Privacy Policy
Effective date: February 23, 2026 · Last updated: February 23, 2026
1. Introduction
ContextorAI ("we", "us", "our") is operated by ContextorAI, San Francisco, California, USA.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. By using ContextorAI ("the App" or "Service"), you agree to this Privacy Policy.
2. Key Principles
- We do not sell your data. Ever.
- We do not use your content to train AI models.
- Locked notes are zero-knowledge. We have no technical ability to read them.
- You can export or delete all your data at any time.
3. What We Collect
3.1 Account data
When you create an account, we collect:
- Email address
- Name (as provided by Apple or Google Sign-In)
- Profile photo (optional, from Apple or Google)
- Account creation date
We do not store your password. Authentication is handled by Apple or Google.
3.2 Subscription and billing data
- Subscription plan and status
- Purchase history (plan, amount, date)
- Platform (App Store, Google Play, or Stripe)
We do not store full payment card details. Card data is processed by Apple, Google, or Stripe.
3.3 Usage data
- Features used and how often
- App performance and crash reports
- Error logs
- Device type and operating system version
- App version
We do not collect your location.
3.4 Your Content
Cloud notes: Text, attachments, and metadata (title, tags, timestamps) are stored on our servers. We encrypt this data with a key we control, which allows us to run AI processing on your behalf.
Locked notes: Content is end-to-end encrypted with your Master Key before leaving your device. We store only encrypted blobs — we cannot read, access, or process the content.
Imported content: Files, images, audio, and other content you import or upload are stored and processed the same way as notes, depending on whether they are Cloud or Locked.
3.5 AI interactions
When you use Cloud AI chat, your query and relevant excerpts from your Cloud notes are sent to our AI providers (Google and OpenAI) to generate a response. We log queries for debugging and quality purposes. Logs are retained for 90 days.
When you use Local AI, everything stays on your device. We collect no data about local AI interactions.
3.6 Communications
If you contact us by email or through support channels, we retain that correspondence.
4. How We Use Your Data
| Purpose | Data used | Lawful basis |
|---|---|---|
| Provide the Service | Account data, Your Content | Contract |
| Sync across devices | Your Content | Contract |
| Run AI processing | Cloud note content | Contract |
| Billing and subscriptions | Billing data | Contract |
| Improve the Service | Usage data, crash reports | Legitimate interest |
| Security and fraud prevention | Usage data, account data | Legitimate interest |
| Legal compliance | As required | Legal obligation |
| Product communications | Consent (opt-in) |
We do not use Your Content to train AI models. We do not use Your Content for advertising.
5. AI Providers
When you use Cloud AI features, your data is processed by:
| Provider | What is shared | Their privacy policy |
|---|---|---|
| Google (Gemini) | Query + relevant Cloud note excerpts | policies.google.com/privacy |
| OpenAI (Pro tier) | Query + relevant Cloud note excerpts | openai.com/policies/privacy-policy |
Both providers are bound by data processing agreements. They do not use your data to train their models under our agreements.
Locked note content is never shared with AI providers.
6. Data Storage and Security
6.1 Where your data is stored
Your data is stored on servers located in the United States (AWS infrastructure). EU and UK users: see Section 11 on data transfers.
6.2 How we protect your data
- All data in transit: encrypted with TLS 1.2 or higher
- Cloud notes at rest: AES-256 encryption with per-account keys
- Locked notes: AES-256-GCM end-to-end encryption — we hold no key
- Local database: SQLCipher encryption on your device
- Passwords and keys: stored in OS Keychain (Secure Enclave on Apple devices)
6.3 What happens if we are breached
In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law (within 72 hours under GDPR).
7. Data Retention
| Data | Retention period |
|---|---|
| Account data | Until account deletion + 30 days |
| Cloud notes and attachments | Until deleted by you + Trash period (7/30/90 days by tier) |
| Locked notes (encrypted blobs) | Until deleted by you + Trash period |
| Billing records | 7 years (legal requirement) |
| AI query logs | 90 days |
| Crash and error logs | 90 days |
| Support correspondence | 3 years |
When you close your account, all personal data is deleted within 30 days, except billing records retained for legal compliance.
8. Sharing Your Data
We do not sell or share your personal data with third parties for their own purposes.
We share data only with:
Service providers who help us operate the Service under data processing agreements:
- AWS (cloud infrastructure)
- Google (AI processing, authentication)
- OpenAI (AI processing, Pro tier)
- Apple / Google / Stripe (billing)
- Analytics provider (crash reporting, anonymized usage)
Legal authorities if required by law, court order, or to protect the rights and safety of users or the public. We will notify you when legally permitted to do so.
Successor entities in the event of a merger, acquisition, or sale of assets. Your data would transfer subject to the same privacy protections. We will notify you before your data is transferred to a new entity under different privacy terms.
9. Your Rights
9.1 All users
- Export: Download all your notes and attachments from Settings at any time
- Delete: Delete individual notes, attachments, or your entire account
- Correct: Update your account information in Settings
- Opt out: Unsubscribe from product emails at any time
9.2 EU and UK users (GDPR)
You have the right to:
- Access a copy of your personal data
- Rectify inaccurate personal data
- Erase your personal data ("right to be forgotten")
- Restrict processing
- Port your data to another service (in machine-readable format)
- Object to processing based on legitimate interests
- Withdraw consent for consent-based processing (e.g., marketing emails)
To exercise these rights, contact privacy@contextorai.com. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.
9.3 California residents (CCPA/CPRA)
You have the right to:
- Know what personal information we collect and how it is used
- Delete your personal information
- Correct inaccurate personal information
- Opt out of sale or sharing of personal information (we do not sell or share)
- Limit use of sensitive personal information
- Non-discrimination for exercising your rights
To submit a request, contact privacy@contextorai.com or visit contextorai.com/privacy-request. We respond within 45 days.
10. Cookies and Tracking
The mobile and desktop apps do not use cookies.
The website (contextorai.com) uses:
- Essential cookies: required for the site to function (authentication, session)
- Analytics cookies: anonymized usage analytics (opt-out available)
We do not use advertising or tracking cookies. We do not participate in cross-site tracking.
11. International Data Transfers
We are based in the United States. If you use the Service from outside the US, your data is transferred to and processed in the US.
For users in the EU and UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize transfers. A copy of the applicable SCCs is available upon request at privacy@contextorai.com.
12. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact privacy@contextorai.com and we will delete the account and associated data promptly.
13. Third-Party Links and Services
The App may contain links to third-party websites or services. This Privacy Policy does not apply to those services. We are not responsible for the privacy practices of third parties.
14. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email or in-app notification at least 14 days before the changes take effect. The updated policy will be available at contextorai.com/privacy.
15. Contact
For privacy questions, data requests, or to exercise your rights:
ContextorAI
San Francisco, California, USA
privacy@contextorai.com
For GDPR inquiries (EU/UK users): privacy@contextorai.com
Response time: within 30 days