explains what data Expansions handles across the website, the Expansions service, and the Content Hub Navigator (our Chrome extension and embeddable widget). We keep data collection to the minimum needed to run the product, and we do not sell personal data.

1. This website

expansions.dev is a static marketing site. Standard server logs (such as IP address and request metadata) may be processed to deliver and secure the site. Links from our Chrome extension and widget may carry UTM parameters so we can see, in aggregate, which product surface sent a visit. We do not sell data or use advertising trackers.

Analytics & cookies. We use a third-party web analytics service to understand aggregate site traffic. It may set cookies and process data such as your IP address and pages viewed. You can opt out using your browser's settings or a tracking-prevention/ad-blocking extension.

2. The Expansions service

The Expansions service provides Content Hub connectivity, the developer toolset, per-user memory, and usage tracking to authenticated customers. When you use it we process:

  • Your API key — used to authenticate each request and to attribute usage. Keys are stored in hashed/identifier form, not as plaintext, and are never returned or logged in full.
  • Usage records — which tools you call and the credits consumed, so we can meter and bill the service.
  • Per-user memory — preferences and facts you ask the assistant to remember. Each user's memory is isolated and keyed to their API key; memory is never mixed between users.
  • Content Hub connection details — the access credentials you provide for your own Content Hub, used per request so the service can act on your behalf and not retained beyond what is needed to operate.
  • Task content — the code, documents, and instructions you pass to a tool while it runs. This is processed to perform the task you requested.

We use this data only to operate, secure, meter, and support the service. We do not sell it or use it for advertising.

3. The Content Hub Navigator

The Navigator ships two ways, with the same privacy posture: it runs in your browser and does not send your data to Expansions or any third party.

  • Chrome extension — see the dedicated extension privacy policy.
  • Embeddable widget — the widget runs entirely inside your Content Hub page. It reads the current page location and calls your own tenant's API (for example status, your user profile, and the entity you're viewing) using your existing Content Hub session, solely to render context-aware navigation. Your starred favourites are stored locally in your browser. The widget does not transmit this data to Expansions.

4. Sub-processors

We use a small number of reputable third-party providers for infrastructure such as hosting, data storage, content delivery, and analytics — and, where you use the relevant features, for source-control and AI processing. They act as our processors and handle data only as needed to provide the service.

Your Sitecore Content Hub tenant is operated by you or your organization; Expansions accesses it only with the credentials you provide.

5. Data retention

We keep account, usage, and memory data for as long as your account is active or as needed to provide the service and meet legal and accounting obligations. You can ask us to delete your account data; some records may be retained where required by law.

6. Security

Connections use TLS in transit. API keys are validated on every request and stored in non-plaintext form. Access to production data is limited to what is needed to operate the service.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data. To exercise them, or for any privacy question, contact [email protected].

8. Changes

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above.