At Cont3xt.dev ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our web application, MCP server, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
1. Information We Collect
1.1 Information You Provide to Us
We collect information that you voluntarily provide when using our Service:
- Account Information: Email address, name, password (encrypted), team name, and organization details
- Profile Information: Display name, job title, and avatar (if provided)
- Content Data: Rules, architectural decision records (ADRs), prompts, code patterns, and other knowledge base content you create or upload
- Integration Data: GitHub account information, repository access permissions, API keys (encrypted), and third-party service credentials
- Communication Data: Messages, support tickets, feedback, and any other communications with us
- Payment Information: Billing details, payment method information (processed by our payment processor, Stripe), and transaction history
1.2 Information We Collect Automatically
When you access our Service, we automatically collect certain information:
- Usage Data: Search queries, MCP requests, features used, time spent on pages, and interaction patterns
- Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
- Analytics Data: Page views, session duration, referring URLs, and navigation paths through our Service
- Performance Data: API response times, error rates, and service performance metrics
- Log Data: Server logs, including timestamps, request/response data, and error messages
1.3 Information from Third-Party Services
When you integrate third-party services with Cont3xt.dev, we may receive:
- GitHub: Repository information, pull request data, code review comments, commit history, and collaborator information
- Authentication Providers: Profile information from OAuth providers (Google, GitHub, Microsoft)
- Development Tools: Context requests from MCP-compatible AI coding assistants (Cursor, Claude Code, VS Code, JetBrains IDEs)
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Service Delivery
- Provide, maintain, and improve the Service
- Process and fulfill your requests for features and functionality
- Deliver context-relevant rules, ADRs, and prompts to your AI coding assistants
- Enable team collaboration and knowledge sharing
- Synchronize data across your devices and team members
2.2 Service Enhancement
- Analyze usage patterns to improve Service features and user experience
- Develop new features and functionality
- Train and improve our relevance algorithms and context filtering
- Optimize search quality and response times
- Identify and resolve technical issues and bugs
2.3 Communication
- Send you service-related announcements, updates, and security alerts
- Respond to your inquiries, requests, and provide customer support
- Send you marketing communications (with your consent, where required)
- Notify you about changes to our Service or policies
2.4 Security and Compliance
- Detect, prevent, and address fraud, security threats, and illegal activities
- Enforce our Terms of Service and other policies
- Comply with legal obligations and respond to legal requests
- Protect our rights, property, and the safety of our users
2.5 Analytics and Business Operations
- Generate aggregated, anonymized statistics about Service usage
- Conduct research and development
- Process payments and manage billing
- Monitor Service performance and uptime
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 With Your Consent
We share information with third parties when you explicitly consent to such sharing.
3.2 Team Members
If you are part of a team plan, your content (rules, ADRs, prompts) may be visible to other team members based on your team's access permissions and sharing settings.
3.3 Service Providers
We share information with trusted third-party service providers who assist us in operating our Service:
- Cloud Infrastructure: Hosting providers (AWS, Google Cloud, or similar) for data storage and processing
- Payment Processing: Stripe for payment processing (they handle credit card information directly)
- Analytics: Plausible Analytics and ContentSquare for privacy-friendly usage analytics
- Communication: Email service providers for transactional and marketing emails
- Customer Support: Help desk and ticketing systems
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.4 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders, search warrants)
- Government or regulatory requests
- Situations involving potential threats to public safety or security
- Protection of our rights, property, or the safety of others
3.5 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.
3.6 Aggregated or Anonymized Data
We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you for research, marketing, or other business purposes.
4. Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
- Account Data: Retained while your account is active and for up to 90 days after account deletion (for backup and recovery purposes)
- Content Data: Retained according to your subscription plan's data retention period (30, 90, 180 days, or unlimited for Enterprise)
- Usage Data: Retained for up to 24 months for analytics and Service improvement
- Legal and Compliance Data: Retained as required by applicable law
- Billing Records: Retained for 7 years for tax and accounting purposes
You can request deletion of your data at any time by contacting us at privacy@cont3xt.dev. Note that we may retain certain information as required by law or for legitimate business purposes.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: Data in transit is encrypted using TLS 1.3; sensitive data at rest is encrypted using AES-256
- Access Controls: Role-based access controls and principle of least privilege
- Authentication: Secure password hashing using bcrypt with cost factor 12; support for two-factor authentication
- Infrastructure Security: Regular security audits, penetration testing, and vulnerability scanning
- Monitoring: 24/7 security monitoring and incident response procedures
- Employee Access: Strict internal policies limiting employee access to user data
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Rights and Choices
6.1 Account Information
You can access, update, or delete your account information at any time through your account settings.
6.2 Data Access and Portability
You have the right to request a copy of your personal data in a structured, commonly used format. Contact us at privacy@cont3xt.dev to request your data.
6.3 Data Deletion
You can delete your account and associated data at any time through your account settings or by contacting us. Note that some information may be retained for legal or legitimate business purposes.
6.4 Marketing Communications
You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your communication preferences in your account settings. Note that you cannot opt out of service-related communications.
6.5 Cookies and Tracking
Most web browsers allow you to control cookies through their settings. Note that disabling cookies may affect your ability to use certain features of our Service.
6.6 Do Not Track
We use privacy-friendly analytics (Plausible) that respect Do Not Track signals. Our analytics do not track users across websites or use persistent identifiers.
6.7 Regional Rights
Depending on your location, you may have additional rights:
- European Economic Area (GDPR): Right to access, rectification, erasure, restriction of processing, data portability, and objection to processing
- California (CCPA/CPRA): Right to know, delete, opt-out of sale (we do not sell data), and non-discrimination
- Other Jurisdictions: Rights under applicable local data protection laws
To exercise these rights, contact us at privacy@cont3xt.dev.
7. Children's Privacy
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.
8. International Data Transfers
Your information may be transferred to, stored, and processed in countries other than your own. These countries may have data protection laws that differ from those in your jurisdiction.
When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally approved transfer mechanisms
9. Third-Party Links and Services
Our Service may contain links to third-party websites or integrate with third-party services (GitHub, Slack, etc.). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you interact with.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this Privacy Policy
- Notify you via email or through a prominent notice on our Service
- Obtain your consent if required by applicable law
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@cont3xt.dev
Address: [Your Company Address]
Data Protection Officer: dpo@cont3xt.dev
We will respond to your inquiry within 30 days (or as required by applicable law).
12. Specific Provisions for MCP Server Usage
When you use our MCP (Model Context Protocol) server integration with AI coding assistants:
- Context requests are logged for analytics and Service improvement
- File paths and query terms are stored temporarily to optimize relevance
- API keys are encrypted and never exposed to third-party AI services
- Your code is never sent to our servers; only metadata and context queries are transmitted
- MCP request data is retained according to your plan's retention period
13. Data Processing Addendum
For Enterprise customers, we offer a Data Processing Addendum (DPA) that provides additional contractual commitments regarding data processing, security, and compliance. Contact sales@cont3xt.dev for more information.