Privacy Policy

Last updated: March 12, 2026

1. Introduction

ContextOS ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

We collect the following types of information:

Account information: Email address, full name, and hashed password when you register.
Integration data: Code commits, pull requests, and issues from GitHub; pages and databases from Notion; messages and threads from Slack; file contents and diagnostics from VS Code — only when you explicitly connect these services.
Usage data: Query counts, feature usage, API call frequency, and error logs for service improvement.
Billing data: Subscription plan, payment history, and Razorpay customer ID. We do not store credit card numbers — all payment processing is handled by Razorpay.

3. How We Use Your Information

To provide and maintain the Service, including AI-powered answers
To process your queries by retrieving relevant context from connected integrations
To manage your account, subscriptions, and billing
To send important service notifications (security alerts, billing updates)
To improve the Service through aggregated, anonymized usage analytics
To enforce our Terms and Conditions and prevent abuse

4. Data Security

We take data security seriously and implement industry-standard protections:

All OAuth tokens are encrypted at rest using AES-256-GCM
API keys are stored as SHA-256 hashes — we never store them in plain text
Passwords are hashed with bcrypt (cost factor 12)
All data in transit is encrypted using TLS 1.2+
Database access is restricted and logged
Webhook signatures are verified before processing any external data

5. Data Storage and Retention

Your data is stored on secure servers. Context chunks derived from your integrations are stored in our vector database for retrieval purposes. You may disconnect any integration at any time, which will stop future data syncing. You may request deletion of all your data by contacting us. Upon account deletion, we will remove your data within 30 days unless legally required to retain it.

6. Third-Party Services

We integrate with the following third-party services:

GitHub, Notion, Slack: For fetching your project context via OAuth. Data access is limited to the scopes you authorize.
Razorpay: For payment processing. Razorpay handles all credit card data under their own PCI-DSS compliant infrastructure.
OpenAI: For generating AI responses. Query context is sent to OpenAI's API for processing. OpenAI's data usage policies apply.

7. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We only share data with third-party services as described above and as strictly necessary to provide the Service. We may disclose information if required by law or to protect our legal rights.

8. Your Rights

You have the right to:

Access your personal data stored by us
Request correction of inaccurate data
Request deletion of your account and all associated data
Disconnect any third-party integration at any time
Export your data in a standard format
Withdraw consent for data processing (which may limit Service functionality)

9. Cookies

We use essential cookies and local storage for authentication (JWT tokens stored in memory). We do not use tracking cookies or third-party analytics cookies. No advertising cookies are used.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

For privacy-related inquiries or data requests, contact us at privacy@contextos.dev.